Splunk Search

Discussions

Thread Info

LookUp table show data who matches and who are not matches

I have a csv file in which two field are ShopNo and ShopId. From search i'm getting ShopNo and ShopIdinDevice so i wa...

by New Member in

Search over two sources and present combined results

Hi, I have the following two sources: Source1: | Time | IP | MAC | | 08:01 | 10.0.1.1 | MAC1 | |...

by Path Finder in

web interface

Is web interface automatically installed with Splunk enterprise? Will it appear after installing and starting splunk ...

by Explorer in

Issue with search query

I have User_Id field in my log. In the user_Id field I have value like john,sonia,ces\ts1,...... Now when i am search...

by New Member in

Regex Help!

Hi All, I have a field whose values look like value1>value2>value3!! Now i want to extract only value3 using re...

by Path Finder in

Last Value in Lookup as Variable?

How do I get the last KER out of my lookup and get it into search below as LASTKER? I have a lookup table of error...

by Builder in

splunk db connect normal user not allowed to add

Folks , we have case like as normal user from DBA not able to add his DB to external database on splunk side. as...

by Path Finder in

Calculating difference between two timestamp

Hi , There are two fields named "start_time" and "end_time" extracted from logs and displayed in the format "03/21...

by Path Finder in

How filter the entries in timechart

I want to exclude the INFO log level in one of my searches. How would i do a "not" condition in the following: sou...

by New Member in

field value *

Hi, I have a field named hello_world and a value of the field is * I am writing a search where the results will...

by Motivator in

Auto index to mutiple index when data come in

Can I have indexer smart enough to go to dedicate index base on data value Here is my data "2013-12-02 20:30:30","...

by Explorer in

Vyatta Rule Field Extraction

I am consuming logs from my Vyatta firewall and I am having trouble getting the field extractor to reliably pull the ...

by Explorer in

joinできなかった結果を含めて表示する方法はないでしょうか

先週と今週の結果を比較するサーチを実行したいと考えています。下記の例では曜日をキーにjoinして比較していますが、週の半ば（例えば水曜日）にサーチを実行すると水曜日までのグラフしか表示されません。先週分は、日曜日から土曜日までの１...

by Explorer in

Distribution of Load and Splunk Performance

As a quick check can some one suggest me if we have a 2 indexer envirornment with 2 search heads - does it make sense...

by Path Finder in

Evaluate the results of Chart over By

Below Query Provides the Result. counter="% Processor Time" | chart avg(Value) over host by counter | search "% Proce...

by Engager in

Help with maven and splunk and log4j

Hello, I know i am doing something wrong but been going nowhere on this. Basically, have a maven project in eclipse a...

by New Member in

map command to do stats stdev($field_name$) ...

Hi I am looking for a search that iterates all my fieldname start with f* and get the statistics value of each f ...

by Motivator in

three are more multiple value for mvzip

Hi , mvzip function takes two multivalue fields, I want to combine three multiple value.. Please let me if we have...

by Contributor in

Display last results

I have a list of servers that do data backups to disk on a week night basis and I've built a query to display the res...

by Path Finder in

Problems with extracting fields

Hey guys, I'm trying to use regular expressions but can't get my head around it. I'm receiving lines such as: ...

by Path Finder in

Can you pull previous values from an inputlookup using streamstats?

I have a large mixed search, part of the resulting data is being pulled from search and part from an inputlookup csv ...

by Path Finder in

Help Needed with Real Time Query for SLA violations for each API in sourcetype or alternative approaches if not possible

The use case am working on: I have one sourcetype, one index. In the event log there are several apis with respons...

by Explorer in

Realtime searches (efficiency & results)

As far as efficiency, we were told that realtime searches take "a fraction" of a CPU core per search. Does it matter ...

by Path Finder in

Log Field extraction When should i do it?

Hello Guyz, I have to extract around 30/40 fields from logs and monitor them. They are well formatted and can be extr...

by Champion in

Format Email Direction and Count

Hi, am hoping for help with this. I want to format output as follows: Domain OUTBOUND_COUNT INBOUND_COUNT ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

LookUp table show data who matches and who are not matches

Search over two sources and present combined results

web interface

Issue with search query

Regex Help!

Last Value in Lookup as Variable?

splunk db connect normal user not allowed to add

Calculating difference between two timestamp

How filter the entries in timechart

field value *

Auto index to mutiple index when data come in

Vyatta Rule Field Extraction

joinできなかった結果を含めて表示する方法はないでしょうか

Distribution of Load and Splunk Performance

Evaluate the results of Chart over By

Help with maven and splunk and log4j

map command to do stats stdev($field_name$) ...

three are more multiple value for mvzip

Display last results

Problems with extracting fields

Can you pull previous values from an inputlookup using streamstats?

Help Needed with Real Time Query for SLA violations for each API in sourcetype or alternative approaches if not possible

Realtime searches (efficiency & results)

Log Field extraction When should i do it?

Format Email Direction and Count

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions