Splunk Search

Discussions

Thread Info

values mismatch

i have issue where i am comparing values from 2 fields which will have same value always, but sometimes it differs. I...

by Loves-to-Learn Lots in

Extract numerical value from text logs and get max occurrence of the number

I want to extract a number from logs where the line of interest looks like, INFO 2020-11-16 12:11:47,161 [ThreadNam...

by Engager in

Search for an adjacent IP address

Hi.I have an alert that'll tell me if a host is down, and it runs for both Active and Standby hosts.The issue is that...

by Explorer in

Compare search field to multiple lookup fields

I have field src_ip in my data. My lookup fields: ip1, ip2, ip3, ip4, user What I want is to find matc...

by Path Finder in

Comparing the Dates and retrieve the latest value

We have a search that populates a csv file for tracking purposes of latest check-ins formatted as (%m/%d/%Y) Hostag...

by Explorer in

Issue in accessing Splunk web interface with Internet Explorer 11

I have setup Splunk server over LAN . I can access web interface on all machines in the LAN except 1 machine . Br...

by New Member in

compare data with one week back data

Hello, I'm trying to compare latest data with seven days back data. I want to create column charts in dashboard ,...

by Path Finder in

How to ignore the most recent X number of events from a search for each day with Timechart command

Hi Is there a search command that will ignore the most recent X number of events for each day whilst using a Timech...

by Explorer in

How to extract values from nested json?

I have the below json for which I want to extract all the values of FIELDNAME. "MY_DETAILS": [ { ...

by New Member in

How to convert my lookup field value to an executable formula when i use "foreach"?

Hi, i'm using Splunk since two month and i love it. But i need help. I have a lot of sensors, sampling per minute. ...

by Explorer in

replace multivalue field values

Hi guys, I'm trying to replace values in an irregular multivalue field. I don't want to use mvexpand because I ne...

by Explorer in

Passing paramaters to subsearch

I have a search that returns two fields, Username and Location, for a specific username. To extend this search, I wo...

by Contributor in

How to exclude the rows by comparing the results ?

I have a below table which shows status of package in each host. Normally 2 kinds of packages are there, one with 'bw...

by Path Finder in

Long running searches

On all SearchHead cluster members with ver 8.0.2, every day we are observing that CPU utilization grows. After rough...

by Splunk Employee in

How do I use eval with a multivalued field in a transaction?

Hello, I am working with historical log data from a train system and I have two types of log files: log1: each ro...

by Explorer in

Search Condition in index

Hi, I want to search the index with the eventtype which has "service" or "window" in the value index=sdsf | searc...

by Path Finder in

help on jointure in appendcols subsearch

Hello In the search below, I need to do a jointure after the appendcols command like in the first part of the searc...

by Builder in

How to sum two timecharts in another one.

Hello, I tired to sum two timecharts in another one, using tokens. It's easy to sum counted value using stats, bu...

by Explorer in

Weird event number for differing time scope

source="main" service="sales" operation="inquiryV3" port="8443" ...

by Loves-to-Learn in

How to search for strings in secondary search without _raw field available?

index::my_index host::my_host source::my_source sourcetype::my_sourcetype field1="some value" | stats list(*)...

by Path Finder in

Splunk Search

Discussions

values mismatch

Extract numerical value from text logs and get max occurrence of the number

Search for an adjacent IP address

Compare search field to multiple lookup fields

Comparing the Dates and retrieve the latest value

Issue in accessing Splunk web interface with Internet Explorer 11

compare data with one week back data

How to ignore the most recent X number of events from a search for each day with Timechart command

How to extract values from nested json?

How to convert my lookup field value to an executable formula when i use "foreach"?

replace multivalue field values

Passing paramaters to subsearch

How to exclude the rows by comparing the results ?

Long running searches

How do I use eval with a multivalued field in a transaction?

Search Condition in index

help on jointure in appendcols subsearch

How to sum two timecharts in another one.

Weird event number for differing time scope

How to search for strings in secondary search without _raw field available?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

How to add two different soucetype

InfoSec - Continuous Monitoring - Intrusion Detect...

Single Query to alert when a process is down and ...

Network topology

How do I implement multiple rename commands based ...

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >