Splunk Search

Community Activity

How to create a lookup table I'm new to Splunk and was wondering how to do a lookup table. So what i'm trying to get is something like a lookup o... by ngox0061 Explorer in Splunk Search 09-25-2020 1 6	1	6
rex help Hello,index=myindex\| spath "Rules{}" output=rules \|mvexpand rules \| table device ip rulesNow my rules has data like b... by surekhasplunk Communicator in Splunk Search 09-25-2020 1 5	1	5
rex help I am using a query below which gives me rules fieldindex=myindex\| spath "Rules{}" output=rules \|mvexpand rules \| tabl... by surekhasplunk Communicator in Splunk Search 09-25-2020 0 1	0	1
How to create a report that appends the data of every past month in the excel before sending Hi,I want to create a report through splunk that will send out an email consisting data of each months stats by auto ... by ak9092 Path Finder in Splunk Search 09-25-2020 0 6	0	6
Timechart on a rate calculated by 2 sourcetype (monthly) Hi all,I have a problem creating a time chart based on calculations of 2 values from different source-type. Let me pu... by tabbit2002 Observer in Splunk Search 09-24-2020 0 3	0	3
How to use lookup function for fuzzy matching Sorry, my English is not very good. I extracted a field named "user-agent", I also have a CSV file, the specific con... by xsstest Communicator in Splunk Search 09-24-2020 0 3	0	3
Using single column Holiday table how do I determine whether today is a holiday? I have a lookup CSV table that lists dates of holidays in a single column.HolidayTable.csv:HDate1/1/2020................ by pm771 Communicator in Splunk Search 09-24-2020 0 3	0	3
Comparing with NULL Do I understand correctly that NULL is neither equal (==) nor not equal (!=) to any value? I know about isnull() func... by pm771 Communicator in Splunk Search 09-24-2020 1 2	1	2
Timechart filldown I have a dashboard search which ends with a timechart like this \| eval VUser=if(isnotnull(Stop_time),0,VUser)\| timec... by perrinj2 Path Finder in Splunk Search 09-24-2020 0 2	0	2
How to compare list with lookup? Hi all, I'm trying to compare list of apps by server with a list of apps in lookup to find if its installed or not. I... by knalla Path Finder in Splunk Search 09-24-2020 1 1	1	1
Percentile 25 and Percentile 75 provides different result while using streamstats and stats Hello,I have 3 values 15,26,18. Now assume my 18 is my latest value and i want to find p25 and p75 including the late... by Kirantcs Path Finder in Splunk Search 09-24-2020 0 3	0	3
Renaming the 'range' field from rangemap I have a search that reads a value 0-10. I use a rangemap command to insert custom icons in toa table based on the wh... by zd00191 Communicator in Splunk Search 09-24-2020 1 10	1	10
Sniffing Ports Up/Down -- IFconfig? Looking for a way to monitor sniffing ports on a sensor. Each port is tied to a different part of the system and wou... by ddecker03 Loves-to-Learn Everything in Splunk Search 09-24-2020 0 1	0	1
Total count per week Guys, i need to create a table with 3 columns that shows me the total of produtcs per week. Like: Produtcs Tota... by justeso1 Loves-to-Learn Everything in Splunk Search 09-24-2020 0 1	0	1
How to find the the error rate that does not have following response after a given time range? I have some logs like these { logType: 'Incoming Request', url: '/hello' timestamp: '2020-09-18T17:53:56.516Z' } { l... by hongbo_miao Path Finder in Splunk Search 09-24-2020 0 5	0	5
Always got zero for count I am trying to count the requests which `message.logType` is "Outgoing Response".My query is like index="my_index" \| ... by hongbo_miao Path Finder in Splunk Search 09-24-2020 0 17	0	17
How to pass result from subsearch to main level Hi,What I am trying to do, is to determine from a lookup table whether we have a maintenance window active in order t... by kaurinko Communicator in Splunk Search 09-24-2020 0 2	0	2
Total count from 3 last weeks Guys, I need to create a table where I have the total of products from each week. Like Products Total count from... by justeso1 Loves-to-Learn Everything in Splunk Search 09-24-2020 0 2	0	2
How make a count from different weeks I need a search that shows me the count of the produtcs weekly products countfromweek1 countfromweek2 d... by justeso1 Loves-to-Learn Everything in Splunk Search 09-24-2020 0 2	0	2
Name Extraction needed Hi,I have below scenario where a sample gym has many customers and their accounts. Some are individual and some are I... by mbasharat Builder in Splunk Search 09-24-2020 0 10	0	10
Error when trying to search Network Traffic data model with tstats I am trying to search the Network Traffic data model, specifically blocked traffic, as follows:\| tstats summariesonly... by jwalzerpitt Influencer in Splunk Search 09-24-2020 0 3	0	3
What is the permissible field value length ? What is the character limit of a field allowed in splunk? If we use a longer names would the values get truncated or ... by zacksoft Contributor in Splunk Search 09-24-2020 0 3	0	3
Searching for an Event that occured before a Specific Event Windows does not provide an accurate user who performed an audit policy change on the system (EventCode 4719), it lis... by Simple_Search Path Finder in Splunk Search 09-24-2020 0 2	0	2
How can I write a search query to retrieve release/installed date for all app on Splunk? I try to search with comand \| rest /services/app/local but the value of the "updated" field is "1970-01-01T07:00:00+0... by nareerat_pr Explorer in Splunk Search 09-24-2020 0 1	0	1
Regex Hi,I am trying to find unique id's the have 3 letters followed by 6 numbers for example bhg111111 My issue is I want ... by nathanluke86 Communicator in Splunk Search 09-24-2020 0 5	0	5