Splunk Search

Discussions

Thread Info

If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists?

Hello all, The question is self explanatory I think. I've seen similar questions that are resolved with an eval, but ...

by Motivator in

compare timestamp splunk and timestamp logs

Hello I noticed a lot of the events not the same timestamp as Splunk. Can you tell me how I can compare the date of...

by Loves-to-Learn in

How to do RIGHT OUTER JOIN with Lookup table?

Events stream has ID field in every record. There is a lookup table with a small subset of IDs.The task is to calcul...

by Communicator in

rex command to extract

[2020-07-07 12:40:01+0200] workspace_sandbox RUNNING pid 17159, uptime 21 days, 21:43:58 i have this line of lo...

by Contributor in

Preciso tirar duplicação de um tabela usando o DEDUP

Estou com este comando index = raw_maximo GR_RESP = STATUS "OPERACAO MAINFRAME"! = Cancelado | contagem de estatíst...

by New Member in

Lookup table help

Hello all, Looking for some help integrating a lookup table into my failed login search. What I am trying to achiev...

by Observer in

Not showing data for a particular sourcetype

Events are not getting generated after the date 15th June, 2019 for the following query. index=webmethods_prd sourc...

by Explorer in

splunk and task manager

hello i begin with splunk and i have Something complex to need i need to index the data coming from the Windows ta...

by Motivator in

Genesys log sourcetype

Anyone come up with a custom sourcetype for Genesys Application logs. ?

by Loves-to-Learn Lots in

Replace entire string if it contains partial string

Can anyone tell me how I would replace entire strings if they contain partial strings. As a basic example, in my sear...

by Explorer in

Extract numeric values with in a field

We have a field called number and the field number has both alpha and numeric values like "number=AVAILABLE=25 USD;" ...

by Communicator in

How to "UnZip" the result of `timechart count by`?

My base query:index=... sourcecode=... | timechart span=1m count as number by name useother=f In the result I hav...

by Communicator in

How to extract values from a JSON like string?

I am having data like this in my Splunk and I wanted to extract the value of status which is Active. How can I do i...

by Path Finder in

How to get SPL to exclude results that do not contain a string in multiple fields?

I am trying to tune an alert but need to only exclude if 2 of three fields do not contain a string. My goal is too t...

by Explorer in

How to add several maps to a dashboard?

Hello, Trying to add several maps to a dashboard. One map for each continent, except North America. How do I lo...

by Builder in

Why I am getting avg() alway empty?

Hi everyone,I am unable to calculate average of the given values. However, I am getting values corresponding to min()...

by Explorer in

How to get custom search command to run local on search head

I'm trying to use the python sdk to build a custom search command. In my commands.conf, I have "chunked = true" set. ...

by Path Finder in

How to run a search on a config file contents

We see lots of alerts right now. So I thought I would develop a dashboard that quickly searches through the alert co...

by Path Finder in

How to create a dashboard showing timelines of stats count for last 24 hours across multiple devices?

Good morning! I noticed today that a couple of my devices stopped sending logs to Splunk a couple of hours ago. I wan...

by Explorer in

replace String issue

Hello!I’m trying to replace product codes with product names like| replace “A1” with “Apple”, “A2” with “Grape”, “A3”...

by Explorer in

How to exclude multiple values from a field in search?

Here is my search: index=database action_id="CR" OR action_id="AL" database_name= "test" NOT (server_principal...

by Loves-to-Learn Everything in

How to get event count from current hour and previous hour by sourcetype and server/host

The goal is to compare the events from this hour vs the past hour. And then display a table by sourcetype, host, perc...

by New Member in

Use timepicker earliest and latest as epoch time

I have the same problem as in the link below: [https://answers.splunk.com/answers/336929/how-can-i-get-time-picker...

by Communicator in

Masking an email address at the search head level

Good afternoon,I am trying to Masking an email address at the search head level I have tried using Rex and sed but ca...

by Communicator in

how to only check events from the latest source file

I have a boat load of log files, whose name contains the timestamp, like this : /DATA/show_cpu.2016101908.gz /DATA/s...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists?

compare timestamp splunk and timestamp logs

How to do RIGHT OUTER JOIN with Lookup table?

rex command to extract

Preciso tirar duplicação de um tabela usando o DEDUP

Lookup table help

Not showing data for a particular sourcetype

splunk and task manager

Genesys log sourcetype

Replace entire string if it contains partial string

Extract numeric values with in a field

How to "UnZip" the result of `timechart count by`?

How to extract values from a JSON like string?

How to get SPL to exclude results that do not contain a string in multiple fields?

How to add several maps to a dashboard?

Why I am getting avg() alway empty?

How to get custom search command to run local on search head

How to run a search on a config file contents

How to create a dashboard showing timelines of stats count for last 24 hours across multiple devices?

replace String issue

How to exclude multiple values from a field in search?

How to get event count from current hour and previous hour by sourcetype and server/host

Use timepicker earliest and latest as epoch time

Masking an email address at the search head level

how to only check events from the latest source file

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions