Splunk Search

Discussions

Thread Info

How to run a same search with multiple time ranges and append the value compare them?

Here is the example of the search looks like : index=x* OR index=y* OR index=z* Iabcd 12_* ( earliest=05/09/20...

by Observer in

How to collect data and correlate into a table?

|>TYPE|2022-04-25 18:38:40|2d7e908bo82cb8|1725357403659|HERE|TYPE/272|1,856|1.2.0|ABC|351c481f2de|NONE<||>TYPE|2022-0...

by Explorer in

How to find missing ip's from search1 in search2 and find the stats percentage missing ip's?

Hi, am trying to find list of ip's from search1 which are missing in search2 and get all the ip from search1 and c...

by Path Finder in

How to Calculate the product of a numeric field (multiplication)?

I have a field with the following values. How can I calculate the product i.e multiply all values with each other? Th...

by Engager in

How to filter out records if they match multiple criteria?

Hi there, I want to filter out some records if they match multiple criteria, for example: host service state==...

by Explorer in

How to Make operations between two columns

Hello, I have this query: | mstats avg(_value) as packets WHERE index=metrics_index sourcetype=netwo...

by Loves-to-Learn Lots in

Compare entry date to the selected revisit date to figure out when a user is being added to the lookup table

Here is my xml code so far:<form version="1.1" theme="dark"><init><set token="none">None</set><set token="tokTypeInpu...

by Path Finder in

How to do the division of 2 values in the same field

Hi, I have a table like this: id value 1 12 2 10 I want to do this calculation...

by Communicator in

Is it possible to get a list of available indices?

I could then populate a dropdown list with indices  Somehow I could not get this done, would be cool if someb...

by Communicator in

How to display a table with status reason and count of different status reasons like "NO_ID_UPLOADED", "FRAUD_ID"?

Hi,This is splunk query and it returns nested JSON object Query:sourcetype=_json_fluentd source="***" | search me...

by Explorer in

Realtime input: How to use time picker in real time in classic dashboard?

I am unable to use time picker in real time in classic dashboard is it not supported or am I having this problem. ...

by Path Finder in

Why are search Items not present in Index?

search Items NOT present in Indexfor exampleif day = Mon,tues,wedoutput query1 and query3 (as two separate tables)if...

by Path Finder in

Has any one come across hidden Double Quotes (") in a field and how to remove it?

Hi. Has any one come across hidden Double Quotes (") in a field and how to remove it? (maybe a "sed" regex) Th...

by Path Finder in

Indexing stopped: Why is there an error on SH message box?

Getting below error message on SH message box: Search peer <Indexer_host> has the following message: Problem repl...

by Path Finder in

How to write splunk Query to find all the occurrences of a Boolean key value pair in logs over a period of time

Given below is a snippet of splunk event. My requirement is to find all the occurrences of "isOutstanding": true. Her...

by Explorer in

if statement to output multiple tables in splunk?

if statement to output multiple tables in splunk?For example I have 3 tables that have the following dataTable 1 AA 1...

by Path Finder in

How to create a search with string column to generate a chart with 3 data points?

I'm an intermediate Splunk user. I have a query that has 3 fields i want to turn into a chart:1. mySearchTerm (strin...

by Observer in

How to remove or replace "-" from a field)?

Hello all, I have a field that contains hypens in the value. For example, 20.0--(1259). I am simply trying t...

by Engager in

How to create a search for Account Creation Event ID 4720?

I'm a novice user to Splunk and need a simple index search for account creation, time, and creator. I'm on closed d...

by New Member in

How to convert IPV6 to ipv4?

Among the data stored in splunk is in ipv6 format. I want to know how to convert the ipv6 format to the ipv4 format. ...

by Communicator in

Why are there sum issues in splunk table?

splunk table not giving the accurate sum of the fields in addtotals, even when i use the stats sum function, once the...

by Explorer in

How to create SQL query from log?

Hi I have two files Filed1 and Filed2, Fileld1 is procedure call and Files 2 is the arguments i want to make ...

by New Member in

Help with Logic when a multivalue field appears: How to utilise lookup?

I have some events coming in that use a lookup to resolve to an action eg : Block,block,not sent = blocked tagg...

by Builder in

How to average the values of duplicate entries?

Hi, Suppose I have these following entries in a table A- 1 A - 2 A - 3 B - 1 B- 2 I want to av...

by Explorer in

Find values in lookup that are not in index

I've searched and tried what i can find online and nothing is returning so i thought I'd try here: i need to return t...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to run a same search with multiple time ranges and append the value compare them?

How to collect data and correlate into a table?

How to find missing ip's from search1 in search2 and find the stats percentage missing ip's?

How to Calculate the product of a numeric field (multiplication)?

How to filter out records if they match multiple criteria?

How to Make operations between two columns

Compare entry date to the selected revisit date to figure out when a user is being added to the lookup table

How to do the division of 2 values in the same field

Is it possible to get a list of available indices?

How to display a table with status reason and count of different status reasons like "NO_ID_UPLOADED", "FRAUD_ID"?

Realtime input: How to use time picker in real time in classic dashboard?

Why are search Items not present in Index?

Has any one come across hidden Double Quotes (") in a field and how to remove it?

Indexing stopped: Why is there an error on SH message box?

How to write splunk Query to find all the occurrences of a Boolean key value pair in logs over a period of time

if statement to output multiple tables in splunk?

How to create a search with string column to generate a chart with 3 data points?

How to remove or replace "-" from a field)?

How to create a search for Account Creation Event ID 4720?

How to convert IPV6 to ipv4?

Why are there sum issues in splunk table?

How to create SQL query from log?

Help with Logic when a multivalue field appears: How to utilise lookup?

How to average the values of duplicate entries?

Find values in lookup that are not in index

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!