Splunk Search

Ask a Question

Discussions

Thread Info

Search optimization

by Explorer in

Yes / No Column if EventCode Found in Lookup

I have a lookup table with certain Windows Event Codes. I am searching our Windows index for all Windows Event Codes...

by Builder in

Find maximum value in one column where a second column meets criteria

I believe as with all things Splunk, there is more than one way to solve this My data consists of this | ...

by SplunkTrust in

Date sorting

Hi, I have below data: Date: Sep 2020 Aug 2018 Feb 2020 July 2017 Sep 2019 I want to sor...

by Path Finder in

reconciliation of field value from Splunk DB connect query

HI All, I need to reconcile 2 different swift messages from Splunk DB connect The key pattern should be<<YYYYMMDD...

by Path Finder in

Sum duration to iterations of same id

Hey, I have an index 'test_iterations' which contains test data (start time, end time, iterationIndex ane TestName)...

by Loves-to-Learn in

Can't use stats with custom streaming searchcommand

I have a custom search command that extracts a domain name from a url string field you specify into a new "domain" fi...

by Explorer in

Adding values from multiple arrays

Hi, I am trying to add the values from 2 array functions to get the overall sum. | eval {1_month_last_day_pri...

by Explorer in

Adding new expected Value to serach result

Hi, I tried search some data from logs using this statement: index=* sourcetype="mySource" Types* | stats...

by Explorer in

Alerting on free space AND % free space - Windows-based systems

We are collecting perfmon information - "Free Megabytes" and "% Free Space". All is well in the collection on the...

by Path Finder in

Fetch fields in json

I hava data in statistics.. it has the below format: START Request Id: 62529168377 :$LATEST {"Name": "abc","A...

by Explorer in

How to extract latest events of particular field.

Hi Folks, I need your help in fetching latest event from a particular field. Sharing you a sample event and quer...

by Explorer in

Using REGEX to extract portion of a string from a field

Hi Everyone: I'd like to extract everything after the third "/" below (starting from the left) in the url field bel...

by Path Finder in

combine events based on a common field

I have data being pushed onto Splunk in JSON format. What I am trying to do is combine events. For example, 2 events ...

by Loves-to-Learn in

normalize columns in timechart

Hi all consider this search: source=bandwidth | timechart sum(packets_in) by host which will produce rows index...

by Engager in

How to get an average per day

I am trying to get an average for the last (x) days for a that specific day and hour. This search lists a count fo...

by Explorer in

What does "bin _time span=100ms, eval H=len(_raw),transaction and maxevents" mean in this whole search?

Hi, I am having confusion in understanding some portion of following search. Can anyone help me in understanding ...

by Engager in

DNS logs showing IP addresses and not DNS names.

My DNS is now only showing IP addresses in the logs. How do I get to see DNS names in the logs?

by Path Finder in

Modify Field with Regex at Index Time

Hey guys, I have IIS logs that are logging multiple IPs to the X-Forwarded-For field as below: 114.1...

by Loves-to-Learn Everything in

Splunk Base Search issues

Having issues with splitting the complete search between "basesearch" and "remaining search in other panels". C...

by Explorer in

Lookup Table

Hello All, Actually i have an lookup table DIUSERS.csv, i would like to build a query as like below : index=* |in...

by Explorer in

mstats with host subquery

Hi all! I have this query which gets me the list of hosts stuff stuff stuff | rename host as host_changed | dedup...

by Explorer in

field value is a whitespace

I have a field that sometimes has only what appears to be a whatspace. How would I replace the existing whitespace w...

by Explorer in

How to show the mapped field when using map

I am attempting to use the map command and table the data. I am trying to map in values to run through the a predict ...

by Contributor in

Splunk Search Query

Looking for an search query to monitor some bunch of users on all indexes activity. Tried the below one but couldn't ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search optimization

Yes / No Column if EventCode Found in Lookup

Find maximum value in one column where a second column meets criteria

Date sorting

reconciliation of field value from Splunk DB connect query

Sum duration to iterations of same id

Can't use stats with custom streaming searchcommand

Adding values from multiple arrays

Adding new expected Value to serach result

Alerting on free space AND % free space - Windows-based systems

Fetch fields in json

How to extract latest events of particular field.

Using REGEX to extract portion of a string from a field

combine events based on a common field

normalize columns in timechart

How to get an average per day

What does "bin _time span=100ms, eval H=len(_raw),transaction and maxevents" mean in this whole search?

DNS logs showing IP addresses and not DNS names.

Modify Field with Regex at Index Time

Splunk Base Search issues

Lookup Table

mstats with host subquery

field value is a whitespace

How to show the mapped field when using map

Splunk Search Query

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Large JSON payloads don't always perform field ext...

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static