Splunk Search

Discussions

Thread Info

Lookup searches and regex?

Hi guys, New to Splunk so pardon the simplicity of my question! Im trying to bounce my csv list off another one. ...

by Path Finder in

Use another index as lookup

So I'm trying to enrich one search, by pulling fields from another index, they have a matching pair of fields Serialn...

by Communicator in

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Hi, I am trying to create a table from 2 different sourcetypes. Fields in both source types are same but has differen...

by Loves-to-Learn Lots in

Why are exclusions using lookup failing?

I'm looking signatures in snort but I want to exclude some of the signature IDs by using inputlookup, but it doesn't ...

by Engager in

Extract from URL

Hi, I have following kind of url : https://abc.com/loc/country/123/isshttps://abc.com/a1/v1/country/456.json?...

by Explorer in

Custom alert webhook validation

I have a custom webhook which allows user to enter multiple inputs. Eg: NAME ID NODE I want to validate the...

by Path Finder in

Display result=0 rather than "No Results Found"

Hi All, I'm using a query to get the total total count of a field ( different error messages ) .Here is the sear...

by Explorer in

Why are fields returning true for both isNum() and isStr() ?

Hi, I want to setup a search to alarm me if a field ever changes its nature. To play around, I chose the year fiel...

by Explorer in

Correlate multiple events, extract fields, output to table

Hi everyone, I'm trying to correlate some events that have same field and then to output the results to a table...

by Engager in

Why does the case statement works until an AND is added to it?

When I have this case statement like this, it "works". It runs and puts values in the iSeries column, but they are wr...

by Loves-to-Learn in

How to convert a number into a Date?

Hello, Folks. I have a field that represents a date but in this format (YY/MM/DD).For example: on 07/23/20 the field...

by Explorer in

How do i create new field with last day of reporting period to my search?

I have a report which runs every week on Monday , I'm using earliest and latest time in my search . Now I wanted to ...

by Communicator in

How to convert numeric values to decimal numbers?

I have a field called Availability and the field values are like 98.32 % and I want them to be converted as decimal n...

by Communicator in

Calculating throughput

In splunk logs, I have to monitor some specific events. The identifier I use to target for those events is a text 'EV...

by Explorer in

Describing fields

Brand new to Splunk and curious whether there is a way to add descriptive text to the pop out window that appears whe...

by Path Finder in

How can I join these two tstats searches

The searches look like this in their base form | tstats count where index=nix_os earliest=07/10/2020:00:00:...

by Communicator in

How to match the host in host.csv with the field in test.csv?

hi I need tio match the host there is in host.csv with the field there is in test.csv but i dont succeed could ...

by Motivator in

How to get sum of all the results

Hi All, I'm using a query to get the total total count of a filed ( different error messages ) .Here is the search...

by Explorer in

Calculate number of days (exclude weekends) between 2 dates?

Hi everyone, I want to calculate the number of days (exclude weekends) between 2 days with the same format of datetim...

by Explorer in

overall disk usage

HI, I'm trying to create a graph for overall disk usage for few linux servers. I'm getting the free percentage of...

by Path Finder in

Need help with Splunk Query

Hi All.I need help with Splunk Query for below scenario:I need to show the status of my cronjob in below format. St...

by Communicator in

A database error occurred: ORA-00942: table or view does not exist.

Hi All, Whe n I am trying to run the following search in splunk: |dbquery ...

by Path Finder in

Unable to extract the field: 'Select Sample Event' fails

I have a query which is able to fetch me the results. I want to extract the fields from raw data. So I click on 'Ext...

by Explorer in

Finding duration for particular day if user did not disconnect session

Hello, How can I find the duration to check the actual active hours of a user for a perticular day if the VPN sessi...

by Observer in

Help on appendpipe

Hi I use the code below In the case of no FreeSpace event exists, I would like to display the message "No disk pa...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Lookup searches and regex?

Use another index as lookup

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Why are exclusions using lookup failing?

Extract from URL

Custom alert webhook validation

Display result=0 rather than "No Results Found"

Why are fields returning true for both isNum() and isStr() ?

Correlate multiple events, extract fields, output to table

Why does the case statement works until an AND is added to it?

How to convert a number into a Date?

How do i create new field with last day of reporting period to my search?

How to convert numeric values to decimal numbers?

Calculating throughput

Describing fields

How can I join these two tstats searches

How to match the host in host.csv with the field in test.csv?

How to get sum of all the results

Calculate number of days (exclude weekends) between 2 dates?

overall disk usage

Need help with Splunk Query

A database error occurred: ORA-00942: table or view does not exist.

Unable to extract the field: 'Select Sample Event' fails

Finding duration for particular day if user did not disconnect session

Help on appendpipe

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions