Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

trim a string

i have a string 14/04/2020|A3|ABC149251|text i really need can i run something which will trim this string from ...

by Path Finder in

Unable to create sourcetype

I am trying to create a souretype "meraki" on the GUI. But it is saying "Sourcetype meraki already exists" sou...

by Explorer in

Why is the CIDR search on accelerated data failing?

When I run my tstat including a CIDR filter with summariesonly=T I got no result, while setting the parameter to fals...

by Path Finder in

Base Query return 440 events, but stats result is 0

Hi team, I have below query. The base query has 440 events returned, But when I use stats command, tje number is 0. ...

by Path Finder in

If Reverse DNS lookup fails, then results don't get displayed - not what I intended!

I'm trying to report on successful login activity to S/FTP server via the following: host="my-ftp-server" sc_statu...

by Engager in

Join 4 source types with common field after eval

Hello, I have 4 sources (source 1-4) , common field for source 1 to 3 is Properties.Id, source4 common field is Id, d...

by Explorer in

need to help to extract few fields

Hi Team, I have the following as raw event INFO : [0:HLog][20200507 12:25:25.739 -0400] [CFarmdHealth.java:538]...

by Explorer in

Return values in CSV lookup not in index

My CSV has 98 rows and I want the search to return the rows from that csv if they are not in my index=gcp* what i ...

by Engager in

Does Splunk Contain any Messages about the License of Splunk Addons

I wonder if Splunk internal logs contain any information such as the expiry of the services on a Splunk addon. Thanks...

by Path Finder in

Lookup Update Table Unique Rows

Hi Experts, I'm trying to build a lookup table that will update based on the latest time a user logged into a part...

by Path Finder in

Is there a way to create two charts with a time range that stays in sync?

I want to create multiple charts that have the same time range. That way I can correlate between the two. For instanc...

by Explorer in

report not load search command result for users

Hi I create report and share with users (join to ldap server). they can see report but when click on numbers that sho...

by Motivator in

Display only specific values in a column field in Splunk

Hi, I have a list of values getting displayed in one of the columns - Error Messages (for all languages) which i have...

by Explorer in

How to increase chart column number more than 3000?

Hi Guru, I would like to show my data with 4000 x 3000 matrix. I used chart command but the limit for the number o...

by Path Finder in

Base and post process search

Can someone help me in understanding the actual use of base and post process searches please. And I would also like t...

by Explorer in

eval round

Hi all, During evaluating round I got the error: | stats avg(duration) AS "booking average time" by hours | eval "...

by Explorer in

help with if-else statement

Hello, I have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messa...

by Communicator in

Search syntax help

I import csv files structure like following A Last Login Region Disable abc@abc.com 3/23 18:00 HK No tbc@tbc.com ...

by Engager in

visualization

in a line chart after reaching a threshold it needs to show in different color how is it ??

by Explorer in

Joint two table with subrow

I' struggle with joining two following table: Table1 Table 2 The row company of table 1 contains two ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

trim a string

Unable to create sourcetype

Why is the CIDR search on accelerated data failing?

Base Query return 440 events, but stats result is 0

If Reverse DNS lookup fails, then results don't get displayed - not what I intended!

Join 4 source types with common field after eval

need to help to extract few fields

Return values in CSV lookup not in index

Does Splunk Contain any Messages about the License of Splunk Addons

Lookup Update Table Unique Rows

Is there a way to create two charts with a time range that stays in sync?

report not load search command result for users

Display only specific values in a column field in Splunk

How to increase chart column number more than 3000?

Base and post process search

eval round

help with if-else statement

Search syntax help

visualization

Joint two table with subrow

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

Regex field extraction repeating string