Splunk Search

Discussions

Thread Info

Eval Time_Diff

I am having trouble getting a result to appear for the below query. I am trying to produce a column showing time_diff...

by New Member in

To what degree does chaining (or nesting) automatic lookups actually work?

Example: Say I have two lookups A and B. Let's say they're both file-based lookups (even though I don't think it act...

by SplunkTrust in

How do I fine tune my custom scoring system?

| inputlookup scanner_visibility.csv | lookup visibility_blue.csv Acronym AS application local=t OUTPUTNEW "Risk Scor...

by Communicator in

Using the value of a subsearch in main search

I am trying to create a search that gets the top value of a search and saves it to a variable: | eval top=[| eval ...

by Engager in

Subsearch assistance - feel like I'm close

I have ldap logs that give me events that look like this: Feb 21 13:13:22 ldap.foo.com slapd[28026]: conn=15306 fd...

by New Member in

need help to hold the status of a job from an event and make it count till next status change event and show it in the timechart

Hi Ninjas, I have following sample events in splunk. [02/18/2020 10:47:15.1318] CAUAJM_I_40245 EVENT: CHANGE_ST...

by Explorer in

Field Extraction help

Hi, I have events in the following format. It would either be a "Successful log in" or a "Unsuccessful login". I'm...

by Path Finder in

Saving the top value of a search to use in a separate search.

I am trying to save the top 1 value of a field from a search to a variable. I then want to use this value to input in...

by Engager in

Time Chart and DBXquery

I am new to splunk. I have a DB connection from where I am fetching a table. I want to create a dashboard for with x-...

by New Member in

error on tag and dedup in search

Hi all, I have a weird error on my splunk instance 7.3.0. I created a tag called application_web, if I try to use ...

by Path Finder in

Need to get the help about the substraction.

Hi, status count ERROR 9346 PROCESSED 148066 PROCESSING 149571 I want to do the subtraction for above exampl...

by New Member in

Using a lookup table to fill multiple subsearches to show hierarchy of user data

I have a lookup table that shows all the next-level managers of a particular manager as UserManager UserManagerx1 Use...

by Communicator in

How to extract fields from my string logs

I have something like below logged in as a message. How can i replace "This is my logfile ** ->" with empty and then...

by Path Finder in

How to find out the record which has unique value

I have records have 2 fields: phone number result 1111 success 2222 success 2222 failed 3333 success 3333 faile...

by New Member in

Help With Extractions Involving Microsoft AV Hashes

Inconsistency with file names coming from Microsoft AV hashes is causing alerts to populate null results when firing ...

by Path Finder in

Blacklist WinEventLog::/Security with user names ending in $

I'm trying to get a blacklisted log entry that works on Universal Forwarders to filter out specific event codes with ...

by New Member in

How to use regex and format strings for an XML sample without using KV_MODE=XML?

Hi, I want to use REGEX and FORMAT strings for an xml sample as given without using KV_MODE=xml So i am trying to ...

by Explorer in

Question on no data in index "no results found"

I have 2 situations to address.. 1. if no data in index for timeframe , create a blank row with "no data" and come ou...

by Builder in

Detect most delay transactions

How can I find most delay transactions? Here is the log file like below, I want to find which transaction delay and s...

by Motivator in

Last 3 occurrence not like

So my below query gives the result of Rejection % but I need to also filter this one step more where it should not sh...

by Path Finder in

pick the last value in an array?

(Apologies in advance since I am not even sure what question to ask and how to ask it. I'll rewrite it once I get a b...

by Contributor in

I am trying to use regular expression to remove the keyword %5C from my extracted filed

The below is the text we are capturing Filename= &Filename=C%3A%5CUsers%5Cjbaile16%5CAppData%5CRoaming%5CDocumentum%5...

by Engager in

Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong?

| table Account "Estimated Gain_Loss" | addcoltotals labelfield="Account" label="Totals" | sort -"Estimated Gain_Los...

by Loves-to-Learn Lots in

Calling an eval-macro

Hi All, I can't put an eval before my search syntax so I am trying to use an eval-Macro called "FriendlyEval" However...

by New Member in

How to combine two indexes with Stats?

Following a super helpful thread here https://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Eval Time_Diff

To what degree does chaining (or nesting) automatic lookups actually work?

How do I fine tune my custom scoring system?

Using the value of a subsearch in main search

Subsearch assistance - feel like I'm close

need help to hold the status of a job from an event and make it count till next status change event and show it in the timechart

Field Extraction help

Saving the top value of a search to use in a separate search.

Time Chart and DBXquery

error on tag and dedup in search

Need to get the help about the substraction.

Using a lookup table to fill multiple subsearches to show hierarchy of user data

How to extract fields from my string logs

How to find out the record which has unique value

Help With Extractions Involving Microsoft AV Hashes

Blacklist WinEventLog::/Security with user names ending in $

How to use regex and format strings for an XML sample without using KV_MODE=XML?

Question on no data in index "no results found"

Detect most delay transactions

Last 3 occurrence not like

pick the last value in an array?

I am trying to use regular expression to remove the keyword %5C from my extracted filed

Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong?

Calling an eval-macro

How to combine two indexes with Stats?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Windows Session Tracking

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions