Splunk Search

Ask a Question

Discussions

Thread Info

Unseen character in wineventlog message

Hi all, I have a problem when I tried to parse EventID=1 in wineventlog. The message look like this: 03/05/2020 09...

by Path Finder in

first connexion and last connexion VPN

Hello, this is my request index=juniper_vpn ID=AUT24803 ( src_user!=ANONYMOUSUSER*) | eval src_user=upper(src_use...

by Path Finder in

Improving performance on join

I have a data feed to Splunk that contains number, state and service name. This comes in to Splunk continuously as th...

by Engager in

Using a subsearch in an eval line

I have some requests/responses going through my system. I want to get the size of each response. The only informat...

by Path Finder in

Code Sample does not work well.

| makeresults | eval _raw="Source1_field2,Count dev,6 prod,5 uat,7 qa,8" | multikv forceheader=1 | table Source1_fiel...

by Ultra Champion in

How to convert the time format to UK and 24 hour time?

Hello, I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT) I'd like this time (e.g....

by Path Finder in

is it possible to use tokens from 2 different files together in a query?

Hi all, i have been trying to use 2 tokens which are calculated from 2 different files in another query. But it is no...

by Communicator in

help on stats by

hi I need to understand why I execute the first search I have much more events in "Number of CPU alerts" count tha...

by Motivator in

One Tile per Table Row

Hello, I have a search that generates over 50's rows and 12 columns. I need to create a tile for each row. I thought ...

by Builder in

Time Conversion

Hi, I have time format as: 2019-10-08 15:24:40.132 UTC I used eval to strip it to: 2019-10-08 15:24:40 I nee...

by Builder in

help on a count which is different in a subsearch versus a search

hi The search below returns me 558 events `CPU` | stats values(SITE) as SITE count(process_cpu_used_percent) ...

by Motivator in

Limiting Results of matching values in an array field

Anyone know of a way to only return the matching values of a sub search to the string array field in the parent searc...

by New Member in

excluding a field value from a same events

How can i exclude a single value from a field which generates multiple value in the single event.for eg- if in a sing...

by Explorer in

How to mark difference between Two CSV

Hi Guys, There is a csv which gets updated every day once with details such as- VMName Group CPU Memory Storage Po...

by Path Finder in

How to add a color coded legend with text to a pie chart visualization?

Hi, I need to add colour code wise legend for my Pie chart visualization in a same way that Bar/Column chart has o...

by Engager in

Comparing index sizes on 2 dates

I have been asked to create an alert that looks at the index sizes (all indexes) for today, and compare them to the s...

by Communicator in

Time periods for query and alert

Hi there!I'm running this query index="staging" |eval raw_len=len(_raw) | eval raw_len_gb = raw_len/1024/1024/1024 | ...

by Path Finder in

Conditional searching using eval command with if match

Hi SMEs: I would like to define a print event type to differentiate Remote Prints from Office Print jobs. From ...

by Path Finder in

Splunk query to exclude the searched strings based on date and display in table

Hi Splukers, I have a requirement to search for some filenames and display the missing files as per the date. Thus...

by Path Finder in

Convert this time format to epoch

I have a time in the format of: 3:21:34 AM 12/8/2014 I'm trying to convert this to epoch time. Can anyone lend a ...

by Contributor in

COnversion of PM /AM time to epoch not working as expected

2/11/2020 11:49:00 AM 2/11/2020 9:55:00 PM How to convert this into Secs.. Conersion of AM and PM is not working a...

by Explorer in

How to convert string data in a field to proper case?

I'm trying to convert string data in my fields to proper case e.g. josh smith to Josh Smith. Is there any function in...

by New Member in

Setting field value based on another field

I have a value in my events called type, which is a single digit integer (1, 2, 3, etc.) I would like to create a ...

by Communicator in

How to extract a field with regex

Hi Everyone Sample logs: {"kubernetes":{"container_name":"sign-template-services","namespace_name":"merch-ps-si...

by Explorer in

split specific values from list

Hi All, I have data like below Drive Free_Space C:,D: 500 GB,450 GB E:,D: 250 GB,150 GB C:,E: 250 GB,1 TB S:...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unseen character in wineventlog message

first connexion and last connexion VPN

Improving performance on join

Using a subsearch in an eval line

Code Sample does not work well.

How to convert the time format to UK and 24 hour time?

is it possible to use tokens from 2 different files together in a query?

help on stats by

One Tile per Table Row

Time Conversion

help on a count which is different in a subsearch versus a search

Limiting Results of matching values in an array field

excluding a field value from a same events

How to mark difference between Two CSV

How to add a color coded legend with text to a pie chart visualization?

Comparing index sizes on 2 dates

Time periods for query and alert

Conditional searching using eval command with if match

Splunk query to exclude the searched strings based on date and display in table

Convert this time format to epoch

COnversion of PM /AM time to epoch not working as expected

How to convert string data in a field to proper case?

Setting field value based on another field

How to extract a field with regex

split specific values from list

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown