Splunk Search

Ask a Question

Discussions

Thread Info

How to combine two fields into one after if without losing values

Hi, I have a uri_path that I want to combine into a single value, and put the combined value back into the original...

by Communicator in

Search Head audit of all listed Apps \ TA's \ SA's via search command

i all I'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been s...

by Engager in

PROPS configuration for Source Data with Field Names and Values Stored in Text File

Hello, I have some issues writing a PROPS configuration file for the following source data stored in text file. I ...

by Motivator in

Overriding _time through a calculated field

I have created a calculated field which parses _time from a date stamp in the data. However, it does not set _time ...

by SplunkTrust in

Alerting based off of no events by server

Hi all,I'm setting up an alerting process that monitors different servers on a single index and sends an alert out if...

by Path Finder in

Search Query for checking the Uptime of Website

Hi Folks, I want to check at what time url has been brought up. Url already added in website monitoring. For e...

by Explorer in

Pull list of user accounts with last logon

How do I pull together a chart of all our user accounts, with the last time that user logged in? I currently ha...

by Engager in

Require Splunk query

Hi Below data is dynamic, sample input table is given below, rows are order may vary (for simplicity I have put the...

by New Member in

Split Timechart into stats by field

Hello, I have the query : hostalias=$hostname$ AND actor AND total | timechart span=1s count by actor | stats ...

by Explorer in

Count of locations on unique days

I think this is a pretty basic question, but I'd appreciate some help with it. I'm trying to produce an exportable, ...

by Loves-to-Learn in

Count events with differing strings in same field

So this search... index="myindex" source="/data/logs/log.json" "Calculation Complete" ... the results retu...

by Path Finder in

Merge raws based on common substring

Hi, Let's imagine I have those raws : NameValue1Value2foo12foo1216foodazd56fooaoke43foo5623bar12barjodpez74barjo7...

by Loves-to-Learn Lots in

% difference in errors over the last 5 minutes

Im looking to get a query that will tell me the difference in an error rate increase i.e 5 minutes ag it was 120 erro...

by Path Finder in

how to reduce the time of a search?

Hi, I have a search that contains millions of events and is extremely slow, is there a way to speed it up? This...

by Engager in

Find 2 way communication in flow

Looking for the most efficient way to find 2 way traffic in flow data for a particular set of IP/port/protocol combin...

by Engager in

Every timespan of transaction need time format

hello, I have alert transaction at "ACK" and at "Resolved", i have created table for each value, but unable to ...

by Explorer in

Removing rows from table based on more than one field

Hi, I am trying to filter out fields from a table based on its content, example:LP. NAME SURNAME STREET CITY1. Bob ...

by Engager in

Creating a timechart with duration

Hey guys. I have multiple events combined to transactions. I'd like to view the duration of each transaction on a tim...

by Explorer in

How to show a list that compare the thing which not show up in a csv file

So in detail, I have a dashboard that read log files to monitor the list of host's status which is UP or DOWN. But wh...

by Communicator in

stats count conditional for multi field

Hello dears, I want to list my search if "B" total count higher than >3 than list by "A" A and B fields could ha...

by Explorer in

Field Extraction

Hi Experts, I'm having some difficulties to extract the correct information from a file that was add to splunk. I...

by Explorer in

adding value output rows from a stats table

I have the following search. index=main_index sourcetype="hec:google" operationName=createMobileAuthenticationOutc...

by Engager in

Table column split

I have requirement to split the single cell into two columns, in which i need to add different search result data. ...

by Engager in

Where to find "Detected Anomaly" notable events in ITSI?

Our ITSI is showing some "Detected Anomaly" for the kpi "Index Usage". Where and how can I find the notable ...

by Path Finder in

How do I exclude Mondays from a Timechart

There are no data on Mondays so my timecharts always dip to 0. {search string} | eval date_wday=lower(strft...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine two fields into one after if without losing values

Search Head audit of all listed Apps \ TA's \ SA's via search command

PROPS configuration for Source Data with Field Names and Values Stored in Text File

Overriding _time through a calculated field

Alerting based off of no events by server

Search Query for checking the Uptime of Website

Pull list of user accounts with last logon

Require Splunk query

Split Timechart into stats by field

Count of locations on unique days

Count events with differing strings in same field

Merge raws based on common substring

% difference in errors over the last 5 minutes

how to reduce the time of a search?

Find 2 way communication in flow

Every timespan of transaction need time format

Removing rows from table based on more than one field

Creating a timechart with duration

How to show a list that compare the thing which not show up in a csv file

stats count conditional for multi field

Field Extraction

adding value output rows from a stats table

Table column split

Where to find "Detected Anomaly" notable events in ITSI?

How do I exclude Mondays from a Timechart

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6