Splunk Search

Discussions

Thread Info

How to sum multiple individual columns into a flat row

I have a search that based on a lookup that is pulling names and totals over the course of a 24 hour period or week b...

by New Member in

Splunk Report

I have a enteries in logfile that has information like the following two - transaction sucessful. Request: {empNam...

by Path Finder in

Guidance needed on how to display current waiting time by shift

I am really struggling on how to frame the question. In essence I need to display the duration trucks are spends wait...

by New Member in

How to show table data on map using latitude & longitude?

I am working on a query where I have a data in below format: How can I show these hub Ids on the map with...

by Explorer in

How to count lookup matches by the field values in the Lookup?

Hi, I was given a request to use csv lists (i.e. lookups) with keyword values to find USB writes in an index where a ...

by Builder in

How to forward indexed data to RSA NetWitness?

So I will start with the details of my setup. I am running a single server instance on a network of ~300 endpoints. A...

by New Member in

Passing multiselect in Where clause

I've a multiselect. <label>Grade</label> <default>9,6,7</default> <fieldForLabel>grade_name</fieldForLabel> ...

by New Member in

Convert Date Timestamp in Lookup for Drill-down

I have a dashboard that queries a Lookup file. The Lookup file contains a column containing Date Timestamps in this f...

by Explorer in

How to match and obtain a fields values from subsearch based on parent search filed value and aggregate on same table

Hello Friends, I am collecting an event log data from an Internal App on Windows to an Index called "pr" I have a ...

by Engager in

Combining fields

How to combine three fields in one field and display it as table? I need one field called emails consisting of from, ...

by Explorer in

Lookup Definition - Default Matches not working as expected

Hi, I have built a lookup table, definition & automatic lookup. I've set the definition to; Min Matches - 1 Max...

by Explorer in

How to alert on license pool violation and can i trigger a search upon the violation

Hi, I'm referencing this post - https://answers.splunk.com/answers/321226/how-to-create-an-alert-to-notify-me-via-...

by Champion in

Convert time to epoch time & time zone

In my index, I have a field that has been extracted for a "last checkin time". The time shown is GMT and I need to us...

by Contributor in

親IDと子が持つ親IDが一致している場合に子にデータを追加する方法

お世話になります。以下のようなデータがあります。 Index A（工数データ） id,issue.id,man-hour a c 2 Index B（チケットデータ） issue.id,parent....

by New Member in

Add a percentage row into a chart?

Hello there! I want to add a percentage row into a chart table. string: index=smsc tag=MPRO_PRODUCTION DATA="80...

by Engager in

How to capture CPU Load Average shown in Windows Task manager in Splunk

Hi, I am trying to create a report to capture overall CPU Load average. I have created a search query in splunk using...

by New Member in

extract a string from email id from raw logs ?

One of the sample log is as follows :- time="2020-02-12 13:45:37" user-name="abc12345@def-ghi-01.com" proto="HTTP...

by Builder in

How to find count of occurrences of each IP for the first 15 mins starting from the first occurrence of each IP ?

Say I have an index A which has all the IPs logged during the day. So every event has an IP and the timestamp it was ...

by Path Finder in

Searching CSV against a INTERESTING FIELDS of

I have uploaded a CSV and I'm attempting to search it against a INTERESTING FIELDS of of DisplayName with any sourcet...

by New Member in

How to calculate percentage of data which has two different values between these two values

Here I have 3 fields "Status", merchantID & count. I am trying to find out the percentage of "CONFIRMED" and "REJECTE...

by Path Finder in

Regex in lookuptable

Hi, Can I use a regex in a static lookup table,I want to filter some alerts that trigger frequently like Subst...

by Explorer in

CSV Lookup for search query

I have a search query like this index=ppt sm.to{}="12-12-518@dt.com" OR sm.to{}="050920@cp.com" |table sm.to{} sm...

by Explorer in

Why is my lookup search returning error "All of the fields in the lookup table are specified as lookups, leaving no destination fields"?

Hello All, I am a Splunk noob, and I am trying to make a lookup work. Specifically, I am creating a lookup table o...

by New Member in

how to follow events on a field with different value

Hi guys, I am new to splunk. I have multiple events that looks like this: - 2020-02-07 07:21:20 action_time="2020-...

by New Member in

how to group or follow fields with different value

Hi guys, I am new to splunk. I have multiple events that looks like this: - 2020-02-07 07:21:20 action_time="2020-...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to sum multiple individual columns into a flat row

Splunk Report

Guidance needed on how to display current waiting time by shift

How to show table data on map using latitude & longitude?

How to count lookup matches by the field values in the Lookup?

How to forward indexed data to RSA NetWitness?

Passing multiselect in Where clause

Convert Date Timestamp in Lookup for Drill-down

How to match and obtain a fields values from subsearch based on parent search filed value and aggregate on same table

Combining fields

Lookup Definition - Default Matches not working as expected

How to alert on license pool violation and can i trigger a search upon the violation

Convert time to epoch time & time zone

親IDと子が持つ親IDが一致している場合に子にデータを追加する方法

Add a percentage row into a chart?

How to capture CPU Load Average shown in Windows Task manager in Splunk

extract a string from email id from raw logs ?

How to find count of occurrences of each IP for the first 15 mins starting from the first occurrence of each IP ?

Searching CSV against a INTERESTING FIELDS of

How to calculate percentage of data which has two different values between these two values

Regex in lookuptable

CSV Lookup for search query

Why is my lookup search returning error "All of the fields in the lookup table are specified as lookups, leaving no destination fields"?

how to follow events on a field with different value

how to group or follow fields with different value

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions