Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

_time being treated as a string when run with table command

Hi, I have the following CSV data that I've uploaded into Splunk iso_code,continent,location,date,tot...

by Path Finder in

help on a stats command with a filter token

hello I use the search below which works fine `fiability` | fields host Logfile SourceName ProductNam...

by Builder in

Extract JSON Data

Need help to find a way to search JSON strings where an attributes is empty. Ex: get all JSON data where 'tags' is...

by Engager in

How can I use lookup csv from another Index?

How can I use lookup csv from another Index? I have access to both index. Thanks.

by Explorer in

Writing records to KVStore - Strange Behavior

Hello Am attempting to identify the name of the SQL Server and the SQL Agent process name based on a CMDB lookup an...

by Observer in

Need help with a search/subsearch not providing the expected results

Hello there! I need help with a search that is not providing the expected results. Let me share the details and backg...

by Explorer in

makemv delim carriage return problem...

I've got a bit of a weird situation and I don't have the Splunk technical know-how to fix it myself, so I thought I'd...

by Explorer in

returning values that dont exist

I have two queries. I have enabled the installed software script in splunk so I can determine where software is not i...

by Loves-to-Learn in

How to collect data from lookup into index without overwriting

Afternoon All, Have been playing with a search that will eventually become a saved search within Splunk ES. Idea is...

by Explorer in

What is the best method to search for different time ranges for 4 different sourcetypes using earliest?

I'm creating a query using 4 sourcetypes and want to search across different timerange for them. For example: | ...

by Observer in

McAfee logs ingested not parsing correctly - lot of junk. Please advise

McAfee data ingested into Splunk not parsing correctly. How do I fix it? I am getting a lot of junk. Please advise ho...

by Communicator in

Sankey being covered up by stats table?

Hello all, We are successfully creating a Sankey Visualization of our data, however when we try to expand how m...

by New Member in

Exclude results from lookup table in search

I have a lookup table with Scheduled Tasks called scheduled_tasks, and Columns Command, Arguments. ...

by Explorer in

How to convert Hex to Ascii in Splunk?

I have a hex value that i need to convert to ascii. is there a way to do this in splunk? string-value=0x4c61737420...

by Path Finder in

A query to get the xml files which has the specified tags

I have displayed two sample xml files below. I have to check whether a xml file has <customer-job-id> and <submissio...

by Loves-to-Learn in

Counting total and only specific values in one table (802.1x log example)

Hi Everybody: I need a little help with statistics: I use this search to list all Calling_Station_IDs. In the examp...

by Observer in

Amend "Reports" view in Search App to include other columns

Hi, a user wants to see the description of a report as well as the title. I know he could click the drop down arrow b...

by Explorer in

in timechart, how do you display average by field, but also show a total average

Hi, I have events from various projects, and each event has an eventDuration field. I'm trying to visualize the fo...

by Explorer in

To check if service of endpoint starts back once stopped

Hi Folks, I am working on creating an alert for endpoint where we have to check if its service came up after it...

by Loves-to-Learn in

what is colour code of boolean while using endswith?

Hi all, endswith=(notificationType="TestCompleted" OR notificationType="TestCancelled" OR notificationType="Te...

by Path Finder in

Splunk Search

Discussions

_time being treated as a string when run with table command

help on a stats command with a filter token

Extract JSON Data

How can I use lookup csv from another Index?

Writing records to KVStore - Strange Behavior

Need help with a search/subsearch not providing the expected results

makemv delim carriage return problem...

returning values that dont exist

How to collect data from lookup into index without overwriting

What is the best method to search for different time ranges for 4 different sourcetypes using earliest?

McAfee logs ingested not parsing correctly - lot of junk. Please advise

Sankey being covered up by stats table?

Exclude results from lookup table in search

How to convert Hex to Ascii in Splunk?

A query to get the xml files which has the specified tags

Counting total and only specific values in one table (802.1x log example)

Amend "Reports" view in Search App to include other columns

in timechart, how do you display average by field, but also show a total average

To check if service of endpoint starts back once stopped

what is colour code of boolean while using endswith?

Predict command

Why is it called delete when it doesn't delete, bu...

Sankey being covered up by stats table?

Round _value by mstats metrics

Search for user additions to Active Directory priv...