Splunk Search

Discussions

Thread Info

How do I compare search results from two different time periods?

I have shown the queries I made with set diff and eval below. My aim is to compare the report of 07:00 to 07:00 of th...

by Path Finder in

How to replace join command with any other alternative command for the below query?

index=105261-cli sourcetype=show_processes_cpu pid=0| dedup deviceId| fields deviceId, idle, fiveMinutes| eval cpuLoa...

by Engager in

search optimization: getting values with tstats for fields that are sometimes NULL

Search optimization question for y’all: We have an accelerated data model to try to drive improved performance for so...

by Communicator in

creating a correlation search for data exfiltration via email using datamodel

Hi all, I am trying to create a correlation search query for "data exfiltration via email" using email datamodel ...

by New Member in

Is there a SPL query pattern that can perform hierarchical counting?

Is there a SPL query pattern that can perform "hierarchical counting" beyond the two levels of depth outlined in thes...

by Engager in

List of events from transactions starting with A

Hi all, I am using data from 3 different indexes. They contain events which can be attributed to specific transacti...

by Loves-to-Learn Lots in

How to count filled and blank cells in excel spreadsheet by writing splunk query?

I need help on splunk query that will count both filled and empty cells in excel spreadsheet differently and give th...

by Path Finder in

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

Like the title says - how are individual searches in a multisearch handled? Are they distributed across any/all ava...

by Builder in

How to extract multiple hostname from one regex search in globalprotect logs?

Hi everyone, I'm trying to create a simple list with all the devices found on the logs from globalprotect. The dea...

by Explorer in

List of all indexes containing access logs

Hello all, and thanks for the assistance ahead of time. How can I produce a list of all Splunk index names for indexe...

by Engager in

Extract multiple words in a filed

Hi, I have some syslog logs and I need to extract the first words of a field values. The field value starts like th...

by Communicator in

Transaction command - Way to change from timestamp to a different field?

Good morning all, I'm leveraging the transaction command in order to gather statistics around the duration of my re...

by Explorer in

Correlate different events with a common value

Hi all, I'm a new Splunk user and I would like to have some help from you. I have two query: First query: index...

by Engager in

search

Hi, I have 2 different events. these 2 events can be identified by "Id". I am trying to display it in table in...

by Loves-to-Learn Lots in

Is there a workflow to populate field on page not in URL?

I know through a workflow action I can add add a token value to a URL string. Is there any way to populate a value on...

by Contributor in

when consulting for sourcetype it does not bring data

I understand that I should obtain results if I also consult only specifying the sourcetype and the rest of the search...

by Builder in

Best Way to Search based on a Token Value

Hello, I am trying to find the best way to change my search based on a token value that I will pass through an inpu...

by Path Finder in

This search has encountered a fatal error and has been marked as zombied.

I'm trying to optimize this report to successfully run without errors. It will currently run for 3-5 hours and grow ...

by Explorer in

combining 2 rows in to a single row

Hi, I was trying to add 2 rows in to a single row . After combining,I am getting results for 1st column .but not fo...

by Explorer in

Newbee question: Looking for start events without end events with the same key

Our system logs an event when it receives a message (with a unique key)Some time later our system also logs an event ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I compare search results from two different time periods?

How to replace join command with any other alternative command for the below query?

search optimization: getting values with tstats for fields that are sometimes NULL

creating a correlation search for data exfiltration via email using datamodel

Is there a SPL query pattern that can perform hierarchical counting?

List of events from transactions starting with A

How to count filled and blank cells in excel spreadsheet by writing splunk query?

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

How to extract multiple hostname from one regex search in globalprotect logs?

List of all indexes containing access logs

Extract multiple words in a filed

Transaction command - Way to change from timestamp to a different field?

Correlate different events with a common value

search

Is there a workflow to populate field on page not in URL?

when consulting for sourcetype it does not bring data

Best Way to Search based on a Token Value

This search has encountered a fatal error and has been marked as zombied.

combining 2 rows in to a single row

Newbee question: Looking for start events without end events with the same key

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...

Running queries not working at all