Splunk Search

Discussions

Thread Info

Dropdown input panel: Search is not changing as per dropdown selection

So I created a dropdown input panel for weekwise but my search is not changing as per dropdown selection - ... ...

by Explorer in

Charting percentage of a total over time?

I'm working with some HTTP access logs that have a status code in them. Most are successful messages, naturally. I wo...

by Motivator in

playing with data II

q1- how can i get c4 where c4 will always be difference of values in c3 against first of c2 - next of c2 for example ...

by Contributor in

How to create difference of two values

Q1: How can I get c4 where c4 will always be the difference of values in c3 against max of c2 - min of c2 For exam...

by Contributor in

Calculating percentages based on counts

I'm trying to get percentages based on the number of logs per table. I want the results to look like this: Table C...

by Engager in

Using dedup to keep the oldest events

Hi all, I know that the "dedup" command returns the most recent values in time. However, I'm currently in a situat...

by Communicator in

subsearch inserts AND

My ultimate goal is to grab the srcIP and time from an event in one index, then search another index for the same src...

by Communicator in

How to create time dependent thresholds from lookup?

Hello, I have a question on using lookups in a search. I want to achieve that I have a scheduled search to compare...

by Communicator in

How to use stats to join data and avoid the use of mvexpand?

Hello, I'm joining data from two different sources, basically I have a table with 3 fields: host, source1, source2. C...

by Explorer in

How to get an average from this search?

I'm using the following search which I have working in a dashboard. "A PUT was made to OpenAAA API - Status: OK" ...

by New Member in

help with multiple search in one SPL needed

Hello, I have the following search: index=_internal sourcetype=scheduler savedsearch_name="Anomaly Detection - ...

by Builder in

Comparing Field Value with last Month Value and show if different

Hi , I need help with following Log : 5th May device="devicename" policy="XYZ" BW_Limit="any number" Total_BW="any...

by Path Finder in

How to search IP with wildcard?

I want to exclude both primary and secondary IP addresses from a search. For example: src_ip!=192.50.244.10 AND...

by New Member in

Using token in query where token is evaluated in the query itself

I have the following query to be performed, where "STRING" is replaced across different queries. Is there a way to re...

by Path Finder in

How to access fields within a subsearch / Inputlookup

I cannot figure out how to use a variable to relate to a inputlookup csv field. service_tier.csv region, plan,...

by Explorer in

Special fillnull? Polulate null values with evaluated calculations

This is my code index="google_apis" source="https://www.googleapis.com/youtube" | timechart span=1h avg(subCount...

by Builder in

Why is the same search producing different results?

First off, before I even ask, let me state that using Splunk on Splunk is not a solution for us as we are trying to p...

by Builder in

I am trying to combine three indexes using left join but not all the values are showing up even though the data exists.

index=A | stats count by host ID | eval ID=upper(ID) | rename host as HOST, ID as USERID, count as LOGIN_FAILURES | j...

by New Member in

Extract access_combined from JSON msg field

Hello! I have JSON events coming from Pivotal Cloud Foundry. Included in the JSON is the 'msg' field which includes w...

by Communicator in

How to create a string that produce a weeks worth of averages?

How would I create a result like below: in avg(v2) of Last week and avg(v2) of current week Please guide. Thanks. ...

by Contributor in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Dropdown input panel: Search is not changing as per dropdown selection

Charting percentage of a total over time?

playing with data II

How to create difference of two values

Calculating percentages based on counts

Using dedup to keep the oldest events

subsearch inserts AND

How to create time dependent thresholds from lookup?

How to use stats to join data and avoid the use of mvexpand?

How to get an average from this search?

help with multiple search in one SPL needed

Comparing Field Value with last Month Value and show if different

How to search IP with wildcard?

Using token in query where token is evaluated in the query itself

How to access fields within a subsearch / Inputlookup

Special fillnull? Polulate null values with evaluated calculations

Why is the same search producing different results?

I am trying to combine three indexes using left join but not all the values are showing up even though the data exists.

Extract access_combined from JSON msg field

How to create a string that produce a weeks worth of averages?

realtime input

Invalid authorization - Code 3 - Why Splunk Zendes...

How to filter xml logs from wineventlog?

Combining multiple searches on multiple source fil...

How to use dst{} in data model?