Splunk Search

Ask a Question

Discussions

Thread Info

How do I move all values from column one row up?

Hello everyone, Can not find how I may move all values from a column(Total), one row up, in a table This i...

by Explorer in

Is there any way to optimize this query to increase performance?

We are trying to create a query to get list of fields in all sourcetypes grouped by sourcetype and index. We trie...

by New Member in

Windows account lockout and enable- Why is my search returning 0 results?

Hi I want to create a splunk use case like a after getting 3 times failure the account again got enable.. I w...

by Path Finder in

How to use span with stats?

My query below does the following: Ignores time_taken values which are negativeFor each event, extracts the hour, ...

by Path Finder in

Left Join: How to display missing data in a table using Join?

Hi There, I have a requirement where i have an index with two different sources. index=a sourcetype=a1 index...

by Path Finder in

How to extract a field from raw json?

Hi Team, From the below raw JSON string in Splunk, I am trying to display only correlationId column in a table, ca...

by Path Finder in

What is the relation between the Splunk inner/left join and the ones in relational databases?

What's the relation between the Splunk inner/left joins and the ones in relational databases, functionality and termi...

by Ultra Champion in

Filter a search result with lookup values- What command is most appropriate for this?

Hi, I have a search query where a field is named "user_email".I also have a lookup table where I have a list of em...

by Explorer in

How do I list the events if there are more than 1 item in array?

how do i list the events that in an array has more than 1 item? 1) a:[ {"data1":"abc"},{"data1":"def"}] 2) a:[ ...

by Explorer in

How to create a table based on two queries?

I have two queries I am trying to join the results together. The first query has the organization details and the sec...

by New Member in

How to search to get value from the last event?

Hello folks, I have Logger lines as below: job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "...

by Explorer in

Overlaying data from multiple devices, or being able to select which device to view?

Further to my previous post here, which was generously solved by ITWhisperer: Solved: Help with search to use for d...

by Path Finder in

How to list out saved searches which are used index=* instated of using index fully qualified name?

Hi all,we have hundreds of saved searches,but the problem is while creating savedsearches they were used index= * ...

by Explorer in

How to search for the time difference between last event and now?

I have installedAt field which gives the application's installation time. If I run a Splunk search for the last 7 ...

by Contributor in

Help with search to use for dashboard - link key-value pairs

Hi Folks - I would appreciate some help to create a dashboard. I want a simple line chart that shows how a value c...

by Path Finder in

Why is the search with NOT take less time compared to search using IN?

Hello Everyone, I have two queries to exclude events one using NOT and other one using IN, both the queries returnin...

by Loves-to-Learn in

How to create a dashboard with event ID below to application usecube ?

Hi, i would to create a dashboard with event ID below to application usecube 4720 A user account was created...

by New Member in

Can I write this search with stats instead of left join?

Hi All, I have a join query that works perfectly fine for my use case, but I was trying to see if I can write this us...

by Path Finder in

Help with Searching Events with different OS platform table fields

Hello, I have recently starting learning about Splunk and been stuck while attempting to make the search display for ...

by New Member in

How to run an index to generate events through an input lookup table?

Hi all, I wish to generate login times for a list of users which are specified in a lookup table titled user_list.csv...

by Engager in

How to compare events with "milestone" lookup?

I have a really simple task but haven't figured out how. This is a simple table of milestones milestone1milestone2...

by SplunkTrust in

Splunk search based on lookup time?

Below query, I have used and it is saving in output lookup format. Lookupname - S1_installedtime Query - i...

by Contributor in

How to delete row values if condition is not met in a table?

Hi all, I need to write a query that checks whether (Daily AH <= Daily Po <= Daily Risk <= Daily File <= Daily In...

by Path Finder in

How to convert time in another timezone?

Hello everyone! I have time in such format 2022-09-02T18:44:15, this time in GMT+3, and I need to change convert t...

by Contributor in

How to output of search results of one index as inputs to another search using a different index?

I search Netflow firewall denied traffic on port 53 using the netflow index. Based on the IPs found (source and DNS d...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I move all values from column one row up?

Is there any way to optimize this query to increase performance?

Windows account lockout and enable- Why is my search returning 0 results?

How to use span with stats?

Left Join: How to display missing data in a table using Join?

How to extract a field from raw json?

What is the relation between the Splunk inner/left join and the ones in relational databases?

Filter a search result with lookup values- What command is most appropriate for this?

How do I list the events if there are more than 1 item in array?

How to create a table based on two queries?

How to search to get value from the last event?

Overlaying data from multiple devices, or being able to select which device to view?

How to list out saved searches which are used index=* instated of using index fully qualified name?

How to search for the time difference between last event and now?

Help with search to use for dashboard - link key-value pairs

Why is the search with NOT take less time compared to search using IN?

How to create a dashboard with event ID below to application usecube ?

Can I write this search with stats instead of left join?

Help with Searching Events with different OS platform table fields

How to run an index to generate events through an input lookup table?

How to compare events with "milestone" lookup?

Splunk search based on lookup time?

How to delete row values if condition is not met in a table?

How to convert time in another timezone?

How to output of search results of one index as inputs to another search using a different index?

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...