Splunk Search

Discussions

Thread Info

extracted field propagation across related events

Hey all, I have a event log that i have to generate reports off of for the BI team where i work. the problem i keep r...

by Path Finder in

How to use join command to keep events from subsearch that do not match with parent search?

My understanding of the documentation (and my experiments) is that the inner keeps only events that match both search...

by Splunk Employee in

Data Model Regex - Matching on Angle Bracket (<)

I amy trying to use an angle bracket (< or >) as part of the raw text criteria for a regex in a data model using 6.0....

by Splunk Employee in

Python example fails

I know this is probably because I am not a Python expert and I have done something wrong, but when I try to run your ...

by Explorer in

Regex Help

I am struggling with the regex match on the below pattern. I need to capture etl_fdaf_33424134 . Pretty much after th...

by Motivator in

How to combine search results with multiple fields and compare the results against a table.

I am trying to combine the search results from 3 separate sources logs and then compare the results against it agains...

by Explorer in

Counting Number of Events Matching Search in a Transaction

I have a number of events, correlated in a transaction by a field called distinct_id. The typical transaction setup i...

by New Member in

If-statement does not work

Hi, my search looks like this: ... | eval month=strftime(_time, "%Y_%m") | chart dc(user_id) as count by user_i...

by Motivator in

Python Script Not working via search command

Hi, I have written a python script which runs perfectly when opened directly, but when i run it via search |script...

by Builder in

Combine two tables into one wrt two common parameter(where blank values should be filled with zero "0")

Hi , I have two input csv's which are displayed in splunk as shown in below image: I want to search in second ...

by Builder in

Append search term based on condition

How can I append a search term based on a condition? For example - if fieldA > 1 I want to append | search ...

by Influencer in

chart with missing values

Hi, i am charting errors and i see that for some of the days there is no data and i want to fill that date with 0....

by Contributor in

chart by source and hostname

Hello Splunkers, I am trying to correlate hostnames to multiple sources (4 .csv host files) to see if I can find wher...

by Contributor in

DB Connect : SQL query column output ALIAS names are not indexing as fields

Hi, Background: I am trying to index SQL source where i have to give alias to table column names. My query: ...

by Explorer in

Search Help

I am stuck on creating a search. I need to sort my results by Agency and I need to list a count of all events as well...

by Path Finder in

Sort year month string in timechart legend

Hi, I am trying to sort the legend in my timechart chronologically but can't seem to make it work. This is my s...

by Path Finder in

How to format timechart or stats visualization of failed login account names by time?

Looking for the best way to format a timechart or stats visualization of failed login account names by time. Right no...

by Path Finder in

Use result of eval to search in the same query

Hi, Is this command not valid. index=batch | eval newField = lower(strftime(strptime("2014-oct" + "01","%Y-%b%...

by Path Finder in

Using rest with eval

Hello, is there a possibility to use the |rest command with an eval like: anysearch |eval test = [rest /service...

by Communicator in

Is there a way to use search time duration in search itself?

I have a search that use transaction command and calculate duration of a transaction , I want to perform calculation ...

by Explorer in

Search to compare fields where field1 has both entries in field2?

I wish to run a query where I need to see if field1 has both entries in field2. Ex: I need to query the results like ...

by Explorer in

field extract OR substr ?

Field name is FLOW. FLOW field value is 123 OR 123456 OR 123456789 OR ... FLOW=123 ===> FLOW=null FLOW=123456 ===>...

by Communicator in

How to sort listed data?

I extracted some data from my set with this "stats count by failure_reason, dst | stats list(dst) as Target list(coun...

by Explorer in

increase the size of a chart

I'm using a bar chart (stacked) with a search query of sourcetype="log4j" | timechart count by log4j_ERROR_with_3_wor...

by Path Finder in

How to use key names in legend values?

I have the following search: host=* sourcetype=cpu | multikv fields, pctUser, pctNice, pctSystem, pctIowait, pctI...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extracted field propagation across related events

How to use join command to keep events from subsearch that do not match with parent search?

Data Model Regex - Matching on Angle Bracket (<)

Python example fails

Regex Help

How to combine search results with multiple fields and compare the results against a table.

Counting Number of Events Matching Search in a Transaction

If-statement does not work

Python Script Not working via search command

Combine two tables into one wrt two common parameter(where blank values should be filled with zero "0")

Append search term based on condition

chart with missing values

chart by source and hostname

DB Connect : SQL query column output ALIAS names are not indexing as fields

Search Help

Sort year month string in timechart legend

How to format timechart or stats visualization of failed login account names by time?

Use result of eval to search in the same query

Using rest with eval

Is there a way to use search time duration in search itself?

Search to compare fields where field1 has both entries in field2?

field extract OR substr ?

How to sort listed data?

increase the size of a chart

How to use key names in legend values?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...