Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

What is the difference between earliest=-5min and earliest=-5min@min

by Explorer in

Splunk query to list all the unused printers from an print server.

Team, I have been using this below commands to verify whether particular print queues have printed from the print s...

by New Member in

display rows between 2 searches

Good morning, suppose I have the following entries in my file : BEGIN abc def END; BEGIN xyz EN...

by Explorer in

Issue using sort command with inputlookup command

I have a lookup file with 3 fields - source, status, timestamp. Timestamp is saved as per below: eval timestamp=st...

by Communicator in

how to map over or assign variable to a list of values

We need to run the same query over a list of values (10k to 100k) without knowing the exact key across various indexe...

by Path Finder in

Extract logs for specific host in cold buckets

Hello, I need to move old logs for a specific logsource(host) to be indexed in another splunk cluster. When I use the...

by Engager in

Error message while searching from the search head

Hello, I am getting the following error while searching in splunk. Could not load lookup=LOOKUP-cisco_pix_severit...

by Engager in

How to Use Transaction to Retrieve Groups of Events

Hi all, I'm trying to use a transaction to get multiple pairs of events (the selection and release of a node). So ...

by Path Finder in

how to rearrange the table/chart layout

Hi, I have: index=............|stats avg(test) by OrderNr Sub_OrderNr But I want to something like this...

by Path Finder in

Excluding Messages With Custom Field Matching List of Values

I'm tasked with auditing syslog messages from some network devices for suspicious activity. I can use the IN operator...

by New Member in

How to print a splunk variable?

How to print a splunk default variable in search query? Actually I have two variables like $job.earliestTime$ and $jo...

by Explorer in

Get customer ID form logs

I have a log of the form "Associated integration for customer AAA is Integration{id=1865, clientID}, carrying out d...

by Explorer in

Query for exclude words in a raw data

Hello! As shown in the below picture, those are the events with a timestamp. I want when a "Kafka" service or "Jps"...

by Path Finder in

How to query an automatic lookup

Hi Guys, How can I query an automatic lookup? Now, this is not the fields created through an automatic lookup,...

by Explorer in

'Error in 'fit' command' when using Machine Learning Toolkit

Hi Community, I encountered the following error message when using the ML Toolkit: 'Error in 'fit' command: Inval...

by New Member in

Is automatic new line insertion deprecated?

A convenience feature was introduced in 7 (well I noticed it in a Splunk 7 installation and not in 5 and 6) that auto...

by SplunkTrust in

Search events - remove events matching certain values on 3 fields

Currently search will display events with "Rejected" File Status, but if this Rejected file gets fixed and then is "D...

by Engager in

How to Use IF or Case condition

Hi, My logs are in following format: {[-] logger: ....... message: .......... severity: Error } {[-] ...

by Explorer in

How to get last weekday of last month and check logs for an date field in the logs having that value

I have something that runs every day but i need to see it only for previous EOM which is also a weekday I have a fi...

by Explorer in

How to get environment in customized order

How can I sort so that I can get the Stage_INT 1st and others after that and below is the output image. Can someone p...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the difference between earliest=-5min and earliest=-5min@min

Splunk query to list all the unused printers from an print server.

display rows between 2 searches

Issue using sort command with inputlookup command

how to map over or assign variable to a list of values

Extract logs for specific host in cold buckets

Error message while searching from the search head

How to Use Transaction to Retrieve Groups of Events

how to rearrange the table/chart layout

Excluding Messages With Custom Field Matching List of Values

How to print a splunk variable?

Get customer ID form logs

Query for exclude words in a raw data

How to query an automatic lookup

'Error in 'fit' command' when using Machine Learning Toolkit

Is automatic new line insertion deprecated?

Search events - remove events matching certain values on 3 fields

How to Use IF or Case condition

How to get last weekday of last month and check logs for an date field in the logs having that value

How to get environment in customized order

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...