Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

index vs lookup

Hello All, Am trying to optimize the performance of a dashboard that was built some time back. The existing dashbo...

by Path Finder in

Using sort 0 to avoid 10000 row limit

Sorry for the silly attention-grabbing dancing question mark.  Thanks for any help on this. I've had to dive into...

by Engager in

How to rename fields in a subsearch and keep results of the original field name?

I have a subsearch query that uses a wildcard keyword list as an inputlookup to find filenames that contain a keyword...

by Builder in

3 Report outputs into one

Hi All, I'm fairly new to Splunk. I'm trying to save some time with an automated report on IIS Time Taken. I need ...

by New Member in

Rename values with regex

Hello, I need to delete the numericals values in variables name : CETAT_UGE_11 become CETAT_UGE knowing that I have ...

by Engager in

How to combine the results of two subsearches

I would like to find occurences of Name and Prename in email logfiles and only report that ones that match both colum...

by New Member in

Can Some One Help With Query Optimization

index="ocdm" source IN ("covid_collection.csv","covid_collection_lcpr.csv","covid_collection_cl.csv", "covid_collecti...

by New Member in

Search for value of FieldA, then search FieldB, Match if contains $FieldA, then pull field_C from event with match.

I want to do a search for field_A in index_A. The value of field_A contains a URL minus any http(s), or query terms. ...

by Explorer in

get count of subsearch and main search

Iam trying to get a inner join result which looks some thing like if there are 100 unique fields from subsearch, I wa...

by New Member in

Different lookup csv depending on field value

Hi, I´m trying to lookup different csv-files depending on an field-Value. But it seems to be a problem for the looku...

by Path Finder in

How to get a report on time range windows from _audit logs?

I need to get a report of search windows used in historical search activity. For example, we need to determine how fa...

by New Member in

Last 6 months search using new date field

Hello, I am trying to use another field (LAST_FIXED_DATE) as _time in my log search. LAST_FIXED_DATE got dates fro...

by Path Finder in

weekend and weekday calculations

i have data on daily basis. Date Number day of the week 2019-05-02 52.55 thursday 2019-05-03 327.57 friday 2019-05...

by Path Finder in

regex help

{"device":"abcd","host":"1.2.3.4"} {"device":"efgh [ = ILO = ]","host":"2.3.4.5"} {"device":"qrst - [ab cd ef]","host...

by Communicator in

Splunk use case to manage end-to-end access ticket support

Hello One of our partners got a request from its customer who wishes to manage end-to-end access Ticket support f...

by Splunk Employee in

Search for creating a Rolling Report for Daily Raised and Closed Incident Count

Hi There, I have got a live feed from DBConnect for incidents data in below format: dateRaised, IncID, Location...

by Communicator in

How to calculate difference between two rows of a table if another field on row is same for both?

Hello Everyone, I have a table like this: DVN. Region Name Count 201 SAM Shapes 20010 201 SAM Points 24218 202 SAM Sh...

by Engager in

How to change permissions of lookup files??

I have created my lookup file and currently its set to Private. I want to change its permission so that all other use...

by Explorer in

trying to timechart stats

I am trying splunk unique visitors from my Akamai Logs. Akamai determine a unique visitor by combining client ip ...

by New Member in

How to filter search results to group by one of the fields?

Hello, I have created the following search to show fieldsummary on 4 fields: devicename, ip, platform, and market as ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

index vs lookup

Using sort 0 to avoid 10000 row limit

How to rename fields in a subsearch and keep results of the original field name?

3 Report outputs into one

Rename values with regex

How to combine the results of two subsearches

Can Some One Help With Query Optimization

Search for value of FieldA, then search FieldB, Match if contains $FieldA, then pull field_C from event with match.

get count of subsearch and main search

Different lookup csv depending on field value

How to get a report on time range windows from _audit logs?

Last 6 months search using new date field

weekend and weekday calculations

regex help

Splunk use case to manage end-to-end access ticket support

Search for creating a Rolling Report for Daily Raised and Closed Incident Count

How to calculate difference between two rows of a table if another field on row is same for both?

How to change permissions of lookup files??

trying to timechart stats

How to filter search results to group by one of the fields?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Difference between two fields

How to convert large bytes to human readable units...

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?