Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to add a + or - sign before percent?

hi i add a + or a - sign before a percent result like this | eval perc=if(s<2,"-","+").round((s/2)*100...

by Motivator in

Show all fields for a list of sources and show 1 for fields that have values, 0 for the fields that have no value

Dear community, I am using this community since years, so far I've found everything I needed. Now I am stuck!!! ...

by Observer in

How to view multiple lookups

Hi Team, I am trying to take the backup of lookups using search head console and for the same I have tried two ways...

by Explorer in

Duration, Average , max, min response Time

2 events : request and response and unique id which binds this transaction. I have issue where i have to calculat...

by Path Finder in

Help with regex on string with multiple number values

Hi all need help getting the trailing number from a field in a search. Examples of the fieldid = bdf73ad5-4499-4f7...

by Path Finder in

How to sum time duration from value format "1d hh:mm:ss"?

hi am newbie I have a duration time value with the format "1d hh:mm:ss"but I haven't gotten a thread that discusse...

by Engager in

How to write this Splunk Query for alert?

hi,Can someone help to correct the query provided below which will send alert if detected a STOPPED status for 3 cons...

by Explorer in

Best way to extract _raw to a host OS of a SH programatically

We have a 3rd party pulling AWS logs as far back as AWS holds onto logs. However, we want to be able to go back furth...

by Engager in

Can a report be created using metadata/any other data to list all the fields that are available by index and sourcetype?

Is there a way to create a report using metadata or any other data to list all the fields that are available by index...

by Engager in

Missing transaction caused by multisearch / subsearch

Hi all I have a riddle. Query A and query B does not collect the same events and I don’t understand why. Query A)...

by Engager in

How to do Conditional Searches?

Is there a way to do a search like this; If Eventid=1111 only do these statements elseif Eventid=2222 ...

by New Member in

How to add a column that sums values while keeping the values column

Hello I have data that looks like this : Name | Type | Value ------------------------------------------ Na...

by Explorer in

How to add totals to xyseries table?

We are working to enhance our potential bot-traffic blocking and would like to see every IP that has hit AWS cloudfro...

by Explorer in

How to create a search for response time to be calculated?

I have 2 events 1) request event 2) response event I need response time to be calculated (i.e) request event...

by Builder in

How to create a search to combine inputlookup and search?

Hi, I want to compare the count of calls obtained in a day with the target in lookup csv, for example: input...

by Loves-to-Learn Lots in

How to convert the 24hrs time to 12hrs time and show the difference in -ve sign indication?

i have the 2 values let's sayexpected time= 6:00:00completion time= 08:32:44and the expected output should be the dif...

by Explorer in

How to use single value comparison with trend arrow in splunk?

I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current mon...

by Path Finder in

publish yesterday's data from today's date

I want to get QID list from yesterday’s published data. For that I'm using PUBLISHED_DATETIME field with yesterday’s...

by Engager in

How to count events for all users in a lookup table, even if some users return no results?

I have a lookup table that lists all users along with their department like so: email department --------...

by Explorer in

Why are there missing results using different Search query codes?

So i have this: (index=* OR index=_*) (index="GA2014" EventCode=4625) | dedup RecordNumber | rename ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add a + or - sign before percent?

Show all fields for a list of sources and show 1 for fields that have values, 0 for the fields that have no value

How to view multiple lookups

Duration, Average , max, min response Time

Help with regex on string with multiple number values

How to sum time duration from value format "1d hh:mm:ss"?

How to write this Splunk Query for alert?

Best way to extract _raw to a host OS of a SH programatically

Can a report be created using metadata/any other data to list all the fields that are available by index and sourcetype?

Missing transaction caused by multisearch / subsearch

How to do Conditional Searches?

How to add a column that sums values while keeping the values column

How to add totals to xyseries table?

How to create a search for response time to be calculated?

How to create a search to combine inputlookup and search?

How to convert the 24hrs time to 12hrs time and show the difference in -ve sign indication?

How to use single value comparison with trend arrow in splunk?

publish yesterday's data from today's date

How to count events for all users in a lookup table, even if some users return no results?

Why are there missing results using different Search query codes?

Introducing Ingest Actions: Filter, Mask, Route, Repeat

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Comparing data located in two different indexes

How to show output for last week?

How to use stats command with eval function and di...

Help with Search != litsearch --- In 'litsearch' t...

REST API Leverage Existing Field Extractions