Splunk Search

Community Activity

	(How) are fields stored in splunk in an index when extracted during ingest? Hi, Am quite new to splunk, and coming from Elasticsearch, so my knowledge is biased. However I did notice that Elast... by ericvdhout Path Finder in Splunk Search 05-06-2022 0 14	0	14
	How to add a + or - sign before percent? hi i add a + or a - sign before a percent result like this \| eval perc=if(s<2,"-","+").round((s/2)*100,1). "% " ... by jip31 Motivator in Splunk Search 05-06-2022 0 1	0	1
	Show all fields for a list of sources and show 1 for fields that have values, 0 for the fields that have no value Dear community, I am using this community since years, so far I've found everything I needed. Now I am stuck!!! I am ... by lost_alex Observer in Splunk Search 05-06-2022 0 2	0	2
	How to view multiple lookups Hi Team,I am trying to take the backup of lookups using search head console and for the same I have tried two ways.a)... by spl10 Explorer in Splunk Search 05-06-2022 0 2	0	2
	Duration, Average , max, min response Time 2 events : request and response and unique id which binds this transaction. I have issue where i have to calculate t... by BT Path Finder in Splunk Search 05-06-2022 0 5	0	5
	Help with regex on string with multiple number values Hi all need help getting the trailing number from a field in a search. Examples of the fieldid = bdf73ad5-4499-4f70-b... by morgantay96 Path Finder in Splunk Search 05-05-2022 0 3	0	3
	How to sum time duration from value format "1d hh:mm:ss"? hi am newbie I have a duration time value with the format "1d hh:mm:ss"but I haven't gotten a thread that discusses s... by trengginas Engager in Splunk Search 05-05-2022 0 2	0	2
	How to write this Splunk Query for alert? hi,Can someone help to correct the query provided below which will send alert if detected a STOPPED status for 3 cons... by jakeoftrades Explorer in Splunk Search 05-05-2022 0 11	0	11
	Best way to extract _raw to a host OS of a SH programatically We have a 3rd party pulling AWS logs as far back as AWS holds onto logs. However, we want to be able to go back furth... by cybersecnutant Explorer in Splunk Search 05-05-2022 0 1	0	1
	Can a report be created using metadata/any other data to list all the fields that are available by index and sourcetype? Is there a way to create a report using metadata or any other data to list all the fields that are available by index... by PatelAshish83 Engager in Splunk Search 05-05-2022 0 5	0	5
	Missing transaction caused by multisearch / subsearch Hi allI have a riddle. Query A and query B does not collect the same events and I don’t understand why.Query A) resul... by p4085f9 Engager in Splunk Search 05-05-2022 0 2	0	2
	How to do Conditional Searches? Is there a way to do a search like this; If Eventid=1111 only do these statements elseif Eventid=2222 only d... by secphilomath New Member in Splunk Search 05-05-2022 0 3	0	3
	How to add a column that sums values while keeping the values column Hello I have data that looks like this : Name \| Type \| Value ------------------------------------------ Name1 \| Type... by Newser703 Explorer in Splunk Search 05-05-2022 0 1	0	1
	How to add totals to xyseries table? We are working to enhance our potential bot-traffic blocking and would like to see every IP that has hit AWS cloudfro... by swengroeneveld Explorer in Splunk Search 05-05-2022 0 2	0	2
	How to create a search for response time to be calculated? I have 2 events 1) request event 2) response event I need response time to be calculated (i.e) request event time - r... by VijaySrrie Builder in Splunk Search 05-05-2022 0 6	0	6
	How to create a search to combine inputlookup and search? Hi, I want to compare the count of calls obtained in a day with the target in lookup csv, for example: input csv: hea... by doniv Loves-to-Learn Lots in Splunk Search 05-05-2022 0 6	0	6
	How to convert the 24hrs time to 12hrs time and show the difference in -ve sign indication? i have the 2 values let's sayexpected time= 6:00:00completion time= 08:32:44and the expected output should be the dif... by srujana96 Explorer in Splunk Search 05-04-2022 0 2	0	2
	How to use single value comparison with trend arrow in splunk? I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current mon... by sanjubaba Path Finder in Splunk Search 05-04-2022 0 1	0	1
	publish yesterday's data from today's date I want to get QID list from yesterday’s published data. For that I'm using PUBLISHED_DATETIME field with yesterday’s... by martin61 Engager in Splunk Search 05-04-2022 0 1	0	1
	How to count events for all users in a lookup table, even if some users return no results? I have a lookup table that lists all users along with their department like so: email department -----... by gfisbeck Explorer in Splunk Search 05-04-2022 0 7	0	7
	Why are there missing results using different Search query codes? So i have this: (index=* OR index=_*) (index="GA2014" EventCode=4625) \| dedup RecordNumber \| rename Account_Name ... by bogdan_nicolesc Communicator in Splunk Search 05-04-2022 0 0	0	0
	How to use a second index as a lookup for a value in the first index? Hello my fellow Splunkers,i am trying to use a second index as a lookup for a field in the first index index=products... by manhalmoussa Explorer in Splunk Search 05-04-2022 0 3	0	3
	How to use the Results of a Lookuptable in a Search Query? Hello,So I have been working on this for a few days, looking at numerous Splunk responses but have yet to find someth... by XJabs Explorer in Splunk Search 05-04-2022 0 6	0	6
	How to display multiple values of different field names in one column table? Hi everyone, I am new to Splunk and I have been trying to do a complex report that I haven't been able to solve so p... by cesar_tomas Explorer in Splunk Search 05-04-2022 0 1	0	1
	Is it possible to combine multiple table views into one stats table? Hi, I have a dashboard with multiple table views from different indexes and just wondered if it is possible to combin... by joe06031990 Communicator in Splunk Search 05-04-2022 0 1	0	1