Splunk Search

Discussions

Thread Info

outputlookup append one field but not another

I am trying to write a search that will update a lookup asset table, with an additional table column metric (weight1)...

by Loves-to-Learn in

Why does my Geomap not work?

I'm trying to display the city and country name for all these IP Addesses which I extracted from my windows log f...

by Explorer in

How to combine the results ?

I am new to Splunk. I have the logs in the following format for our servers. Host, CPU, %USAGEHost, Memory, %Usage...

by Observer in

How to display only the test name if key "failure" is in the same object in JSON event

I am sending sauce labs test results to splunk and they are in this format: { "testsuite": { "@name": "...

by Splunk Employee in

How to make table from two queries with common field

Hi I have one index with two sources (source=source1 and source2). Both events have two common fields (common_field...

by Builder in

issue with dividing two numbers

Hi, Can someone help me with this. I have fields with values SP=3390510 and TP=3394992 I am trying to get Succe...

by Communicator in

Dedup field values using if"match"?

Hello all, I am attempting to put together a search where I'm taking website status (200=allowed, etc) and breakin...

by Explorer in

Saving License on Windows Events - Regex "This event..."

Hi! i've been trying to regex some part of the windows events to save license. Many windows events contains a large p...

by Path Finder in

Can't get timechart average to work

I'm trying to get the average time that a case is open in a system. To get the latest event per case that's closed ...

by Communicator in

How to search span for 1 day and 2 hours ?

This is my query and I have some challenges in the log. The thing is my daily job will start at 11 PM. If the job run...

by Communicator in

How can I compare values from a lookup and alert when there is no mach?

Hi, I have a lookup tables with user names (ftp_users.csv). Every day I'm getting one line from a particular sys...

by Path Finder in

Tstats Summary Join Different Search Ranges

Hey Guys, I am struggling arround a few days now, but I cant find a good/efficient solution for my problem. I wan...

by New Member in

SPL Search - Alert if not true (transaction)

I have written a rule that is trying to use a transaction and based on the transaction value to either alert or not. ...

by Contributor in

How to change a single panel color based on text result with unit format ?

Hi In the search below, I would be able to change the background color following the value of the FreeSpace field ...

by Motivator in

Comparisons

If suppose i have two Phases with first and last datePhase 1=1 JAN 2020, 1 March 2020 Phase2=1Apr 2020,1jun 2020 ...

by Path Finder in

How to calculate Uptime?

Splukers, I want to calculate uptime for my network. By this I mean, I need uptime in hours like time diffrence be...

by Explorer in

How to change the background color table fieldname

Can some one please help me to change the background color of Table fieldname. By default I am getting the fieldnam...

by Explorer in

Timechart of values

This is probably a really simple question but I have events coming in every minute. I've used | rex field=_raw ......

by Path Finder in

How to set a splunk token in a search query

I've created a text form input called 'username' to search for usernames in my dashboard panels and i've set the toke...

by Explorer in

Search Json Field Using Dynamic Variable

Hello, I have json data and I am trying to search a specific field using a dynamic variable. I can properly sea...

by Explorer in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

outputlookup append one field but not another

Why does my Geomap not work?

How to combine the results ?

How to display only the test name if key "failure" is in the same object in JSON event

How to make table from two queries with common field

issue with dividing two numbers

Dedup field values using if"match"?

Saving License on Windows Events - Regex "This event..."

Can't get timechart average to work

How to search span for 1 day and 2 hours ?

How can I compare values from a lookup and alert when there is no mach?

Tstats Summary Join Different Search Ranges

SPL Search - Alert if not true (transaction)

How to change a single panel color based on text result with unit format ?

Comparisons

How to calculate Uptime?

How to change the background color table fieldname

Timechart of values

How to set a splunk token in a search query

Search Json Field Using Dynamic Variable

How to filter xml logs from wineventlog?

Combining multiple searches on multiple source fil...

How to use dst{} in data model?

How to add Filler gauge cpu/ram to dashboard?

How to Calculate time difference with _metrics eve...