Splunk Search

Ask a Question

Discussions

Thread Info

Multiple queries question

Hey all, Firstly - the title doesnt actually encapsulate what Im trying to do, Ill try break it down simply: I ha...

by Explorer in

Query to display if 500 error http status count is more then 30 percentage of total api calls

by New Member in

How to use substr in an eval with if

I try to use the query eval ID = if(ORG="MC",ID=substr(ID,-6),0) Basically, I want in my result, i...

by Communicator in

Need help in formulate query for our use case

Team, I'm newbie in writing Splunk queries. Could you please provide me guidance how to design a SPL for below use ...

by Loves-to-Learn Everything in

Splunk map search by chunks or any other way to make it faster

Hello!Could somebody please suggest if it is possible to do a map search search more effectively?What I am trying to ...

by Explorer in

Why can't I delete lookup table files?

Hello, As an admin, I tried to delete a lookup table file. I had copied all the apps back to the search head clust...

by Communicator in

How can I use sha1 in my Splunk search

We save hash values from our ids and I want to search for them. I would expected I can do it this way: index=blub i...

by Engager in

How can we add a single column from 2nd table to 1st table using search query in Splunk

Hi, I have two tables and in first table it contains 13 columns and from second table only one column i need to add...

by Explorer in

How to Optimize Splunk Search to avoid "auto-finalized after disk usage limit of 100MB"

When running the following search for a 24hr period it is always being auto-finalized due to disk usage limit of 100M...

by Loves-to-Learn Lots in

showing table despite no results

TYPEMonthKPI_1KPI_2GLOBALOct'217624LOCALOct'214667 I'm searching the table like | search TYPE="GLOBAL" | se...

by Path Finder in

How to Combine two Rex fields and get results in a Table

Hi there, I have 2 separate queries that I built using Rex. 1. This query captures the logg on and logg off statu...

by Path Finder in

Subsearch in tstats causing issues

I am encountering an issue when using a subsearch in a tstats query. Specifically, I am seeing the count of events in...

by Explorer in

If specified field value does not exist in the current time period do this

Hi, hoping to get some more insight on my current problem. My problem is the following I am using a where clause to c...

by Loves-to-Learn Lots in

Alert when host stops reporting data (IT Essentials Learn)

I am attempting to use a search from IT Essentials Learn named "Alert when host stops reporting data - Linux - IT Ess...

by Path Finder in

Calculate the session duration by the same field's with different values from 2 different events.

RAWDATA: user_namemachine_nameevent_namelogon_timeuser1machine1logon12/9/2021 7:20user1machine1logout12/9/2021 7:22...

by Explorer in

SubSearch

Hi, I would have this need, that is to carry out a search that extracts all users who use iphone with SO = 9. * and t...

by Explorer in

Fields extract values, display

Hi everyone, I'm new here and having a problem filtering of numbers from a message. message: Generated non direct de...

by Engager in

Pie chart using 2 inputlookup files

Aloha, We’ve a reporting requirement to create a Pie chart using 2 input files. So far we’ve successfully created...

by Path Finder in

Include source file that ended with date (not bz2)

Need to declare in spl Include only those file that has ended with date not .bz2 (I don’t want to use NOT) Her...

by Motivator in

Wildcards with "| lookup"

Hi, I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "M...

by Explorer in

{} equivalent on right hand side of eval

I hate hardcoding dynamic things. Sooner or later those thing break. I have data with fields ... forecast_2...

by Path Finder in

Generating _events_ in search

Hello there. I was wondering... is there any way to generate _events_ in search? I mean, I know of the makeresult...

by SplunkTrust in

feed query results to raw data in makeresults

| makeresults| eval _raw = "user_name machine_name event_name logon_timeuser1 machine1 logon 12/9/2021 7:20user1 mach...

by Explorer in

How to extract json fields from json inside single quotes?

Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of ’{“field”: “va...

by New Member in

SEDCMD vs Transforms to mask data

Hi, When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multiple queries question

Query to display if 500 error http status count is more then 30 percentage of total api calls

How to use substr in an eval with if

Need help in formulate query for our use case

Splunk map search by chunks or any other way to make it faster

Why can't I delete lookup table files?

How can I use sha1 in my Splunk search

How can we add a single column from 2nd table to 1st table using search query in Splunk

How to Optimize Splunk Search to avoid "auto-finalized after disk usage limit of 100MB"

showing table despite no results

How to Combine two Rex fields and get results in a Table

Subsearch in tstats causing issues

If specified field value does not exist in the current time period do this

Alert when host stops reporting data (IT Essentials Learn)

Calculate the session duration by the same field's with different values from 2 different events.

SubSearch

Fields extract values, display

Pie chart using 2 inputlookup files

Include source file that ended with date (not bz2)

Wildcards with "| lookup"

{} equivalent on right hand side of eval

Generating _events_ in search

feed query results to raw data in makeresults

How to extract json fields from json inside single quotes?

SEDCMD vs Transforms to mask data

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions