Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you compare a previous average with the current actual count?

Hello, I am trying to write an SPL to do the below but hitting a road block. Can someone please help!! Date ...

by Explorer in

How do i display the latest event from two event IDs by computer name?

Hello, I am trying to complete a query that allows me to see both the latest failed and successful backups from e...

by Path Finder in

What would be the best way to use index and source type for multiple projects?

Hi everyone, I am new to Splunk and i have a quite a few projects in my organization. I know that an index can hav...

by New Member in

Can you help me combine 2 queries into a timechart?

Hi all, I have the following data and I need some help to progress further. I have fields: _time uniqueId actio...

by New Member in

How do you use the value of the lookup filename as a field in the search result?

Here is the search and lookup, I need to capture the value, last_logon_lookup_20180928.csv We need the value in bo...

by Explorer in

Drilldown on results of a subsearch not working

Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't...

by Engager in

How to use a different time range within a subsearch?

Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subsea...

by Engager in

How to add % symbol with data labels in charts?

I want to add % symbol with both the y-axis legend and data labels Thanks in advance!

by Path Finder in

How to get Splunk btool command to return an exact match?

Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I u...

by Communicator in

How do you extract a hostname from a source path?

Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ...

by New Member in

Join Earlier Joins with Later

I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm us...

by New Member in

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical ...

by Path Finder in

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost ...

by New Member in

Subsearch leading to

I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear...

by Engager in

How can I make my table results in 3s time intervals?

Query I am running: index="dcg-video-eng-live-services-stage" | spath "message.req.originalUrl" | search "message....

by Path Finder in

How can I split JSON into multiple events?

Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multipl...

by Path Finder in

How do you create a lookup from a range of values?

Hi, I am trying to create a report in which I would like to get the field value by looking into a range of values ...

by Path Finder in

How do I convert epochtime = -1 to a human readable format?

I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ...

by Explorer in

How should I rename a dynamic value after using the timechart count by?

Hi All, I am using this search string as below : (some data- index, host, etc)............. | xmlkv | search "ns0:...

by New Member in

How do I make a query which finds logs where the value for a field matches?

Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped togethe...

by Explorer in

Splunk Search

Discussions

How do you compare a previous average with the current actual count?

How do i display the latest event from two event IDs by computer name?

What would be the best way to use index and source type for multiple projects?

Can you help me combine 2 queries into a timechart?

How do you use the value of the lookup filename as a field in the search result?

Drilldown on results of a subsearch not working

How to use a different time range within a subsearch?

How to add % symbol with data labels in charts?

How to get Splunk btool command to return an exact match?

How do you extract a hostname from a source path?

Join Earlier Joins with Later

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Subsearch leading to

How can I make my table results in 3s time intervals?

How can I split JSON into multiple events?

How do you create a lookup from a range of values?

How do I convert epochtime = -1 to a human readable format?

How should I rename a dynamic value after using the timechart count by?

How do I make a query which finds logs where the value for a field matches?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Why does my set union command result in two datase...

Search types and bloom filters

Improve Speed of Correlation Search

"StatsFileWriterLz4 file open failed" error after ...

Several subsearch with metrics index

Splunk Search

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>