Splunk Search

Ask a Question

Discussions

Thread Info

Assistance with combining / joining on 2 large data sets

I have 2 large data sets Data Set 1 (Assets) contains information about devices. For example the dataset will ...

by Contributor in

Appending Searched parsing output

I m using append query multiple times for different searches for same index. Its parsing my job. Please advise solu...

by Explorer in

How to compute the duration based on Time picker

Basically, I want to get duration based on the time picker. Example, If i select Year to Date in the time picker, i...

by Explorer in

Display only the top 5 values in count column

Id like to be able to display only the top Total values, struggling with this

by Contributor in

get the latest value in an array

Hi Guys, I am working on searching data from Servicenow ticket, and tickets normally have some status for example: ...

by Explorer in

_time format

Our data input contains two timestamp fields — creation_time and modification_time — both formatted in line with ISO ...

by Communicator in

Splunk Returning different Stats for same time range.

I have a scheduled report that runs monthly for the previous month. It runs a cron job 00 08 1 * *. I need to go b...

by Communicator in

Splunk If else and severity search query

I am trying to write splunk search where I have 2 conditions and my query returns the results based on that for ex...

by Path Finder in

Simple Name for Variable

Apologies in advance as im new to SplunkIm trying to put a name to each line below. Each src to dst is a business cli...

by Engager in

Calculated field in data model is not available in search

I created a calculated field in my datamodel, freight_service_error_list_martin, called loggerPackage that is the ext...

by Explorer in

Calculate average of each column at the bottom

Hi , Can anyone help me- how to get average of the all the columns at the bottom.The output should be like - cti...

by Path Finder in

When trying to extract new field, why do I get "Error in 'SearchOperator:loadjob': ... cannot proxy an ad-hoc job in a searchhead cluster." error?

While I am trying to extract a new field, I get this error Error in 'SearchOperator:loadjob': The search artifact ...

by Explorer in

Other use cases for fieldsummary?

I'm not sure if there is an answer to this question but as of right now, I'm using fieldsummary to get a better under...

by Explorer in

Dynamic variable fields generation

Hello Splunk Community I would like to know if I can create a new column field from a multivalue fieldMV field = ...

by Explorer in

How to create a base search that uses values from a multi-value field as indices?

I have a lookup table. Let's say the lookup table contains a column called "a". The "a" column contains a list of ind...

by Communicator in

props deployed on SHCluster but no extractions

Hi, A bit of a strange one that I can't workout. I have a deployer server and a search head in one DC and 2 searchh...

by Contributor in

Search event is not providing output for fields

We have created http event with below command: http://localhost:8088/services/collector Body: ...

by Explorer in

Datamodel use case

How do we come to conclusion which Data Model will be applied to specific use case? raw data like id: 8766899, time...

by Engager in

How to capture the date on line 3 of a csv file, while the header fields begin on line 5

Dear Community, I Have a csv file with no timestamp with the data, I only have a timestamp on the beggining of the...

by Explorer in

"Field1" can have one value as either yes or no. Calculate count for yes as count1 and count for no

"Field1" can have one value as either 'yes' or 'no'. I want to calculate count for 'yes' as count1 and count for 'no'...

by Communicator in

Replace Multiple Strings in a field with values

Need to replace strings present below in a field with the respective values. Field1 = "This field contains the info...

by New Member in

How do I search for a single specific event?

How do I search for a single specific event? Is there event id provided using Rest api of create event of HTTP event ...

by Explorer in

How to separate multiple search results into different tabs within the same CSV file?

For my requirement, I need to put multiple Splunk search results into different tabs in a single Excel file. Please s...

by New Member in

how to do a external lookup with http get

Hi, guys I want use external lookup to query with the http api. I can use curl to get the response. curl 'http...

by Loves-to-Learn Lots in

Index CSV Missing Columns

I have an interesting problem that I am not sure how to solve. I have a CSV that I am monitoring. The CSV has appro...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Assistance with combining / joining on 2 large data sets

Appending Searched parsing output

How to compute the duration based on Time picker

Display only the top 5 values in count column

get the latest value in an array

_time format

Splunk Returning different Stats for same time range.

Splunk If else and severity search query

Simple Name for Variable

Calculated field in data model is not available in search

Calculate average of each column at the bottom

When trying to extract new field, why do I get "Error in 'SearchOperator:loadjob': ... cannot proxy an ad-hoc job in a searchhead cluster." error?

Other use cases for fieldsummary?

Dynamic variable fields generation

How to create a base search that uses values from a multi-value field as indices?

props deployed on SHCluster but no extractions

Search event is not providing output for fields

Datamodel use case

How to capture the date on line 3 of a csv file, while the header fields begin on line 5

"Field1" can have one value as either yes or no. Calculate count for yes as count1 and count for no

Replace Multiple Strings in a field with values

How do I search for a single specific event?

How to separate multiple search results into different tabs within the same CSV file?

how to do a external lookup with http get

Index CSV Missing Columns

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6