Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

a table drilldown to a pie chart visualisation

So I have added a table drilldown to this pie chart but I need the rows in table displayed according to the value...

by Explorer in

[help]Get the time duration within a specific start and end value?

Hi team, I have below data in splunk. And I want to get the time duration when below range. ACT star...

by Path Finder in

How to find the _time difference in a list of eventTypes by algorithm (non-sequencial order)?

Hello Splunk Community I'm working on a SPL to give _time difference of list of eventTypes as per the algorithm. C...

by Path Finder in

conditional average

Hi need to calculate the average based on a condition. testing=true vs testing=false (lets say field A)field B...

by Explorer in

Nested search query

Hello Experts, Requirement is to show the no. of jobs started, completed in last 4 hours. I have injested job log...

by Engager in

Extract data from filename

Hi Experts, I have a a job log file, that gets ingested to Splunk with naming convention "trace_08_19_2021_06_36_03...

by Engager in

Search eval strftime result of current day across lookup.

I'm using the following to eval current_day: | inputlookup Files_And_Thresholds| eval current_day=lower(strftime(re...

by Explorer in

report acceleration

Hi, I have the bellow search: I am trying to use acceleration reporting however because the event stats I can't, ...

by Communicator in

Summary stats from distinct (overflowing) counters.

Hello. I have a set of hosts which send some stats. In my case these are rsyslog impstats statistics but it can be ...

by Ultra Champion in

How to group together rows with similar names into a single row

This is the table. How can I group together similar names into one entry and the count is added for both of them. For...

by Explorer in

want the current day of the week with now() then i want to use value to compare data for past 4 weeks for same DOW

Need help : I have a splunk query where i want to evaluate today (day of week) using now() and then use it to c...

by Engager in

Can any one help me to write splunk query which gives volume($ amount) or calculate each source ingesting data

I am looking for a splunk query which can calculate each sourcetype ingesting data in splunk. you can take below samp...

by New Member in

How to split multiple lines of data into a single individual line in splunk using \n?

As i mentioned below prod column has multiple values and i want to split it based on \n next line command and get the...

by Builder in

TAXII files being downloaded but not processed by Enterprise Security

Hi Splunkers. We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Securi...

by Path Finder in

Nested JSON (Returns Empty)

Hi All,Have a search that is not returning what I would like. Need to unest some JSON but having issues.Here is an ex...

by Path Finder in

Using dedub on same results within 1 minute range

Hi I'm trying to find user that login on Non-working hour between 4pm-4am by looking at eventcode=4624.I need to ex...

by Loves-to-Learn in

Consolidation From Different Sources

Hey Everyone! I'm in need of some help, advice, Ouija board (lol)...whatever can do the trick. I am wanting to know...

by Engager in

Similar events within 1s of each other?

I have logs like of this form: [2021-08-19T13:59:05.607] [INFO] collect - [4a2b9170-0130-11ec-95b3-17c017e0ec5d] {"...

by Engager in

search filed values from sourcetype1 to another sourcetype2

Hi,I need help in searching field value from the first search to another search with deferent sourcetype and combine ...

by Explorer in

Combining Separate Searches

Hello, I am attempting to combine 2 reports (1 is a normal stats search return and the other is a pie chart using t...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

a table drilldown to a pie chart visualisation

[help]Get the time duration within a specific start and end value?

How to find the _time difference in a list of eventTypes by algorithm (non-sequencial order)?

conditional average

Nested search query

Extract data from filename

Search eval strftime result of current day across lookup.

report acceleration

Summary stats from distinct (overflowing) counters.

How to group together rows with similar names into a single row

want the current day of the week with now() then i want to use value to compare data for past 4 weeks for same DOW

Can any one help me to write splunk query which gives volume($ amount) or calculate each source ingesting data

How to split multiple lines of data into a single individual line in splunk using \n?

TAXII files being downloaded but not processed by Enterprise Security

Nested JSON (Returns Empty)

Using dedub on same results within 1 minute range

Consolidation From Different Sources

Similar events within 1s of each other?

search filed values from sourcetype1 to another sourcetype2

Combining Separate Searches

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

How to find events that were sent to HEC?

How to use a list of output as the input parameter...

how to set specific colors to 3 pie charts trellis...

How to return Numerical Values from Model File?

ERROR SearchProcessRunner [531293 PreforkedSearche...