Splunk Search

Ask a Question

Discussions

Thread Info

Eval Command (IF)

Hi Team When i tried running the below eval command, i am getting some error message often. I wrote this below c...

by Path Finder in

When alert triggers, add detail to inline table

So I have a search that triggers based upon how much memory is being used on any of my linux machines. ...

by Motivator in

Need a regex improvement

| rex field=_raw "(?<dscvIP>[^\.]\d+\.\d+\.\d+\.\d+[\s|\:])" Using the above rex command to try to capture IP addre...

by Explorer in

Problem replicating config (bundle) to search peer

I constantly see the below error on my search head. What causes this and how do I go about fixing it. I have removed ...

by Engager in

Cannot determine a latest common bundle, search may be blocked

Hi guys. Why Splunk have many errors in log file and what can I do in this situation? 05-17-2019 18:58:08.036 +...

by Explorer in

SHC update apps

I run a search head cluster with Splunk Enterprise. Typically I update apps via the back end CLI, but am wondering if...

by Path Finder in

How do I get specific, but separate count of letters and numbers in a result?

I am trying to figure out how to pull fields to show the exact count of numbers and letters in a result. Like, if I h...

by Engager in

Color in a Table based on a row of numbers

Hi, I have a Table created by: eval Actor=actor |eval "Total Time (max/avg/p50/p99)"=maxT + ", " + avgT +...

by Explorer in

PROPS Configuration issues with unstructured Events stored in text file

Hello, I have some issues in writing PROPS configuration file for the sample data/events given below. I have given ...

by Motivator in

recalculate format of mac address dependent on input

Dear community I am struggling with how to allow different format in a search input, but still finding the correspo...

by Explorer in

Table command does not display field with spaces when used with INPUTLOOKUP

Hello All,I have a search query that performs lookups against a CSV file and outputs only those hosts that are in the...

by Builder in

SPL to retrieve more fields

Hi all, I am using splunk after a while and lost touch with the SPL. Please help me on below. I have about 40 fie...

by Path Finder in

How to sort a chart horizontally by a field from greatest to least?

The search below gives me the following data: (ns=stats msg=email_unsub_clicks) OR (ns=email msg=fbl OR msg=send O...

by Path Finder in

lookup - append only columns with values

Hi, I've got a lookup with a number of records, and not all of them have all columns populated. Is there a way to a...

by Explorer in

search for a string in field , if not there then trigger alert with remaining data in fields

Hi, I want to check for a string in the field, but if the string is not found in the field then need to print the r...

by Communicator in

Configure the AWS add on proxy configuration via CLI/Ansible

'Hi, We are want to create a playbook for Splunk with Ansible, We are having an issue config the AWS add on prox...

by New Member in

Can I combine an if like eval with mvappend?

Hi, if possible I would like to combine the two eval statements below so I can optimise it for my datamodel | eval ...

by Communicator in

How to combine two fields into one after if without losing values

Hi, I have a uri_path that I want to combine into a single value, and put the combined value back into the original...

by Communicator in

Search Head audit of all listed Apps \ TA's \ SA's via search command

i all I'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been s...

by Engager in

PROPS configuration for Source Data with Field Names and Values Stored in Text File

Hello, I have some issues writing a PROPS configuration file for the following source data stored in text file. I ...

by Motivator in

Overriding _time through a calculated field

I have created a calculated field which parses _time from a date stamp in the data. However, it does not set _time ...

by SplunkTrust in

Alerting based off of no events by server

Hi all,I'm setting up an alerting process that monitors different servers on a single index and sends an alert out if...

by Path Finder in

Search Query for checking the Uptime of Website

Hi Folks, I want to check at what time url has been brought up. Url already added in website monitoring. For e...

by Explorer in

Pull list of user accounts with last logon

How do I pull together a chart of all our user accounts, with the last time that user logged in? I currently ha...

by Engager in

Require Splunk query

Hi Below data is dynamic, sample input table is given below, rows are order may vary (for simplicity I have put the...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Eval Command (IF)

When alert triggers, add detail to inline table

Need a regex improvement

Problem replicating config (bundle) to search peer

Cannot determine a latest common bundle, search may be blocked

SHC update apps

How do I get specific, but separate count of letters and numbers in a result?

Color in a Table based on a row of numbers

PROPS Configuration issues with unstructured Events stored in text file

recalculate format of mac address dependent on input

Table command does not display field with spaces when used with INPUTLOOKUP

SPL to retrieve more fields

How to sort a chart horizontally by a field from greatest to least?

lookup - append only columns with values

search for a string in field , if not there then trigger alert with remaining data in fields

Configure the AWS add on proxy configuration via CLI/Ansible

Can I combine an if like eval with mvappend?

How to combine two fields into one after if without losing values

Search Head audit of all listed Apps \ TA's \ SA's via search command

PROPS configuration for Source Data with Field Names and Values Stored in Text File

Overriding _time through a calculated field

Alerting based off of no events by server

Search Query for checking the Uptime of Website

Pull list of user accounts with last logon

Require Splunk query

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6