Splunk Search

Ask a Question

Discussions

Thread Info

The difference in the number of events on different hosts

How to find the difference of events between hosts ?If the number of events on different hosts differs by 15 ?

by Loves-to-Learn Everything in

Count of specific event

HI all, I have this rule: "Unapproved Port Activity Detected" - I know this rule creates many alerts, how can i f...

by Explorer in

lookup multi value

I have multiple devices in a given location maintaining it lookup table with location and device. Using location fr...

by Explorer in

CSV Lookup for search query

I prepared csv to inputlookup to compare the Splunk logs. adhoc.csv // Account, test01,etc.... test02,etc.....

by Explorer in

How to add columns from lookup table file to main search

Hi everyone I do a search in Splunk and this is the results NamePriceDateapple235689/18/2020apple233469/18/2020ap...

by Explorer in

How do we find events on indexers wise in splunk

Hi Community, I was trying to get the event details of all the indexes wise in splunk but i couldn't. please help m...

by Path Finder in

rename command seems to work differently in Splunk 7.2.5.1 vs Splunk 8.0.5.1

Let me start by saying I know we should be using the coalesce command. I didn't write this query, it has been running...

by Explorer in

transpose and xyseries

Hi, I have a situation where I need to split my stats table. I have tried to use transpose and xyseries but not get...

by Builder in

How do we handle white space in TIME_FORMAT?

I have a log file with events that start like - 2019-01-09 11:19:37 WARN. We ended up using TIME_FORMAT=%Y-%m-%d%t...

by Ultra Champion in

How to get the maximum count by host and time

Hi, I am trying to query to pick the maximum TPS count of each host(three hosts) and the time when the maximum coun...

by Path Finder in

how to combine two source files with different timestamp

I have two source files as below with different dates . 1. 17092020wlslog 2. 18092020wlslog Now I want to me...

by Loves-to-Learn in

Disable a button when submit button is enabled .

There are two buttons on my dashboard . On clicking the submit button , the other button should be disabled . Ca...

by Loves-to-Learn Everything in

Editing the Parent ID's of a Splunk Table Panel

Everyone, I am trying to edit the ID values for the "div" tags mentioned in the above screenshot so that they are u...

by Path Finder in

event categorization with rex: best practices?

Expanding a bit on my question from last year, "categorize or classify dissimilar field values at search time?": Ho...

by Contributor in

NOT Search is not giving the expected result

i am trying the exclude the events in the sub search query using Search NOT. It is not returning the expected result....

by Explorer in

Join 2 queries and obtain count of rows of right side of join

Hi, I am trying to obtain user locked out events (4740) while performing a join with failed password events (4625 log...

by New Member in

Table

In table shown above .. The highlighted column name 'changequantity ' , on clicking on this column name it should...

by Loves-to-Learn Everything in

How to calculate percentage and display this on a timechart?

I extract a variable called "state" using rex, and it has 3 values: success, aborted, chargeback Now I want to see th...

by Explorer in

Determine frequency over time

I am attempting to work out the frequency of events over the selected timespan in weeks. Basically: count of events ...

by Engager in

drill down

Question : A Table with 4 columns: eg: A B C D 1 3 1 2 2 4 1 6 where A , B , C ,D are column names ...

by Loves-to-Learn Everything in

Trying to filter out multivalue rex returns when they have a specific value.

Hi all, I have run in to a wall on a query I am attempting. I am receiving an error on my log, and one of the item...

by Engager in

If statement help

I have a table generating fields Assignee, Support_tier, HR_Country, Hostdomain, I have to Assign some values to 'A...

by Path Finder in

multiple host input listing in splunk query (search & Reporting)

i am seeking a way to define a variable where i can define a static list of hosts to (re-)use in adhoc searches Exa...

by Explorer in

EVAL with Sub search

Hi Friends, If I execute below highlighted query I am getting the result where when I supply the result as search i...

by Engager in

regex to cull particular dest and src IP's before indexing

Hi All, I have an issue where I need to cull certain IP sources and destinations from syslog sources before it gets i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

The difference in the number of events on different hosts

Count of specific event

lookup multi value

CSV Lookup for search query

How to add columns from lookup table file to main search

How do we find events on indexers wise in splunk

rename command seems to work differently in Splunk 7.2.5.1 vs Splunk 8.0.5.1

transpose and xyseries

How do we handle white space in TIME_FORMAT?

How to get the maximum count by host and time

how to combine two source files with different timestamp

Disable a button when submit button is enabled .

Editing the Parent ID's of a Splunk Table Panel

event categorization with rex: best practices?

NOT Search is not giving the expected result

Join 2 queries and obtain count of rows of right side of join

Table

How to calculate percentage and display this on a timechart?

Determine frequency over time

drill down

Trying to filter out multivalue rex returns when they have a specific value.

If statement help

multiple host input listing in splunk query (search & Reporting)

EVAL with Sub search

regex to cull particular dest and src IP's before indexing

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions