Splunk Search

Ask a Question

Discussions

Thread Info

How do I filter events by lookup time?

I have a lookup table like in splunk this: earliest_timelatest_timeS_NOSRC_IP3/1/20214/1/2021E100210.10.10.10 ...

by Explorer in

how to use part of field name to group columns and add values?

Hi, I got a set of table that has "_time" as row values and "hosts" as column values like below. _timehost-1-1host...

by New Member in

Counting percentage with completion and not completed status

Hi, I have following data: And I am trying to create SPL which gets me following result: I tried ev...

by Explorer in

How to pass an attribute from one event to another in order to create a table to summarize data

Hi guys! I'm a newbie to Splunk and I would appreciate if you could help me out on this one (Thank you to all the m...

by Communicator in

How do I monitor changes to config files?

Hi, Brand new user of Splunk here. I'm currently evaluating Splunk Enterprise. I need a bit of help understanding...

by Explorer in

How do i extract a value from one search, use it in a second search, and then output fields from both searches

Hi I need to search one index, extract a value from a field from that search, then use that value when searching a...

by Path Finder in

Get the count of events in a search and use it to calculate another field

I need to get the count of the total number of events in the search and use it later to calculate the value of anothe...

by Engager in

Convert number to string, to avoid being counted by addtotals/addcoltotals

Hi, I am creating a report with "chart field1 field2", field2 only has 2 values. So the result has 3 columns: Field1,...

by Explorer in

calculate sum of duration

Hi everyone, I have calculated a duration field like this for example Duration 00:22:02 00:19:26 00:04:26 00:...

by Path Finder in

Delemma when searching Apps a particular TA is not in the list for all apps ? where is it ?

I am doing an inventory of all apps on my search head - but one I have noticed is not listed - I have thrown the kit...

by Path Finder in

Two sets subtraction

I have a two saved searches A and B. Each gives an output like below: A: host host...

by Explorer in

mvexpand memory issue

Hi, I have very large dataset that appears as multivalued as below: | makeresults | eval data1="Windo...

by Builder in

how to extract the data from json to a table show

i'm trying to extract data from json and show into my dashboard but failed { "timestamp":"2021-04-22T09...

by New Member in

Subsearch with different index

Hi,I am using 2 indexes (index1 and index2). I want to pull a field from index1 (URL and rename it to url_1), and the...

by Loves-to-Learn Lots in

Map, Join or ... ??

Hello community, I tried to find an answer to my problem, but it seems im incapable of finding it, so i will be pos...

by Engager in

how to count records in a row?

Hello guys, I am new with a splunk and i need some help (also a splunk search language documentation with example). ...

by Explorer in

search on subsearch using data from main search results

hello Splunkers!I've got an issue with this query, in "main search" I got data src, can I use "src" to get data on my...

by Loves-to-Learn in

How do i search two seperate indexes and then output values from fields returned from each index?

Hi, I am trying to search across two seperate indexes and then display fields returned from both indexes on a singl...

by Path Finder in

Using a subsearch in a lookup

I've got two searches I'm trying to join into one. | localop | ldapsearch domain=my_domain search="(&(objec...

by Contributor in

Reading a xml file when file is split in to two

We are having a issue. Sometimes our input XML file is splint in to two. In the above image you can see, bot...

by Loves-to-Learn Lots in

Identifying user based on IP Address/ Hostname

...

by Path Finder in

Merge cells together when having one same Value

Hello Together I have a little difficulty with the merging of cells. The idea is that if the results for the value ...

by Engager in

Field Extraction : regex works fine with search using "rex" command but not with Field extraction

Hello, I'm trying to analyze WatchGuard firewall logs received by Splunk using syslog on udp 514 port. I was able...

by Explorer in

Issue with regex and 'positive lookbehind'

Hi, I'm kind of new on the Splunk world and I'm trying to create new extraction field. Here are two examples ...

by Explorer in

field extraction

Hi , I need help in the below, There is a description column, which has like Description process_1_details :...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I filter events by lookup time?

how to use part of field name to group columns and add values?

Counting percentage with completion and not completed status

How to pass an attribute from one event to another in order to create a table to summarize data

How do I monitor changes to config files?

How do i extract a value from one search, use it in a second search, and then output fields from both searches

Get the count of events in a search and use it to calculate another field

Convert number to string, to avoid being counted by addtotals/addcoltotals

calculate sum of duration

Delemma when searching Apps a particular TA is not in the list for all apps ? where is it ?

Two sets subtraction

mvexpand memory issue

how to extract the data from json to a table show

Subsearch with different index

Map, Join or ... ??

how to count records in a row?

search on subsearch using data from main search results

How do i search two seperate indexes and then output values from fields returned from each index?

Using a subsearch in a lookup

Reading a xml file when file is split in to two

Identifying user based on IP Address/ Hostname

Merge cells together when having one same Value

Field Extraction : regex works fine with search using "rex" command but not with Field extraction

Issue with regex and 'positive lookbehind'

field extraction

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions