Splunk Search

Discussions

Thread Info

savedsearch vs outputlookup- Which one is more efficient to use and should be used as default?

I run large searches at the start of each month. Generally I use the saved search commands to retrieve the results on...

by New Member in

Create a new field based on existing filelds

Hello, My requirement is if the field "fields.summary" contains events that contain ".DT", then I want to create a ...

by Explorer in

Log messages counts are getting overlapped in splunk dashboard?

Index=dev log-severity=INFO app name=abcd | rex “tv counts for indicator S = (?<Count>\d+)” | stats count by _t...

by Explorer in

Can you change the base search depending on a drop down value?

I have a dashboard that uses a dbxquery in the base search. I would like to make the dashboard "bilingual". Is it ...

by Engager in

How can I join csv file with id only?

i have 2 csv file first one has name and idsecond one has the id only i can extract the common id but i couldn’t f...

by New Member in

What is the correct time format for "raw" messages?

Good afternoon! I'm noticing that my time format in the messages I send to /services/collector/raw isn't being par...

by Communicator in

How to extract string between two character @ and >?

Hi, I'm trying to extract string "domain.com" from <mail@domain.com> How can i extract string between "@" and "...

by Engager in

Is there a way I could combine the results from the above query with the first query to refine the search command?

Hi Community, I have the below search query index=_internal [ `set_local_host`] source=*lice...

by Communicator in

Can we convert to tstats?

Hello, Is there a way to convert this query to run with tstats? It is _slow_ when running it for two weeks of data....

by Motivator in

How to perform the below condition in Splunk search?

I have 3 date columns.I have already calculated the difference between current day and the diff is in days are the va...

by Path Finder in

Can I have a dedicated search head that only runs scheduled reports?

I have a search head cluster and I will have scheduled reports that send data to a summary index. I don't want oth...

by Path Finder in

How to change index based on MetaData:Source.

Hello, can anyone tell me why this configuration isn’t working? I would like to change index name from main to hue,...

by Explorer in

How to get multiple distinct counts for subset of logs in single query?

Hello, I am currently using the |append method for some queries, but was curious if there is a better way for me to b...

by Engager in

How can I overlay the 7 day, 30 day or 90 day average line over the timechart?

Dumb question I cannot find a simple answer to. 藍 If I run a simple timechart search for 7 days, 30 days or 90...

by Explorer in

What's the difference between nomv and mvcombine?

Could someone please show the difference between nomv and mvcombine with some examples? What I have seen is that both...

by Builder in

Help with Eval from Multivalue field?

I have a dataset with a multiline field called Logs. The field typically has values like the below, ...

by Explorer in

How to display a table based on a clicked value of another table?

I have a table with 1 column and 6 rows which I'll be changing to 1 row and 6 columns using transpose and eventually ...

by Communicator in

tstats with where condition | StatsFileWriterLz4 file open failed file=C:\Splunk\var\run\splunk\srtemp\910252184_17768_a

I have a SPL, when first running the result is appearing but once the query is finished the error have shown below: ...

by Explorer in

Getting Rex sub pattern error when using counts

Index=dev log-severity=INFO app name=abcd | rex “tv counts for indicator S = (?<Count>\d+)” | stats cou...

by Explorer in

Lookup for a value in two lookup table columns?

Hi, I have generated a search which return list of hosts and the count of events for these host. sometime the host...

by Engager in

Annotation based on Existing Value (to avoid duplicate search)

On an existing dashboard I have a rather complex query that generates a timechart on which I am looking to use annota...

by Communicator in

Why is my rex command extracting other text strings

I am using the following rex command to extract an id number, which is in the following format: 1e4gd5g7-4fy6-fg567-3...

by Path Finder in

Is there a way to be notified(alerted) if any saved searches are modified?

I am looking for an alert when any search in (rest /services/saved/searches splunk_server=local) is being modified.

by Explorer in

How to best approach timeseries graph based on multiple fields?

Hi, I am looking to create timeseries graph based on multiple fields.we could have multiple hosts and each host have ...

by Path Finder in

How to visualize ongoing actions based on start/stop time?

Hi,I have events which are received when action is finished on my system. Event contains start and stop time for acti...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

savedsearch vs outputlookup- Which one is more efficient to use and should be used as default?

Create a new field based on existing filelds

Log messages counts are getting overlapped in splunk dashboard?

Can you change the base search depending on a drop down value?

How can I join csv file with id only?

What is the correct time format for "raw" messages?

How to extract string between two character @ and >?

Is there a way I could combine the results from the above query with the first query to refine the search command?

Can we convert to tstats?

How to perform the below condition in Splunk search?

Can I have a dedicated search head that only runs scheduled reports?

How to change index based on MetaData:Source.

How to get multiple distinct counts for subset of logs in single query?

How can I overlay the 7 day, 30 day or 90 day average line over the timechart?

What's the difference between nomv and mvcombine?

Help with Eval from Multivalue field?

How to display a table based on a clicked value of another table?

tstats with where condition | StatsFileWriterLz4 file open failed file=C:\Splunk\var\run\splunk\srtemp\910252184_17768_a

Getting Rex sub pattern error when using counts

Lookup for a value in two lookup table columns?

Annotation based on Existing Value (to avoid duplicate search)

Why is my rex command extracting other text strings

Is there a way to be notified(alerted) if any saved searches are modified?

How to best approach timeseries graph based on multiple fields?

How to visualize ongoing actions based on start/stop time?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6