Splunk Search

Discussions

Thread Info

Calculate last 3 months count average and compare the result with last month count

I want to calculate last 3months count and take its average and need to compare with last month total count. For exam...

by Explorer in

use case - Long running search query

Hi, For a testing purposes, can i have few long running search SPL queries please. Using the search tutorials sample ...

by Super Champion in

Need to compare the last hour values of the fields with current one hour

Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease ...

by Communicator in

Help with dur2sec function not displaying

Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to spl...

by New Member in

How to post process this query to display timechart instead?

Hi, I have this query that I use as a base search query. host=NETWEBA* sourcetype=iis NOT("ErrorGuid") cs_uri_s...

by Engager in

how to display a field two times in a table with the original values and after a rename of the values

hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am...

by Motivator in

Show result of multiple queries as rows of single Table (one query=one row)

Hi, I have a multiple search queries for which I have created separate panels in Dashboard, each showing the output a...

by Builder in

Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment?

We have an established Splunk Enterprise production environment that several departments use. Some people want to dev...

by Splunk Employee in

Can a variable value which depends on a dropdown token be included in search?

Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The v...

by New Member in

How to access data in rows of table and then search further using each of those values?

Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task i...

by New Member in

Search Help - Add Index to this _internal Search - And combine hosts

I would like to add which index each of these hosts comes from in this search. index=_internal source=*/metrics.lo...

by Builder in

join retrieving wrong results

| inputlookup fnms_copy1.csv | eval MACaddress = replace(MACaddress,":", "") | where MACaddress!=" " | rename MACaddr...

by Explorer in

How do you specify chart colours for a JSStack chart?

I have a simple column chart with fields '-','High', 'Medium', 'Low', 'None'. I am using JS stack with the following ...

by Contributor in

Using where in search

I have the following search index="pan" (dest_ip="192.168.*" AND NOT src_ip="192.168.*" AND NOT src_location="AU" ...

by Contributor in

How to stats by merging multiple events

I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] projec...

by New Member in

How to combine specific values from two multivalue fields

I have Splunk pulling in data from a lookup and creating two multivalue fields. I want to combine these two into a th...

by Engager in

Correlating fields and printing some fields .

Logger 1: has StartId: 1234, and commitCode as 101. Logger 2: has EndId: 1234(which is same as start ID), WebOrderID:...

by Contributor in

Find the LAST instance of an extracted field

I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.1...

by Communicator in

Searching multiple log messages and count their occurrence

index=my_index earliest=-30d "[ERR] Failed to connect with downstream node" OR "[ERR] Failed to authenticate downstre...

by Explorer in

Need another column in chart

Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that w...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculate last 3 months count average and compare the result with last month count

use case - Long running search query

Need to compare the last hour values of the fields with current one hour

Help with dur2sec function not displaying

How to post process this query to display timechart instead?

how to display a field two times in a table with the original values and after a rename of the values

Show result of multiple queries as rows of single Table (one query=one row)

Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment?

Can a variable value which depends on a dropdown token be included in search?

How to access data in rows of table and then search further using each of those values?

Search Help - Add Index to this _internal Search - And combine hosts

join retrieving wrong results

How do you specify chart colours for a JSStack chart?

Using where in search

How to stats by merging multiple events

How to combine specific values from two multivalue fields

Correlating fields and printing some fields .

Find the LAST instance of an extracted field

Searching multiple log messages and count their occurrence

Need another column in chart

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to convert large bytes to human readable units...

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...