Splunk Search

Discussions

Thread Info

How to change permissions of lookup files??

I have created my lookup file and currently its set to Private. I want to change its permission so that all other use...

by Explorer in

trying to timechart stats

I am trying splunk unique visitors from my Akamai Logs. Akamai determine a unique visitor by combining client ip ...

by New Member in

How to filter search results to group by one of the fields?

Hello, I have created the following search to show fieldsummary on 4 fields: devicename, ip, platform, and market as ...

by Explorer in

_time and date_hour don't match

Yes, I have already checked my user time zone setting. My TZ setting and all my involved servers, forwarder and Splun...

by Explorer in

How to combine two searches to compare and find values present in one but not other

Hello , I have data from 2 diff source with same fields as shown below : index= sourcetype= source= test.txt devic...

by Path Finder in

cant query data from 2 sources at the same time

My set is up 2 sources imported from csv test1.csv test2.csv now both files have fields with dates in them ...

by New Member in

How to save search query in a file in Splunk Dashboard

Hi , I have a requirement where I want to save the search query after the query has run to a file. Basically i wa...

by Path Finder in

How to calculate Average and Peak day for last 3 months

Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 mo...

by Explorer in

Transaction on unique field reduces events?

Hello, I don't understand the following behaviour and am looking for a solution. The following example is somewhat si...

by Engager in

Join 2 lookups match fields

Hello, I am looking to join 2 lookups and match the field "AccountName" from lookup1 with user field in lookup 2. ...

by Communicator in

How to get specified events from 2 indices.

SITUATION:- I use indices "A" and "B" to come to answer the same question but for different environments.- Each index...

by Communicator in

List of users who searched data of an index

How to get users(SAML authenticated) list who searched for data under particular index(_internal) in the last 24hrs.

by Loves-to-Learn in

Primary search is suppressing results to secondary search .

Hi Experts, I am trying to find a string pattern "a word" in the primary search from source="123.log" and then fro...

by New Member in

Search for field Link if it changed its value and when it changed

Date="8 May 2020" Link="X" Status="UP" Date="9 May 2020" Link="Y" Status="DOWN" Date="10 May 2020" Link="X" Status="U...

by Path Finder in

Regex throwing Mismatch Mismatched ']' in search

I am a beginner for Regex and Splunk. I am trying to use regular expression generated during field extraction in onli...

by New Member in

How to only list the columns containing a fail value

I want to display the events having a FAIL value in any of the columns. For Eg : Please help me on this!

by New Member in

How to do main search with same time frame of each result of subsearch

Need to find out suspicious IPs and count of hits (sub search)use those IPs and do outer search in same time frame of...

by Explorer in

Search for variable Link value which changed and when it changed

Date="8 May 2020" Link="X" Status="UP"Date="9 May 2020" Link="Y" Status="DOWN"Date="10 May 2020" Link="X" Status="UP"...

by Path Finder in

Extreme Search Permission Issue

Why i can't edit the correlation search or using search in splunk by extreme search such as:exwhere The error (Unknow...

by New Member in

Xaxis values not Visible while using transpose command in a query

Hi, Please help, I want to get the xaxis values in a bar chart. In the image attached, i have a query which doesno...

by Engager in

How to convert large epoch time to hours minutes and seconds ?

I want to get the result of large epoch time to hours minutes and seconds. Ex: Epoch time : 9386717.000000 Hours ...

by Path Finder in

How to search for a pattern in logs using regex or rex

I have following lines in logs 1 ADM.ADMX policies Found ADM/ADMX policies How do I search to filter only 1 ADM...

by New Member in

Is there a way to have Splunk recognize the nested JSON at index time?

I have the following nested JSON logs: {"statementData": {"overview": [{"value": 19.7780744265071, "dataCode": "r...

by New Member in

Extract with PairDelim KeyDelim

I have the following data in csv format: date,year,quarter,statementType,dataCode,value 2020-03-31,2020,1,balanceS...

by New Member in

How to read content of refreshed csv file via lookup

Hi, i have configured a csv lookup in splunk. Now i want to change the content of csv file so that it gets updated in...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to change permissions of lookup files??

trying to timechart stats

How to filter search results to group by one of the fields?

_time and date_hour don't match

How to combine two searches to compare and find values present in one but not other

cant query data from 2 sources at the same time

How to save search query in a file in Splunk Dashboard

How to calculate Average and Peak day for last 3 months

Transaction on unique field reduces events?

Join 2 lookups match fields

How to get specified events from 2 indices.

List of users who searched data of an index

Primary search is suppressing results to secondary search .

Search for field Link if it changed its value and when it changed

Regex throwing Mismatch Mismatched ']' in search

How to only list the columns containing a fail value

How to do main search with same time frame of each result of subsearch

Search for variable Link value which changed and when it changed

Extreme Search Permission Issue

Xaxis values not Visible while using transpose command in a query

How to convert large epoch time to hours minutes and seconds ?

How to search for a pattern in logs using regex or rex

Is there a way to have Splunk recognize the nested JSON at index time?

Extract with PairDelim KeyDelim

How to read content of refreshed csv file via lookup

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

Detect and Resolve Issues in a Kubernetes Environment

Some cloudwatch log collection errors

Is it possible to export entire dashboard panel co...

Anomalydetection

drawing trace and span Splunk enterprise

Splunk Daily License Usage For Every Month In GB F...