Splunk Search

Discussions

Thread Info

Rex to get data between curly brackets

I am struggling to fetch the data between curly brackets . Have tried multiple rex searches, however still not gettin...

by Path Finder in

Two searches and result showing only what is in first but not second search?

I have 2 separate searches. search1 = 17 resultssearch2 = 20 results Key column that exists in both searches is...

by Explorer in

search help

Hi, Can i run a search which specify that these type of logs are blocked in palo alto firewall by specific policy...

by Engager in

How to extract JSON data format using extract field in Splunk?

Hi, I have JSON data format that send to Splunk as below: { "timestamp": "2020-03-12T18:18:48+00:00", "site...

by Path Finder in

Grouping _time

Hello, I have this query | loadjob savedsearch="myquery" | where (strftime(_time, "%Y-%m-%d") >= "2020-02-26...

by Explorer in

Scheduler - high delay in dispatching

Hi there. Should we have Indexers issue, or SearchHeads ones? We have many many many (more than 200) scheduled saveds...

by Builder in

How to Fill two different queries for a radio button with two values

Hi Ninjas, I have a radio button with two values as STARTING job and RUNNING jobs. I have different query for e...

by Explorer in

TERM command

I want to search the whole term like shown below, why is it not working ? Do i need to remove the "<" and "//" ? W...

by Engager in

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

The idea is to show up top 3 CPU Averages in a day for last 7 days. Query Using:- index=os sourcetype=ps host="Ho...

by Engager in

Eval groupping

Hello, This is my query | loadjob savedsearch="myquery" | where strftime(_time, "%Y-%m-%d") >= "2020-02-26" | ...

by Explorer in

YOY Analysis showing up until today's date

Hi there! I created a hacky Splunk query for some YOY analysis I'm doing. I was wondering if there was a way to ha...

by Path Finder in

Session duration calculates the wrong time (cant work out why)

............. | rex field=user mode=sed "s/./ /g" | eval user=lower(user) | eval date_hour=strftime(_time, "%H")| sea...

by Communicator in

How to replace a field value in a static lookup in Splunk using Splunk search query

Hello everyone! I have a static lookup which has two fields/columns State and tag. Default value of State is "Enab...

by Contributor in

Dedup multiple fields into one list

Hi! I'm trying to create a search that would return unique values in a record, but in one list. The search "basese...

by Communicator in

Why is Splunk 6.5.1 not able to search when event has data with delimiter ~ while field extraction is working as expected?

Why is Splunk 6.5.1 not able to search when event has data with delimiter ~, while field extraction is working as exp...

by Path Finder in

How to use value of one search and get more details about the value from another search

Example: Fetch VPN user details from one search and use the username to get details like email addresses from another...

by New Member in

How do I display the date in my report with the the data ?

I am trying get the max count for the yesterday's but along with this i need to display the date in the report for ye...

by Loves-to-Learn in

Acquisition method of difference of count number

Hi all, how to get difference after using chart command. I did this command. | eval year=strftime(X,"%y") |...

by Path Finder in

How to compute the total time spent from splunk timestamp

I have IIS events which looks like below. looking to compute the total time taken from the splunk timestamp..which in...

by Engager in

Issue With Date Range

I am having a problem using a date range. If I run the search below it returns 2 events and a count of 496 inde...

by Explorer in

Creating a timechart for a query with percentages and a join.

I am trying to create a timechart for a query that returns a count for a set of products that where it's lifecycle st...

by Explorer in

Why is the following search that contains "field=" not retuning results unless I use a wildcard?

Running into a strange issue that I, nor my Splunk admins, can figure out. We have a filed extraction called "Service...

by New Member in

Create a table based on values from two JSON payloads

Hi I've two different payloads returned from my search and I need to create a table from values extracted from the pa...

by Engager in

dedup problem

Hello, This is my query with " dedup Matricule" index=juniper_vpn (ID=AUT22673 OR ID=AUT24803) ......67 | eva...

by Path Finder in

データのモニター設定で取り込まれない

データの追加で、モニターでディレクトリ指定にしています。指定したフォルダの中には、同一構成の日付ごとのデータが数か月分格納されています。インポートを終えて、検索をするのですが、sourceを見ると全ファイルが取り込まれていま...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Rex to get data between curly brackets

Two searches and result showing only what is in first but not second search?

search help

How to extract JSON data format using extract field in Splunk?

Grouping _time

Scheduler - high delay in dispatching

How to Fill two different queries for a radio button with two values

TERM command

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

Eval groupping

YOY Analysis showing up until today's date

Session duration calculates the wrong time (cant work out why)

How to replace a field value in a static lookup in Splunk using Splunk search query

Dedup multiple fields into one list

Why is Splunk 6.5.1 not able to search when event has data with delimiter ~ while field extraction is working as expected?

How to use value of one search and get more details about the value from another search

How do I display the date in my report with the the data ?

Acquisition method of difference of count number

How to compute the total time spent from splunk timestamp

Issue With Date Range

Creating a timechart for a query with percentages and a join.

Why is the following search that contains "field=" not retuning results unless I use a wildcard?

Create a table based on values from two JSON payloads

dedup problem

データのモニター設定で取り込まれない

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions