Splunk Search

Discussions

Thread Info

Evaling a value based on the position of the event in stats ?

I create a statistics table, which is sorted, and I use head 10 at the end, to display my results. What I want to do ...

by Communicator in

append command- more efficient query

Hi, could you help me to write more efficient query? My is really time consuming. Example. --First part cac...

by Path Finder in

Extract Data From Event

Hi, I wonder whether someone can help me please. I have multiple events which include the following piece of infor...

by Motivator in

Searching on results of EVAL command

Hello We are building a search to take a MAC address, evaluate all the potential formats that MAC address may be and ...

by Explorer in

Sub-searches using savedsearch returns results, but columns are labeled "NULL"

Using savedsearch and timechart, I'm getting NULL where I'd expect the values of "myfield" Base search (@m to -1h@...

by Explorer in

Put multiple timecharts into one

I have three timecharts which I want to sum together. index="commercial_performance" Cat1="Entitlement *" | timech...

by Explorer in

Error Viewing Database Information

I am testing DB Connect for the first time and receiving an error when I try to use Database Info (/en-US/app/dbx/dbi...

by Engager in

How to use timechart with stats and eval command

Hi, My query is below - index=abc sourcetype=xyz Unable to connect to the remote server | Stats count(eval("Una...

by Communicator in

Acceleration or Summary Index for hourly/daily/weekly/monthly charts

The setup is like this... index=myindex myfield=*FOO* | timechart span=1h count by myfield Where myfield's val...

by Explorer in

How to append two fields extracted from different events having same ID field without using join?

Hi All, I have three fields error, Bandwidth & ID. error & Bandwidth are fields for two different events while bot...

by Path Finder in

Plotting error frequency to verify a break fix?

Hello, I am new to splunk and wanted to try visualizing whether a break fix that was implemented is actually working....

by New Member in

extract multiple events into multiple fields using rex

I have events in below format from an XML source. I want to extract below values in to separate events into fields st...

by Communicator in

How to search the status of processes in each server using a lookup table?

I am trying to build a search that will display the Process status in each server. i have a lookup table called ipser...

by New Member in

CSV data is not matching with my indexed data

Hi all, Thank you

by Path Finder in

After restoring a CSV based index, why are searches using fields or wildcards not returning results?

Hi I have a big big problem. I restored a csv based index. (MS Exchange mail track log) The restored data is big, ...

by Path Finder in

From a Hunk VIX, what is the max output on a table or stats command?

I'm creating a table/stats command with a large output and the statistics seems to be capping out at 10k. Is there a ...

by Contributor in

Need help writing a search command to determine if a value is in a json array more than once

I am indexing json objects into splunk. An example of the json is: { id: "24234563", systems: [ "hos...

by Contributor in

Fields from transaction not displaying in table after extra eval

Hi, I'm using the transaction command to combine two different events into one larger event with the user_id as th...

by Builder in

How do I remove rows from a table based on empty column values?

What I'm trying to do Using the export API /servicesNS/admin/search/search/jobs/export?output_mode=json&search=search...

by Engager in

How to search which hosts are missing patches using a lookup with a list of patches that should be installed for each hostname?

Hi I have a list of events about patches installed on my hosts (about 3k) which look like Hostname1, PatchId1 ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Evaling a value based on the position of the event in stats ?

append command- more efficient query

Extract Data From Event

Searching on results of EVAL command

Sub-searches using savedsearch returns results, but columns are labeled "NULL"

Put multiple timecharts into one

Error Viewing Database Information

How to use timechart with stats and eval command

Acceleration or Summary Index for hourly/daily/weekly/monthly charts

How to append two fields extracted from different events having same ID field without using join?

Plotting error frequency to verify a break fix?

extract multiple events into multiple fields using rex

How to search the status of processes in each server using a lookup table?

CSV data is not matching with my indexed data

After restoring a CSV based index, why are searches using fields or wildcards not returning results?

From a Hunk VIX, what is the max output on a table or stats command?

Need help writing a search command to determine if a value is in a json array more than once

Fields from transaction not displaying in table after extra eval

How do I remove rows from a table based on empty column values?

How to search which hosts are missing patches using a lookup with a list of patches that should be installed for each hostname?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Issue with field extraction using Props.conf & tra...

Need to add date range to dashboard panel title s...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...