Splunk Search

Ask a Question

Discussions

Thread Info

Zero count not displaying when stats count is used

My query is : index="stage*" source="*record service*" | eval type=case(like(message, "%successful generated accoun...

by New Member in

get max figure for latest time in data

Hi, I have data as below sample: Date Time val1 val2 val3 ......21/08/31 01:00:00 2 1 2 2 2 2 2 1 1 2 69 1 0 2 0 ...

by Path Finder in

Help with Rex Commands

Hi All, I am having some trouble extracing out the following with the following details 1. username 2. Default ...

by Engager in

Searches delayed in search head captain

Hi all, We have 3 search heads are in cluster. serach head 1 is captain.Recently we upgraded to 7.2.3 to 8.0.3.afte...

by Path Finder in

How to use mvindex to break json file with multiple values

Hello All, So i have a field like below with JSON file {"results_appcodes": [{"count": 2, "ap...

by Path Finder in

PROPS Configuration for HTML data source

Hello, How I would write my Props Configuration (Tme Prefix, Time Format, LINE/EVENT Breaker...etc) for following ...

by Motivator in

Input Configuration file

Hello, I have some issues using following input configuration file for windows machine: [monitor://T:\Toshtes...

by Motivator in

Using Index info to cross reference CSV and Map

Hello, I have an indexed list of internal IPs that I have been able to get a count for based on a CIDR list on a CSV ...

by Loves-to-Learn Lots in

rex extract literal stings with special characters

I have a list of hundreds of string values that need to be extracted from a fieldthe problem is the values that need ...

by Path Finder in

subsearch matching latest

I'm trying to create a query that basically says: Show me events that contain A, B, C or D where the latest is ...

by Engager in

Dealing with logs that have different update times (while comparing them)

(This is a continuation of https://community.splunk.com/t5/Splunk-Search/Creating-a-search-that-looks-up-values-from-...

by Explorer in

Creating a search that looks up values from one logfile and compares against another

I have two logfiles, logfile1.log and logfile2.log. I have created their own field extractions for both of them. Here...

by Explorer in

Count events matching a specific string

From the logs, I need to get the count of events from the below msg field value which matches factType=COMMERCIAL and...

by Explorer in

Subtraction of X days from a date

Hi guys, Probably very simple question but I just tangled myself in the logic. I want to create 2 fields, o...

by Path Finder in

Single value panel with trend based on avg(count)

Hello there. What I'm trying to do is the following: search | bucket span=60s _time | stats count by _time | ...

by Path Finder in

Determining the total storage space a user's search artifacts are occupying (and calculating the time a search expires)

I'm working on calculating the storage space taken up by a specific user. I would like to calculate the total size of...

by Communicator in

How do I search for a list of Saves searches that don't use index name for searching in Splunk Ent. or ES. Thank u a lot

I need to find a list of saved searches that don't use the index name in searching please. Any way to list the name o...

by Builder in

Sum of particular field values

Hi, Current table Expected fstatuscountsuccess604Userdefined39 Need to sum the "password mismach",...

by Engager in

Unable to get values of a field

Hi Team, I have data with me as below. 2021-08-31 00:05:28|Test|Event|[c.f.d.aop.sql.database ] 2ms :testing820...

by Path Finder in

How do I make a list of Dashboards that are not working & who created them? in Splunk Ent. or ES?

How do I search (any SPLs) for Dashboards that are not working (either built-in or created by users) or having errors...

by Builder in

Why do I get "this health check item is not applicable" in Monitoring Console in ES while I have many KVstores ? Thank u

How do I make sure the the ES KVstores are working & mapped properly to use them & avoid such errors? I appreciate so...

by Builder in

How do I obtain an API key for an App. in ES please?

I am getting an error with MITRE ATT&CK app that the API key needs to be corrected. Please advise. Thanks a million.

by Builder in

How to exclude blank rows with time being displayed

Hello Splunk Community, I've a query which lists accountNumber , targetAccountNumber, eventType, eventTime The qu...

by Communicator in

multi lookup If the fields are different

I'm going to stats through two lookups.srcip.csv fieldsrc_ip , subnetmaksdest.csv fielddest_ip,subnetmakssrc_ip , des...

by Path Finder in

Remove spacing from records after inputlookup

The contents of my lookup file, test12345.csv is shown below. ProductNumber,SerialNumber,StatusDateTime,Status "A...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Zero count not displaying when stats count is used

get max figure for latest time in data

Help with Rex Commands

Searches delayed in search head captain

How to use mvindex to break json file with multiple values

PROPS Configuration for HTML data source

Input Configuration file

Using Index info to cross reference CSV and Map

rex extract literal stings with special characters

subsearch matching latest

Dealing with logs that have different update times (while comparing them)

Creating a search that looks up values from one logfile and compares against another

Count events matching a specific string

Subtraction of X days from a date

Single value panel with trend based on avg(count)

Determining the total storage space a user's search artifacts are occupying (and calculating the time a search expires)

How do I search for a list of Saves searches that don't use index name for searching in Splunk Ent. or ES. Thank u a lot

Sum of particular field values

Unable to get values of a field

How do I make a list of Dashboards that are not working & who created them? in Splunk Ent. or ES?

Why do I get "this health check item is not applicable" in Monitoring Console in ES while I have many KVstores ? Thank u

How do I obtain an API key for an App. in ES please?

How to exclude blank rows with time being displayed

multi lookup If the fields are different

Remove spacing from records after inputlookup

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions