Splunk Search

Discussions

Thread Info

Timechart by field in tabular format

There are 100s of APIs in my application. I'm logging exception for an API. I can get stats to get total no of excep...

by Explorer in

finding field b partial matches in field a (inputlookup csv)

I am trying to find matches for field b, when there is a partial match in field a. I have field a which is an importe...

by Engager in

replace function for eval token problem

Hi Splunkers, I was stuck with cutting the part of string for drilldown value from a chart using the <eval token>....

by Contributor in

inserting newline, tab into eval-ed field

Running | makeresults | eval s="foo\nbar" displays foo\nbar and it is unclear if the variable ...

by Explorer in

SNMP bandwidth using foreach

Hello everyone,I am new to Splunk and learning the ropes. I am stuck on a query I am trying setup. I have SNMP data c...

by Loves-to-Learn Lots in

How to join multiple events based on one common value with different filters?

Hi,I've written a query query below which joins 2 different event types from same source with different filters. so...

by Explorer in

Can I Show Data Values on a Specific Field?

Hi, I have a column chart with multiple overlaying fields (see blue orange and yellow lines below). Right now i am ...

by Path Finder in

splunk props timestamp issue

I have a CSV file with the below data, trying to push to Splunk. Example - Thu JUN 24 15:27:52 +08 2021,name1,a...

by Communicator in

How to check for the same values in a field and replace another field with specific text

So currently i have: |Name | Branch | Age -------------------------------...

by Engager in

Monitoring Searching of Sensitive Data

Is there a way to monitor the searches for some specific fields? Let's say I wish to monitor if anyone is running a...

by Explorer in

How to join 2 searches from 2 different sourcetypes

I am encountering problems joining 2 querries that are getting values from 2 different sourcetypes.I would like to ge...

by Explorer in

How to Grab Variance

Hello,I am ingesting files containing host and ports for each host.For each Source (FILE) The Nodes(host) and ports ...

by Path Finder in

I want to get error logs counts from windows event logs from multiple servers.

I want to get error logs counts from windows event logs from multiple servers.Want to create a separate dashboard whe...

by New Member in

How can I split an event into a varible number of events?

Hello,I have a directory structure which i want split up in separate events. For example \MAIN\SUB1\SUB2\SUB3\fil...

by Path Finder in

Query to find top 10 indexers w.r.t index max allocated storage.

Kindly help me out with Query to find top 10 indexers w.r.t index max allocated storage.

by Observer in

It is truncated subsearch. tstats command.

Hi. I have one problem. It is truncated subsearch result. index="test-index01" sourcetype="test_s...

by Explorer in

How to extract and aggregate by extracted fields

Hi I have the data that looks like thisuser, ip, (metrics kv pairs) ---- sample results for search -- user=user1...

by Engager in

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

All my dashboards panels, written in Simple XML, default to Search Mode "Fast" when the "Open In Search" icon is sele...

by Explorer in

props file not recognizing time field

Hi All, I have a CSV file with the below data, trying to push to splunk. Example - Thu JUN 24 15:27:52 +0...

by Communicator in

How to compute the field value a time interval earlier?

I want to compute the change in temperature for each location in a given interval, say, 15 minutes, or 30 minutes. I ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Timechart by field in tabular format

finding field b partial matches in field a (inputlookup csv)

replace function for eval token problem

inserting newline, tab into eval-ed field

SNMP bandwidth using foreach

How to join multiple events based on one common value with different filters?

Can I Show Data Values on a Specific Field?

splunk props timestamp issue

How to check for the same values in a field and replace another field with specific text

Monitoring Searching of Sensitive Data

How to join 2 searches from 2 different sourcetypes

How to Grab Variance

I want to get error logs counts from windows event logs from multiple servers.

How can I split an event into a varible number of events?

Query to find top 10 indexers w.r.t index max allocated storage.

It is truncated subsearch. tstats command.

How to extract and aggregate by extracted fields

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

props file not recognizing time field

How to compute the field value a time interval earlier?

Tips & Tricks When Using Ingest Actions

Announcing Our Splunk MVPs

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

splunk binaries creating under /usr/bin automatica...

Updating a lookuptable

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...