Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can I combine 2 searches consisting of inputlookup and outputlookups?

how can i combine queries to populate a lookup table? I have a lookup table with the following values item 1 2 3 i...

by New Member in

How to group my search results with respect to response time ranges?

here is the situation: I have two fields 1. Response time that needs grouping like this (Low=0-1.2, Medium=1.2-1.5, ...

by New Member in

Looking for a search that will provide the duration of time a VPN user was seen online

The search should provide the time period in which the user was logged through VPN and possibly when the IP lease is ...

by Path Finder in

Merge two search results in one row

I have the below events and I want to merge the search results: 20171222.103330 Fr I - 0 Fn=makeRequest Endpoint=h...

by Explorer in

Need help with field-extractions on these events

by New Member in

Using eval to create date in epoch time

I need to create a field today that is equal to the epoch timestamp in milliseconds for midnight yesterday. I've been...

by Path Finder in

Is it efficeint to use lookups to save historic data?

I have several searches I use to trend historic data, however they take a long time to complete. The data is historic...

by Path Finder in

Wildcard field used in table, return only fields with selected values.

We're pulling in a JSON from an API call. I'd like to setup an alert that only shows when field state is NOT active. ...

by Builder in

How to sort the average time??

I have on field named average duration which is right now sorting alphabetically. Are there any way we can sort it by...

by Communicator in

join two events with a common field

I want to join the below two events based on tid. For "Event1", there could be multiple" Event2" Event1: 20171219....

by Explorer in

Extracting and concatenating regex captured groups in a single transform / extraction

Hi all, I'm trying to get pivots working with a user's data, but I'm having issues getting the fields auto-extract...

by Path Finder in

Pls help me with JOIN to have columns

i have two columns A and B. i have values in A column for all rows and B column has some values in rows. i want to jo...

by Builder in

Outuplookup update fields other than primary key

I am using | from datamodel:somedatamodel | fields username, IPaddress | outputlookup append=true filename.csv to app...

by Explorer in

Regex challenge: How can I blacklist all 4662 events unless they are related to group policy or DNS?

I'm struggling to find the proper regex to adjust the blacklist for 4662 events. I want to blacklist all 4662 events ...

by Explorer in

How can I extract these fields to have a table output with the field value (AAAAA) rather than name="AAAAA"?

Hello, I have raw data like this: time , name="AAAAAA",firstname="BBBBB" When I look with table I saw this : ...

by New Member in

I want to diff the counts before and after a certain date.

I want to diff the counts before and after a certain date. Here is the 'before' query. sourcetype=alpha _time<15...

by Explorer in

Calculate duration between end of search time range and _time of record

Hello, I would like to be able to calculate the time difference between the last time parameter of the time range ...

by Path Finder in

Count of events based on two where conditions

Hello All, I have to provide two where conditions in my query and need to count the events by individual counts an...

by Communicator in

Left JOIN using two searches

I have these two searches below and I want to join the fieldname Path from the first query to the second query using ...

by Communicator in

rex to extract a field

How do I extract connection attempt failed from the below log 2017-12-20T07:51:05.847Z I REPL [ReplicationExecuto...

by Path Finder in

Splunk Search

Discussions

How can I combine 2 searches consisting of inputlookup and outputlookups?

How to group my search results with respect to response time ranges?

Looking for a search that will provide the duration of time a VPN user was seen online

Merge two search results in one row

Need help with field-extractions on these events

Using eval to create date in epoch time

Is it efficeint to use lookups to save historic data?

Wildcard field used in table, return only fields with selected values.

How to sort the average time??

join two events with a common field

Extracting and concatenating regex captured groups in a single transform / extraction

Pls help me with JOIN to have columns

Outuplookup update fields other than primary key

Regex challenge: How can I blacklist all 4662 events unless they are related to group policy or DNS?

How can I extract these fields to have a table output with the field value (AAAAA) rather than name="AAAAA"?

I want to diff the counts before and after a certain date.

Calculate duration between end of search time range and _time of record

Count of events based on two where conditions

Left JOIN using two searches

rex to extract a field

Getting the error ImportError: splunklib.modulari...

How to populate nonexistent values in a table?

Using lookup to filter out fields from current sea...

Getting authentication error when session login fa...

wql query not returning any events [WMI:Services]