Splunk Search

Ask a Question

Discussions

Thread Info

How to find records where a field's value doesn't exist in a subsearch?

I have the following two searches: 1) earliest=-4h latest=now index="main" field1="somethingA" 2) earliest=-4h lat...

by New Member in

Field extraction

I'm trying to extract fields from this event using regular expressions, Multiple times I receive the following er...

by Engager in

Extract Second field from url

AbsoluteUri=https://website.api.net/hch6348/relay/6bcb449b-7d85-4f71-a6f4-fae37808627f-udcc1.crp.hs.com/script/wnbr.d...

by Engager in

Combining 2 queries based on a common value

1st query ns=mynamespace* app_name=A-api API=GET_INITIAL_DATA NAME=* 2nd query ns=mynamespace* app_name=B-api API...

by Path Finder in

Switching to Python3 in Splunk 8

I am testing my custom app, which I have converted to be compatible with python2 and python3, on a Splunk 8.0.1 insta...

by Explorer in

What is the quickest way to see if a host was ever indexed in Splunk?

Hi, What's the quickest way to see if a host was ever indexed in Splunk? I don't want to do an alltime search. Wou...

by Champion in

Build table based on multiple results

Hi, I have an issue and have no idea how to solve. There is a large log index. In this index are application logs...

by New Member in

Impact of Increasing the limit of stats list() from 100 to say 1,00,000

I am using stats list() for a use case. But the data I am dealing is lot more, than the limit that is set to =100 in ...

by Explorer in

Lookup Table vs. Summary Index

Hello, I need to create a table(?) to use for populating 4 dashboard dropdowns: time picker, user, user-id, and IP ad...

by Builder in

how to update table cell results based on another rows sharing common field.

Hello, In search query results some cells populate empty results for specific field. I am looking to update those ...

by Builder in

Line breaking behavior questions

My propfs.conf file for my app looks like the following : [bit_fuse_log] pulldown_type = true NO_BINARY_CHECK = tr...

by Path Finder in

iplocation is not working

Hello, iplocation is not working for some IP addresses (152.89.162.133 for example) But this IP location is in the Ge...

by Explorer in

Splunk management server backup and restore

Hello Splunkers.... I am trying to upgrade our management server from 6.6.2 to 7.3.2. I am taking backup of /opt/splu...

by New Member in

snap to 10 minutes

Hi , I want to snap to 10 minutes. I know how to snap to an hour for example: ... | eval _time=relative_time(_time,"@...

by Path Finder in

The "precision" and "recall" shown on GUI seems wrong in Machine Learning Toolkit

I tried "Predict Categorical Fields" of showcase in Machine Learning Toolkit. I calculated the "precision" and "recal...

by New Member in

Issue with strftime time function. It always adds few minutes to actual results

Hi Team, I have gone through the forum but couldnt find which suits my requirement. We are trying to calculate time d...

by New Member in

how to configure new string for Linux servers CPU check,how to configure string to get logs of CPU usages of Linux hosts

I have index=os-icon-rhel and there are many sourcetypes are confirmed except CPU check. how to add sourcetype=CPU fo...

by New Member in

How to create a table with several fields and totals by each value

Imagine that I have a table of results like this: Field1 Field2 Field3 Field4 Field5 Field6 Field7 Field8 Field9 1...

by New Member in

How to index perl hash data?

I have a the output of a Perl script as a Perl hash. I'm not able to run the script directly from Splunk, but would l...

by Communicator in

Sum of total files with same date

Hi, I've got a search that provides a table of 60 filenames. 30 filenames with a -3 days from today's date and 30...

by Explorer in

Why does the map command shows results only when the second query have value?

Hi Splunkers, I have first query which produces 50 results, am using map command to run different query for each 5...

by Path Finder in

How to create eval statement to get percentage from 2 fields extracted with spath on JSON data?

I have a field PP that I would like to use in eval statement to get a percentage from JSON data and using spath. H...

by Path Finder in

How do I search by unicode value?

Hi, I have the following example record: 30/08/2018 13:30:27.996;VM1;ASH;AccessModule;processPacketBuffer;MSISD...

by Explorer in

Custom Index

I have one specific dashboard that I monitor with 7 tiles on it, there are times when the dashboard searches auto can...

by Explorer in

Unable to access splunk web - license warnings - trial version

Hi, I just installed a trial version of splunk and I am unable to access web. I see the following messages : 01...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find records where a field's value doesn't exist in a subsearch?

Field extraction

Extract Second field from url

Combining 2 queries based on a common value

Switching to Python3 in Splunk 8

What is the quickest way to see if a host was ever indexed in Splunk?

Build table based on multiple results

Impact of Increasing the limit of stats list() from 100 to say 1,00,000

Lookup Table vs. Summary Index

how to update table cell results based on another rows sharing common field.

Line breaking behavior questions

iplocation is not working

Splunk management server backup and restore

snap to 10 minutes

The "precision" and "recall" shown on GUI seems wrong in Machine Learning Toolkit

Issue with strftime time function. It always adds few minutes to actual results

how to configure new string for Linux servers CPU check,how to configure string to get logs of CPU usages of Linux hosts

How to create a table with several fields and totals by each value

How to index perl hash data?

Sum of total files with same date

Why does the map command shows results only when the second query have value?

How to create eval statement to get percentage from 2 fields extracted with spath on JSON data?

How do I search by unicode value?

Custom Index

Unable to access splunk web - license warnings - trial version

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6