Splunk Search

Ask a Question

Discussions

Thread Info

query return a list

hi, i want to return a result as a filed with list of raw my data is: Product : A, SubProcut: A1, Status :1 ...

by Loves-to-Learn in

dbconnect results as a subquery

trying to do something like: index=someindex action=someaction | where city_id in ([search dbxquery query="select c...

by Explorer in

Query with specific timestamp then pull the events - 5 minutes

Hello Everyone. I am pretty new with splunk. I'll try to be brief: I know that a specific event happened at a...

by Explorer in

How to combine multiple rows into one row

Hi, I am new to splunk. I have a query to return the count of successes and failures I have a field http_status tha...

by Engager in

How to install lookup app in Free Splunk Version?

Hi All, I have installed the free Splunk version. I am trying to upload lookups, but I don't seem to have that capa...

by Path Finder in

Combining 2 outputs together to form a single output table

Hi All, I want a small addition to the output values. Code am using : | inputlookup ONMS_nodes.csv | t...

by Communicator in

Chart or timechart by multiple values

I have a chart that I can split by myDate or env, but I cannot get it to split by both myDate and env for example I n...

by Loves-to-Learn Lots in

SPL subquery for table

Hi, Need help. I want to run a query to identify if errors are increased over 10%. Data is : Servername error...

by Engager in

How to get the bytes of an indexed event

I'm trying to get the bytes of indexed events to find out by event code in our windows event log security events how ...

by Communicator in

Split Single columns in equal multiple columns

Hi All, I have a code, that gives below output. CODE: | inputlookup ONMS_nodes.csv | table nodelabel ...

by Communicator in

simple left join returning too many events

** edit: ** if i add dedup _time,clientip to the left (upper) search, i get 2580 events. Hi, ive got this sea...

by Engager in

Highest value selection from table

Hi All, I am having challenge to filter the highest value and prepare a new column. Code: index=nw_ppm...

by Communicator in

REST API returns empty results when I execute the command in Linux

I am trying to fetch results using REST API from Saved Search and getting empty response. My command is like this... ...

by Path Finder in

REST API returns empty results when GET result

I use API to create searchhttps://[IPaddress]:8089/services/search/jobsBody:search sourcetype = ipfix | regex destina...

by Explorer in

How to count each IP every 6 hours since its first timestamp?

Hi, I recieved the following question which I was not able to answer: Let's simulate a system that charges each e...

by New Member in

New to REX field. How would I go about extracting this data?

I'm trying to track Ringcentral data that we have in Splunk now and the objective is to sort and alert us to missed c...

by Path Finder in

How to extract one filed from two lookups with same fields?

Hey There, I have two lookups, both have same exact fields. I need all the fields from Lookup1.csv, which I have no p...

by Path Finder in

Combining 3 big searches

I am working on project to compare ip and MAC whether they are seen from three different tool. Tanium, ACAS, HBSS. ...

by Engager in

How to query events where the latest event field is only a specific value?

Hi I have a request to find all users that have outcome=fail as the latest event. The outcome can be fail or succes...

by Builder in

How to Use Field Values in Endswith Parameter of Transactions

Hello! I am trying to group my log entries based on very specific criteria but can't seem to figure out how to do s...

by Path Finder in

Coalesce that shows the Field and Value in a Table

Good Afternoon, I am working on a coalesce query that looks like this: | makeresults| eval Name="John", NAME="Jo...

by Explorer in

How to check if a field contains a value of another field?

I would like to take the value of a field and see if it is CONTAINED within another field (not exact match). The text...

by Communicator in

Search statistics format not shared

New to this so probably a very basic question.... A user has a query that comes out with a nicely formatted statist...

by Explorer in

calculated fields with strptime

Hey there, I have a _raw where I am extracting a timestamp. But this is in a bad format. So I wanted to have a "cal...

by Path Finder in

Search on existing search results?

Preemptive note, I am not looking for instructions on how to run a subsearch. I have results from a completed s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

query return a list

dbconnect results as a subquery

Query with specific timestamp then pull the events - 5 minutes

How to combine multiple rows into one row

How to install lookup app in Free Splunk Version?

Combining 2 outputs together to form a single output table

Chart or timechart by multiple values

SPL subquery for table

How to get the bytes of an indexed event

Split Single columns in equal multiple columns

simple left join returning too many events

Highest value selection from table

REST API returns empty results when I execute the command in Linux

REST API returns empty results when GET result

How to count each IP every 6 hours since its first timestamp?

New to REX field. How would I go about extracting this data?

How to extract one filed from two lookups with same fields?

Combining 3 big searches

How to query events where the latest event field is only a specific value?

How to Use Field Values in Endswith Parameter of Transactions

Coalesce that shows the Field and Value in a Table

How to check if a field contains a value of another field?

Search statistics format not shared

calculated fields with strptime

Search on existing search results?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions