Splunk Search

Ask a Question

Discussions

Thread Info

Replace and add digit

Hello, I have the following situation - in the original files I have the following information in the field:Server...

by Path Finder in

Speeding up a Search against lookup table searching large index

Have a small lookup table with 135 dest_ip and a search that is searching that lookup table against a 40 TB index (...

by Engager in

Combine Multiple Fields

Hello, I'm relatively new to Splunk. I have multiple fields with different naming schemes that have different ...

by Explorer in

Using result of one search for another

Hi all! I am relatively new to splunk and I am trying to use the results of one search for another search, So... ...

by Explorer in

Search Marcro - Sending Results to Macro Variable.

Hi, I'm having the hardest time trying to figure out how to pass an event field into a variable argument to be used i...

by Contributor in

Percentage calculation by timechart

We have a request to get values from particular field based on % of bin count. (1) index=ABC | timechart span=1d c...

by Path Finder in

Match Substring in Multivalue field and return only the matched substring values

ReconnectedTimeReconnectedDetails2021-02-02T16:46:19.0002021-02-02T08:54:48.000|viceusr|0xA310B|BEK-329999910922|11.1...

by Path Finder in

Extract value from field

Hello everyone, I have multiple fields and i want to extract an ID from it. (That's the only value that changes in ...

by Path Finder in

How to tell if event is within X seconds (both forwards/backwards) of another event

Using 'delta' I am able to figure this out, but in one time direction. Now I need the other time direction. In the...

by Explorer in

Pass field into a subsearch from stats command

Hi, i have data namebinarykeynumberSteve110012345Steve10013246Steve 12347Charles 23456 I am trying to c...

by Communicator in

Multiple Stats Multiple Indexes

I have 3 data sets that I need to combine with 1 data set not having a field to perform a compare. I initially start...

by Contributor in

Any idea why eval doesn't assign value

Query example: index=eks sourcetype="kube:container" message=log | fields data.user_agent | rex fie...

by Engager in

how to convert date field to days

i have a date field like this 2021-01-29 00:25:58.913024+00 i want to convert this just date as days field using now(...

by Explorer in

Is there a way to pass results of a subsearch to be used in the display and criteria of a parent search?

I've Googled it, but can't find a SOLUTION. I've got a search that pulls Validators remaining per Subject. I wan...

by Engager in

How to compare multivalue field with previous and next event value of _time field ?

Each multi-value field (FiledName: R_time ) which has time value in epoch format should be compared to it previous ev...

by Path Finder in

ldapsearch through map command is blanking out the rest of my table except for it's own output

1st search works (I get all fields in my table including GUID): earliest=-1y index=azuread sourcetype="ms:a...

by Path Finder in

Using Multiple Text Box Input For Searching

I have a dashboard built that views today's events for processes running on systems. To focus on a single event, I h...

by Path Finder in

When no events logged on the 1st of the month add log from the last day they were received

The following search gives me a table that contains the number of lines of code on the first of each month and calcul...

by Explorer in

How to see number of hits on a specific destination IP

Hi All, How can I see number of hits on a specific destination IP by using the search and reporting tab ? ...

by New Member in

I want to freeze (or to block) a row in a Splunk Table

Hi all, I am struggling with an issue about Splunk Developing. Our target is to freeze a row. Every time that anyon...

by New Member in

Require help to create query for table

Hi All, I have the below types of logs in in two different hosts in my index: HOST= abc log1: Tue Feb 2 19:07:2...

by Contributor in

Help with join - Periodically it fails to join a small percentage of records

I have a query to find missing forwarders. It is based on code I received here and it is so very close to working. ...

by Path Finder in

rest jobs runDuration inaccurate values

Hi All... As i am trying to find out the the long running search queries using this rest search, its working fine, bu...

by SplunkTrust in

Find Multiple Users With The Same Unknown Email Subject

Scenario: I have 10 machines infected with malware. The believed infection source is email, I am attempting to create...

by Engager in

excluding a search result

Hello Splunkers ! i have a problem here, that we're running an infra structure change and for that im getting d...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Replace and add digit

Speeding up a Search against lookup table searching large index

Combine Multiple Fields

Using result of one search for another

Search Marcro - Sending Results to Macro Variable.

Percentage calculation by timechart

Match Substring in Multivalue field and return only the matched substring values

Extract value from field

How to tell if event is within X seconds (both forwards/backwards) of another event

Pass field into a subsearch from stats command

Multiple Stats Multiple Indexes

Any idea why eval doesn't assign value

how to convert date field to days

Is there a way to pass results of a subsearch to be used in the display and criteria of a parent search?

How to compare multivalue field with previous and next event value of _time field ?

ldapsearch through map command is blanking out the rest of my table except for it's own output

Using Multiple Text Box Input For Searching

When no events logged on the 1st of the month add log from the last day they were received

How to see number of hits on a specific destination IP

I want to freeze (or to block) a row in a Splunk Table

Require help to create query for table

Help with join - Periodically it fails to join a small percentage of records

rest jobs runDuration inaccurate values

Find Multiple Users With The Same Unknown Email Subject

excluding a search result

Harnessing Splunk’s Federated Search for Amazon S3

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown