Splunk Search

Thread Info

How to compare my search table to lookup table and output the not match result to my search table?

I have lookup table like Date ID Name 02/04 12547 xxx02/04 12458 xxx02/04 ...

by Communicator in

What is the difference between a lookup search and index searches?

Hi, I need your help in order to get the difference between two searches. I have a task running once a day on all ...

by Explorer in

Why is the scroll is not working on a table viz?

I am using Dashboard Studio, and When I create a table viz the scroll is not working, and neither is the next button....

by Loves-to-Learn in

How to display the bar with both values even when there are no results for failed?

I have a bar graph that shows the status (Success and failed). I want to display the bar with both values even when t...

by Path Finder in

How to generate an accumulating total bucketed by day per user?

Hello,Im trying to accumulate and analyze a persons risk score every day, once per day, and only fire when the total ...

by Contributor in

Why is subsearch not working with regex?

I'm attempting to find file downloads within a 2 minute timespan following a browser being spawned from outlook (my s...

by New Member in

How to create a line chart with received time on Y axis and date on X axis?

I'm looking to create a line chart like the attached picture. The data points would be the time a file is received, t...

by Engager in

How to modify my search to data model search by adding a lookup table?

Hi, My task involves creating a search in datamodel i.e network_traffic, below is the base search how we could con...

by Path Finder in

How to correlate a field from a query to a field from a lookup file?

Hello. I've been watching a few lookup videos but they mostly concentrate on extracting data from a lookup file. None...

by Path Finder in

How to plot differences of values over time?

hi all I have a data set like this: _time, duration, category XXX, 0.145,A XXY, 0.177,B XXZ, 0.178, A ...

by New Member in

How to left join ext data to event and perform rowwise eval?

I have a lookup table with an event name with min max thresholds I need to join this (left on the lookup) with the...

by Explorer in

How to perform Lookup Using Event Field that is a List?

I have an event field that is a list of "permissions" , and I want to perform a lookup for each permission in the li...

by Splunk Employee in

Splunk Cloud: How do we extract multiple values for one field for one entry?

for splunk cloud how do we extract multiple values for one field for one entry

by New Member in

Help with latest and earliest

Hi, I would like to know if someone can help me with this issue. I am trying to add a time constraint to an SPL...

by Explorer in

Why is it incorrectly showing some values as NULL?

Here is the raw log { "markers": { "requestId": "RAWWyBVRjlX1wCr3JPINpZz6TLfa6FAM_09c958c6", "msgId...

by New Member in

How to choose color based on text value?

Hi there! I need to choose the color in the dashboard based on the text results in dashboard, where the ...

by Contributor in

How to create new field based on table values?

Dear Experts..Looking for help with a Splunk Query...I was working on a Splunk Query to identify the Frames connectio...

by Explorer in

How can I compute value based on group by values in timechart?

| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="Standard...

by Explorer in

How to convert SQL query to Splunk search?

Hi, I have the following tables: asset table:asset_idsolution_idvulnerability_id solution table:solution_ids...

by Loves-to-Learn in

How to correlate nested parent child jobs?

Hi,we have to monitor some jobs in which One Job could have multiple sub task. It could be nested dependency as well...

by Path Finder in

How to search and create table report?

I have a logfile with information like this - 2023-04-05 13:54:17.259 INFO [http-nio-8080-exec-117][OTPViewControl...

by Path Finder in

How to include multiple fields of the same type?

I would like to add all instances of a field within the same variable, named SynchronousExecution. Is there a better ...

by Engager in

How to achieve average of first 7 vs last 7 records?

Hi team,I have 14 records in the table, I want to find out average of first 7 and average of last 7 recordsHow can I...

by Engager in

How to separate OS name and OS version values from a field having combined value?

I have a column that holds OS Name along with it's version details. os_full_nameCentOS Linux release 7.1.1503 (Co...

by Communicator in

How to write a rex expression to pull out a specific bit of data?

Hello! So I'm trying to write a rex expression to pull out a specific bit of data from this:<plugin_output>Operating ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to compare my search table to lookup table and output the not match result to my search table?

What is the difference between a lookup search and index searches?

Why is the scroll is not working on a table viz?

How to display the bar with both values even when there are no results for failed?

How to generate an accumulating total bucketed by day per user?

Why is subsearch not working with regex?

How to create a line chart with received time on Y axis and date on X axis?

How to modify my search to data model search by adding a lookup table?

How to correlate a field from a query to a field from a lookup file?

How to plot differences of values over time?

How to left join ext data to event and perform rowwise eval?

How to perform Lookup Using Event Field that is a List?

Splunk Cloud: How do we extract multiple values for one field for one entry?

Help with latest and earliest

Why is it incorrectly showing some values as NULL?

How to choose color based on text value?

How to create new field based on table values?

How can I compute value based on group by values in timechart?

How to convert SQL query to Splunk search?

How to correlate nested parent child jobs?

How to search and create table report?

How to include multiple fields of the same type?

How to achieve average of first 7 vs last 7 records?

How to separate OS name and OS version values from a field having combined value?

How to write a rex expression to pull out a specific bit of data?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...