Splunk Search

Discussions

Thread Info

How to export the key and values in a CSV format

cf_app_id: *****************88 cf_app_name: ***********888 cf_ignored_app: false cf_org_id: ***************8888888888...

by New Member in

Splunk Query provided wrong results

Hello, Splunk query provided in correct responses. I have A query which filters the data on a specific day and pr...

by New Member in

Why is conditional stats count not working with basic example?

The following query is pulled directly from the Splunk documentation and for whatever reason always returns 0, even w...

by Builder in

lookup table question

Hello everyone. Question: I'm periodically given a .csv file provided to me from a team in my company.I need to...

by Path Finder in

Field extraction for Log File Entries with Pipe delimiters

Hi, I have a log file I am monitoring. Log file entries have pipe delimited field entries as below: LE Variatio...

by Builder in

How to calculate percentage based on 2 different searches?

Greetings to the pro's, I have 2 panels, one brings me the Total Active Hosts and the other brings me the Total Ho...

by Engager in

Lookup file data in a search string

Hi , I have following search string , where Username field is extracted using rex command . Now I want to use a l...

by Path Finder in

Compare Lines in a Single Field

Hello All, Is there a way in a Splunk search to iterate through a multiline field and do stats on each value/each...

by New Member in

How to extract values from my sample log?

Hi can you help us to extract values from log like ACTION, URI and response_time i used extract kvdelim=":" pairde...

by Communicator in

Line chart group by month

Hi, I am sorry I am very new to the splunk and I am struggling with the results I want to get. I have a query that pr...

by New Member in

wanna show the of the job as it is untill its changes its status

Hi Team I have following details One of autosys job is running for 20 hours with the status recording in the lo...

by Explorer in

Displaying unwanted user names on the output

Below is my code and I want to display only "Druv" Failed logins. But, I see the user name 'None' , 'Karla' and other...

by Explorer in

Compare two different tables from different sources and get the matching and non matching

Hi All, Hope you all are doing good. I have to check 2 table from different sources and get a new table where i...

by Explorer in

INGEST_EVAL field returning no results

Hello i have this configuration in transforms.conf: [adjust_flight_fields] INGEST_EVAL = flight_id=Designator.Flig...

by Communicator in

reverse wildcard lookup from event field in index

Hello Everyone I am trying to see if i can pass an event field over to a lookup attached with a wildcard (reverse...

by Explorer in

Eval Time_Diff

I am having trouble getting a result to appear for the below query. I am trying to produce a column showing time_diff...

by New Member in

To what degree does chaining (or nesting) automatic lookups actually work?

Example: Say I have two lookups A and B. Let's say they're both file-based lookups (even though I don't think it act...

by SplunkTrust in

How do I fine tune my custom scoring system?

| inputlookup scanner_visibility.csv | lookup visibility_blue.csv Acronym AS application local=t OUTPUTNEW "Risk Scor...

by Communicator in

Using the value of a subsearch in main search

I am trying to create a search that gets the top value of a search and saves it to a variable: | eval top=[| eval ...

by Engager in

Subsearch assistance - feel like I'm close

I have ldap logs that give me events that look like this: Feb 21 13:13:22 ldap.foo.com slapd[28026]: conn=15306 fd...

by New Member in

need help to hold the status of a job from an event and make it count till next status change event and show it in the timechart

Hi Ninjas, I have following sample events in splunk. [02/18/2020 10:47:15.1318] CAUAJM_I_40245 EVENT: CHANGE_ST...

by Explorer in

Field Extraction help

Hi, I have events in the following format. It would either be a "Successful log in" or a "Unsuccessful login". I'm...

by Path Finder in

Saving the top value of a search to use in a separate search.

I am trying to save the top 1 value of a field from a search to a variable. I then want to use this value to input in...

by Engager in

Time Chart and DBXquery

I am new to splunk. I have a DB connection from where I am fetching a table. I want to create a dashboard for with x-...

by New Member in

error on tag and dedup in search

Hi all, I have a weird error on my splunk instance 7.3.0. I created a tag called application_web, if I try to use ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to export the key and values in a CSV format

Splunk Query provided wrong results

Why is conditional stats count not working with basic example?

lookup table question

Field extraction for Log File Entries with Pipe delimiters

How to calculate percentage based on 2 different searches?

Lookup file data in a search string

Compare Lines in a Single Field

How to extract values from my sample log?

Line chart group by month

wanna show the of the job as it is untill its changes its status

Displaying unwanted user names on the output

Compare two different tables from different sources and get the matching and non matching

INGEST_EVAL field returning no results

reverse wildcard lookup from event field in index

Eval Time_Diff

To what degree does chaining (or nesting) automatic lookups actually work?

How do I fine tune my custom scoring system?

Using the value of a subsearch in main search

Subsearch assistance - feel like I'm close

need help to hold the status of a job from an event and make it count till next status change event and show it in the timechart

Field Extraction help

Saving the top value of a search to use in a separate search.

Time Chart and DBXquery

error on tag and dedup in search

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Salesforce in SPLUNK

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data