Splunk Search

Discussions

Thread Info

How do I use tstats to extract data from a child data set?

Hello, I'm trying to use the tstats command within a data model on a data set that has children and grandchildren....

by Motivator in

Combine two columns in a table from two separate searches (where one is a subset of the other)

I'm currently running the query (changed to a dog-themed query) where I want to join two logs together by the Dog's n...

by Loves-to-Learn in

Adding Sparkline based on eval variable

I have a search which captures data from all the machines on the network and calculates OS Health of each machine (ho...

by Engager in

How to pass a value from a search to another search?

I have two sources - /var/log/secure - /var/log/audit/audit.log Here is my SPL so far (index=* source="/var/lo...

by Explorer in

Question on transformation commands

Hi All, I need your helping in writing post process & base searches.. My dashboard requires a chart command in the...

by Explorer in

What is Needed resource for CM, LM, DS, HF, DMC

Hi, We plan to deploy Splunk with indexer clustering (with 3 indexers) in our company. We know the hardware requireme...

by Path Finder in

How to calculate cisco asa VPN session duration time

Here's the cisco asa logs I have coming in broken down by eventype=cisco_vpn_start and cisco_vpn_end index=csco so...

by Communicator in

List of indexes not referenced in the last 30 days

I am in need of a query that will list indexes not searched in the last 30 days.

by New Member in

Is it possibile to display zero value label on chart?

Hello, I've seen similar questions like this one, but not exactly what I'm looking for. I've managed to create bucket...

by Motivator in

Time format for given log

Hi Team, What is the Time_Format forTue Sep 17 12:43:09.925775 2019I am not able to get it exactly from the below ...

by Builder in

Return user who matches only one value in same field

I appologize if this is already answered. I'm having trouble figuring out how to even search for it. I am trying t...

by Explorer in

Question on base search

Hi I have the below post process search but little confused on the base search.Kindly help. Post process search: S...

by Explorer in

what is " FATAL: Unable to read the job status.?"

I am using python sdk to connect with splunk. after running python script I am getting this error . Please help me to...

by Path Finder in

auto-arima in arima model

i am creating a model for the prediction of license usage in our environment. tried many combination(around 25) of...

by Path Finder in

Compare values of 2 columns in a table

I have a table that has 2 columns with Transaction ID's shown by a stats values() as below: | stats values(E-Trans...

by New Member in

Match and compare fields with different names and from different sources

Ok, so I a trying my best to evaluate the differences between two search results. Search 1 gives me a list of "vm...

by Explorer in

how to stats counts if one of the field's value greater than 100 ?

Hello, I have ALERT field and in this field has different types ALERT values, so i want filter one of them counts ...

by Explorer in

Compare todays data with yesterdays for results from a custom command

I have a custom command that returns results in tabular format with a _time column as well. Its something like bel...

by Communicator in

Create a chart with multiple search and display events filtered by date

hi i'm new to splunk, need help to write a query to get records and create a chart based on that . I am trying to com...

by New Member in

How to get the maximum value from a timechart table?

Hi folks, I am trying to obtain the maximum value from any cell in a table generated by a timechart search. For ex...

by Path Finder in

isuue with inputlookup file to expand multi values

Hi Experts, I have a inputlookup file which consists of two fields i,e _time and names fields as shown below, _...

by Path Finder in

Rename group by value

Hi, I am using splunk to monitor the performance of a number of long urls and the search strring is like : | stat...

by Builder in

create new field from substring of another field

Hi, in a search i'm trying to take my 'source' field, do a substring on it and save it as another field. Here's what ...

by Builder in

How to exclude some result from rex max_match

I am trying to search all Measures and Dimensions captured from Extended events of sql server analytics service. i...

by Explorer in

How do you compare a previous average with the current average

Hello I am trying to compare my average events in current month to previous 3 month average (per day [1,2,3...31]) ba...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I use tstats to extract data from a child data set?

Combine two columns in a table from two separate searches (where one is a subset of the other)

Adding Sparkline based on eval variable

How to pass a value from a search to another search?

Question on transformation commands

What is Needed resource for CM, LM, DS, HF, DMC

How to calculate cisco asa VPN session duration time

List of indexes not referenced in the last 30 days

Is it possibile to display zero value label on chart?

Time format for given log

Return user who matches only one value in same field

Question on base search

what is " FATAL: Unable to read the job status.?"

auto-arima in arima model

Compare values of 2 columns in a table

Match and compare fields with different names and from different sources

how to stats counts if one of the field's value greater than 100 ?

Compare todays data with yesterdays for results from a custom command

Create a chart with multiple search and display events filtered by date

How to get the maximum value from a timechart table?

isuue with inputlookup file to expand multi values

Rename group by value

create new field from substring of another field

How to exclude some result from rex max_match

How do you compare a previous average with the current average

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6