Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to compare and match timestamp of one field with the latest timestamp of other field before calculating duration ?

Hi All, I am currently getting following results from my search query - time1 ...

by Path Finder in

Iterate search over multiple field values

Hi, I've created a search which is based on 1 field value but I need the search to run over many field values. Rat...

by Explorer in

get the last element of repeating json payload

I have a repeating j son payload appearing in my logs.I am interested in capturing the last payload from the logs.rig...

by Observer in

Help with timewrap Command

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below qu...

by Explorer in

Splunk query for UPtime and Downtime?

Hi Folks, Can anyone please help in forming the query for internal splunk components up and downtime reporting, i ...

by Path Finder in

join/append two queries

Hi, I have two different queries, I want to join two columns. Below is my query: `macro`msg="Finish imp...

by Engager in

Group by and sum

Hello - I am a Splunk newbie. datetime Src_machine_name Col1 Col3 ...

by Engager in

Display fields in a table after stats command

Working with some Apache logs. I am trying to get a table that displays the uri, the clientip, and the number of time...

by Explorer in

Regex search through splunk

Is there a method to do "AND" while writing regex instead of "OR" . As when i write a reg and add to regex _raw="expr...

by Engager in

How to calculate uptime percentage based on my data?

Lets say my data is like this: 8/27/12 10:30:00.000 AM server=test1 and status=Down 8/27/12 10:29:00.000 AM server...

by Explorer in

Splunk Search

Hello is there a length limit in the search.? I have been using NOT operator in my query extensively due to error c...

by New Member in

When running the delete dups search, I'm reaching the 10k limit. How do I increase it?

I'm trying to delete dups using this method here: https://community.splunk.com/t5/Splunk-Search/How-to-delete-duplica...

by New Member in

Check multiple hosts for existence

I have list of around 100 hosts that are sending data to index and I would love to return a table with hostname and s...

by Path Finder in

Merge two fields into one field

I have the following result set coming from a search: field_1 field_2 1 2 3 4 5 6 I need ...

by Motivator in

After 10000 records in lookup, new records are not getting appended. Any solution?

Hi, I have used the below saved search to append the data every 15 mins into the lookup file. I use the lookup file...

by Explorer in

Looking to rewrite a join across several indexes with somewhat unusual relationships

(I am reposting this question from email, with permission from the person who emailed) I need to basically join 3 i...

by SplunkTrust in

Using fireall logs to find hosts that do not use a specific protocol

I have the following query for PAN firewall logs: index=pan app=ssl | stats count by src This would give me a l...

by Path Finder in

Summary Index - Eval Issue - Need both combined & segregated data

Hi Splunk Experts I've created a summary index where it contains 6 eval cases, for example: eval 1=case(match(som...

by Explorer in

How to show data from different regions as Today's

Hi Splunkers, I have different queries that get the age of a ticket only counting the business hours. I need to do ...

by Explorer in

How to find last of A and first of B in one query?

Considering the following two messages: sourcetype="PCF:log" cf_app_name=app1 msg="launch processing starte...

by Explorer in

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Splunk Search

Discussions

How to compare and match timestamp of one field with the latest timestamp of other field before calculating duration ?

Iterate search over multiple field values

get the last element of repeating json payload

Help with timewrap Command

Splunk query for UPtime and Downtime?

join/append two queries

Group by and sum

Display fields in a table after stats command

Regex search through splunk

How to calculate uptime percentage based on my data?

Splunk Search

When running the delete dups search, I'm reaching the 10k limit. How do I increase it?

Check multiple hosts for existence

Merge two fields into one field

After 10000 records in lookup, new records are not getting appended. Any solution?

Looking to rewrite a join across several indexes with somewhat unusual relationships

Using fireall logs to find hosts that do not use a specific protocol

Summary Index - Eval Issue - Need both combined & segregated data

How to show data from different regions as Today's

How to find last of A and first of B in one query?

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Lookup table help

How to set span for 1day and 2 hours?

Event Spliting

DBSCAN Cluster Visualization Interpretation, Machi...

Retain special characters at the end of field valu...