Splunk Search

Ask a Question

Discussions

Thread Info

In Splunk how to find the number of words based on the a pipe separator and add a value to it and assign it to a new fil

by Loves-to-Learn in

SPL to return list of field values for a particular time

Hi All, I need a spl which will return the list of filenames that came for the latest time . | eval latest_time =...

by Path Finder in

Need help how to find the active rules/usecases and integrated logsources in splunk

Hi Guys, Help me out how to find the active rules in splunk and how many log sources are integrated with splunk. ...

by Path Finder in

Is it possible to save the value in a field in the first time it occurs and then assign it to later events?

For example, if we have several events and there is a field named from, which is only existed in the first event. Is ...

by Explorer in

How can I search for alerts that send emails to specific users in Splunk 6.6?

Our setup has a quite a few alerts and we need to find all of the alerts that send email to a specific user. So far o...

by Explorer in

How to count the number of unique value of reports over the course of a Month?

So suppose that everyday Splunk takes in a report that houses 9 different fields, one of which is called 'status'. St...

by Path Finder in

Need Help to find how many usecases are enabled and total hosts which is reporting to splunk

Hi , I want to see the number of active use cases in splunk and total hosts which is reporting to splunk. Thanks ...

by Path Finder in

The maximum number of concurrent real-time scheduled searches on this instance has been reached

We recently upgraded from 6.5.4 to 6.6.0 as an interim step on our way to 7.3.6. We had about 12 realtime searches th...

by Path Finder in

Subtracting column when column name are dynamic

Hello World. I have a splunk search which results in the below table... Col1Col2Col3Col4Row1XXXXRow2XXXXRow3XXXX...

by Engager in

Lookup searches and regex?

Hi guys, New to Splunk so pardon the simplicity of my question! Im trying to bounce my csv list off another one. ...

by Path Finder in

Use another index as lookup

So I'm trying to enrich one search, by pulling fields from another index, they have a matching pair of fields Serialn...

by Communicator in

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Hi, I am trying to create a table from 2 different sourcetypes. Fields in both source types are same but has differen...

by Loves-to-Learn Lots in

Why are exclusions using lookup failing?

I'm looking signatures in snort but I want to exclude some of the signature IDs by using inputlookup, but it doesn't ...

by Engager in

Extract from URL

Hi, I have following kind of url : https://abc.com/loc/country/123/isshttps://abc.com/a1/v1/country/456.json?...

by Explorer in

Custom alert webhook validation

I have a custom webhook which allows user to enter multiple inputs. Eg: NAME ID NODE I want to validate the...

by Path Finder in

Display result=0 rather than "No Results Found"

Hi All, I'm using a query to get the total total count of a field ( different error messages ) .Here is the sear...

by Explorer in

Why are fields returning true for both isNum() and isStr() ?

Hi, I want to setup a search to alarm me if a field ever changes its nature. To play around, I chose the year fiel...

by Explorer in

Correlate multiple events, extract fields, output to table

Hi everyone, I'm trying to correlate some events that have same field and then to output the results to a table...

by Engager in

Why does the case statement works until an AND is added to it?

When I have this case statement like this, it "works". It runs and puts values in the iSeries column, but they are wr...

by Loves-to-Learn in

How to convert a number into a Date?

Hello, Folks. I have a field that represents a date but in this format (YY/MM/DD).For example: on 07/23/20 the field...

by Explorer in

How do i create new field with last day of reporting period to my search?

I have a report which runs every week on Monday , I'm using earliest and latest time in my search . Now I wanted to ...

by Communicator in

How to convert numeric values to decimal numbers?

I have a field called Availability and the field values are like 98.32 % and I want them to be converted as decimal n...

by Communicator in

Calculating throughput

In splunk logs, I have to monitor some specific events. The identifier I use to target for those events is a text 'EV...

by Explorer in

Describing fields

Brand new to Splunk and curious whether there is a way to add descriptive text to the pop out window that appears whe...

by Path Finder in

How can I join these two tstats searches

The searches look like this in their base form | tstats count where index=nix_os earliest=07/10/2020:00:00:...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

In Splunk how to find the number of words based on the a pipe separator and add a value to it and assign it to a new fil

SPL to return list of field values for a particular time

Need help how to find the active rules/usecases and integrated logsources in splunk

Is it possible to save the value in a field in the first time it occurs and then assign it to later events?

How can I search for alerts that send emails to specific users in Splunk 6.6?

How to count the number of unique value of reports over the course of a Month?

Need Help to find how many usecases are enabled and total hosts which is reporting to splunk

The maximum number of concurrent real-time scheduled searches on this instance has been reached

Subtracting column when column name are dynamic

Lookup searches and regex?

Use another index as lookup

How can I join unique fields from 2 different sourcetypes to one column and its values to 2 different columns?

Why are exclusions using lookup failing?

Extract from URL

Custom alert webhook validation

Display result=0 rather than "No Results Found"

Why are fields returning true for both isNum() and isStr() ?

Correlate multiple events, extract fields, output to table

Why does the case statement works until an AND is added to it?

How to convert a number into a Date?

How do i create new field with last day of reporting period to my search?

How to convert numeric values to decimal numbers?

Calculating throughput

Describing fields

How can I join these two tstats searches

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions