Splunk Search

Community Activity

What exactly are the rules/requirements for using "\|tstats append=t"? I must join some exceedingly large DM datasets but I cannot get \|tstats prestats=t append=t to work consistently in a... by woodcock Esteemed Legend in Splunk Search 05-10-2023 4 10	4	10
How to find individual averages of each stages{}.duration by stages.name{} in Splunk for Jenkins app? I have some SPL that generates a table that looks like this for several builds of a job: Prepare1.003Execute Test44.5... by joelwizard Explorer in Splunk Search 05-10-2023 0 6	0	6
Which version of dedup is better? A colleague of mine uses the following dedup version:\| strcat entity "-" IP "-" QID "-" Port "-" Tracking_Method "-" ... by danielbb Motivator in Splunk Search 05-10-2023 0 3	0	3
How to sort values from append search? Hi, Kindly help on sorting the values from append query as below: index=* source=*\|stats sum(Tot) sum(in_prog) sum(su... by Lavender Loves-to-Learn Everything in Splunk Search 05-10-2023 0 3	0	3
How do I write a search that can match a word from two different lookup files? Hello, I have 2 different files names lookup1.csv and lookup2.csv, which have column A and column B in both. Ho... by satyaallaparthi Communicator in Splunk Search 05-10-2023 0 3	0	3
How to group multiple methods responsetime into intervals and obtain count? Hi All,I have a requirement where I need to group count of methods responsetime into different time intervals.Below i... by Splunk_321 Path Finder in Splunk Search 05-09-2023 0 2	0	2
Working with the NOT command So I am trying to search through some results and I am trying to display the results that ExitStatus=0 which means it... by jialiu907 Path Finder in Splunk Search 05-09-2023 0 1	0	1
How to make timeline drilldown time parameters? I'm trying to do a drilldown of a timechart where the Y-axis field is Domain and the value is a count, X-axis is time... by michaeler Communicator in Splunk Search 05-09-2023 0 1	0	1
How to create strcat field names with spaces? I'm working with two similar, but not quite the same datasets and I want to create a table which displays data from e... by jlaska Engager in Splunk Search 05-09-2023 0 2	0	2
How to write events within 2 minutes of the first event for the same host? I am working on a query to report on events generated within 2 minutes of the first event for the same host. In the f... by Splunk77 Explorer in Splunk Search 05-09-2023 0 2	0	2
How do we separate the multiple columns of fields? Hi all, I'm looking for the search how we can seperate the multiple columns in to single column Ex: Host sca... by AL3Z Builder in Splunk Search 05-09-2023 0 1	0	1
How to use streamstats and identify consecutive events? Hi, We have applications Availability data in splunk.With below SPL, I got this data. Base_SPL..\| streamstats reset_o... by gvk_us Explorer in Splunk Search 05-09-2023 0 7	0	7
How to list out the field in tabular format? Hi All, How do we list out the fields in tabular format..Eg: hostname action windows allowed ... by AL3Z Builder in Splunk Search 05-09-2023 0 1	0	1
How to get higher up value for the columns in my chart when ceil isn't working? In the below chart if u can see i have used round and avg to first_response and closure time. But my values are not a... by Vish Explorer in Splunk Search 05-09-2023 0 4	0	4
How to append results to dropdown? I have a dashboard that has a dropdown which takes in the values from a csv file. Is there a way I can add on to the ... by thenormalone Path Finder in Splunk Search 05-08-2023 0 3	0	3
Add a number of hours to a search field? I have a field returned with some search data that contains a date and time in UTC. I would like to be able to add 1... by balcv Contributor in Splunk Search 05-07-2023 0 2	0	2
How to transfer decimal value into ASCII code in text string? Hi all, I have a field named as item_description which is an array of decimal value, which represents the descriptio... by Jouman Path Finder in Splunk Search 05-06-2023 0 4	0	4
How do I escape single quote within DBXquery SQL like command? how do I escape single quote within DBXquery SQL like commandFor example: content = '. . . . . . src_port': 20, 'd... by LearningGuy Motivator in Splunk Search 05-06-2023 0 1	0	1
How to use a lookup in a subsearch to search raw data values to include in the main search? I would like to import a lookup table in a subsearch for a raw value search: index=i1 sourcetype=st1 [inputlookup us... by landen99 Motivator in Splunk Search 05-06-2023 2 6	2	6
How can I convert Key value into field value data? The data is in key value format instead of field value due to limitation of fields to be used. There are 10+ key valu... by srv007 Path Finder in Splunk Search 05-06-2023 0 9	0	9
How to view the currently running search of Splunk and display the amount of memory consumed during search command? How to view the currently running search of Splunk and display the amount of memory consumed during the execution of ... by spl_stu Explorer in Splunk Search 05-06-2023 0 4	0	4
Can we pass a parameter to a report? Is there a way to pass a parameter to a report when calling it via - curl -u user:password -k https://<api_server>... by danielbb Motivator in Splunk Search 05-05-2023 0 1	0	1
Is it possible to load a Sysmon log into Splunk as a lookup table, but how do I view it after that? I can load a Sysmon log into Splunk as a lookup table, but how do I view it after that? What code do I use to view t... by Blackdragon7 Observer in Splunk Search 05-05-2023 0 7	0	7
How to extract fields like table below? Distcp job application_1681357021637_0984 MAPREDUCE Wed May 3 04:32:32 MST 2023 Wed May 3 04:32:40 MST 2023 SUCCEEDED... by bmanikya Loves-to-Learn Everything in Splunk Search 05-05-2023 0 6	0	6
Search results help in getting hourly results? Hi I am using the below query and i need the results in hourly basis for the time i selected ? "My Base search" \|... by kc_prane Communicator in Splunk Search 05-05-2023 0 2	0	2