Splunk Search

Discussions

Thread Info

Use Rex extracted field to do duration calculations

I have a bunch of logs contains different table operation, and I want to check how much time each table operation cos...

by Observer in

[SUSE] Crash - Splunk SH is not able to perform a search against indexers.

We are testing our upgrade from Splunk 7.3.1 to 8.1.2. Once we upgrade the SH regardless of the indexers' version 7.3...

by Splunk Employee in

[8.0.6] Scheduler stops dispatching scheduled searches intermittently.

Our Splunk SH cluster scheduler stopping, users complaining that alerts/scheduled reporting not running or processin...

by Splunk Employee in

Based on key passed want to fetch value data from csv file

I have one csv file with empid as key and name as value..sample Data looks like emp id is E101 value is John ..now ...

by Loves-to-Learn Lots in

Export Windows Event LOG

Hi,I need to import the security and application logs of many windows servers to splunk, but for security reasons I c...

by Loves-to-Learn in

Truncate Timechart X Axis To Just Seconds

So I have a timechart that I'm using to plot latencies. I am trying to just capture the seconds and miliseconds. I do...

by Observer in

Using regex to filter by file directory

I have a field in splunk named commandline. I want to filter this field just by values containing "C:\"This appears ...

by Engager in

Compare search results to current data

I have a search that looks at AD data to determine if a user was disabled more than 6 months ago. My intention was f...

by Path Finder in

combine two tables into a multi series visualisation

Hi Splunkers, I have the below tables generates from the below queries and i'm looking for a consolidated multi...

by Engager in

How to calculate duration time after office hour within a month

Im currently having trouble with query to get result of user activity duration after office hour within a month. i ...

by Explorer in

how to find percentage?

Hi, @gcusello @dmarling I Have a doubt in calculating the percentage. First query: (index=71412-cli so...

by Explorer in

Error lookup table

Hello I am new to Splunk and I want to connect my salesfoce org to splunk app, but there is no data retrieved from th...

by Loves-to-Learn Lots in

Increase Time on event TimeStamp for two different times

Hey Splunksters, How can I go about getting to the next hour and 15 min - when min is 15 min past the hour for a ti...

by Communicator in

Basic Query help

I just want to look for a hash signature in Splunk. Example: d09a773dab9a20e6b39176e9cf76ac6863fe388d69367407c317c...

by Observer in

Compare data between two sourcetype

I have two different sourcetypes src_a, src_b. src_a: This is a CSV uploaded from Server (has expected results for ...

by Loves-to-Learn in

Retrieve the name of the current search

I would like to be able to retrieve the name of the current search to pass to a macro in the search. Saved Search n...

by Explorer in

Track users web activity after arriving the landing page

Greetings all, I'm currently working on a A/B testing dashboard to see which landing page is having more engagement...

by Explorer in

Import a matrix

Q1: is there a way to import a matrix into Splunk? Q2: What SPL command gives me all values set to true and tell...

by Contributor in

How to perform "custom" inner join?

Hi everyone, See if someone could give me a hand. My scenario is similar to this: Table 1 IDID2Whatever res...

by Explorer in

Scheduled search for populating summary index ignores the last 30 seconds of events

Hello, I recently faced an issue when populating a summary index. I scheduled a saved search to run every hour (wit...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Use Rex extracted field to do duration calculations

[SUSE] Crash - Splunk SH is not able to perform a search against indexers.

[8.0.6] Scheduler stops dispatching scheduled searches intermittently.

Based on key passed want to fetch value data from csv file

Export Windows Event LOG

Truncate Timechart X Axis To Just Seconds

Using regex to filter by file directory

Compare search results to current data

combine two tables into a multi series visualisation

How to calculate duration time after office hour within a month

how to find percentage?

Error lookup table

Increase Time on event TimeStamp for two different times

Basic Query help

Compare data between two sourcetype

Retrieve the name of the current search

Track users web activity after arriving the landing page

Import a matrix

How to perform "custom" inner join?

Scheduled search for populating summary index ignores the last 30 seconds of events

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Compare the Date from the Lookup and Write new val...

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?