Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can I correlate two fields which exist in separate events but share a common field?

I have a group of events which has the sourcetype "users" The events within sourcetype=users contain the format: ...

by Explorer in

fix this issue of filtering data in second LOOKUP as here Second lookup is only for checking condition when client is null to search lookup file

index=wineventlog host=ATLINFPSAS3 sourcetype="WinEventLog:Security" ApolloClientReports NOT "*Symantec Endpoint Pro...

by Engager in

Dropdown is not populated when using base search

Hi, I am not sure if I understand how base search is really working as I am having an issue with following code (s...

by Path Finder in

transforms.conf regex only n characters of a line

Hi Experts, I want to filter for a line with a string. But display only first n characters. Note: My input has oth...

by Builder in

How to extract field and check if the value is greater than 300 for the last job?

Hello, I have log that contains this value : <0> 10/03/19 16:55:00 : Maintenance counter "UV Calibration" Value...

by Communicator in

How to create a search on charting time?

I have some users with shift timings (Start and End time in a lookup file). How can I use Splunk to chart their avail...

by New Member in

extract different models by audio and vedio type per day

Hello Everybody, I would like some help in sorting out different models with same kind and showing in a chart with...

by Path Finder in

I would like show sparkline from outputlookup table

I would like to improve search performance by preload data into csv or kv-store with sparkline. How do I display spar...

by Explorer in

how to extract values and make a "timechart span=1day"

Hello everyone, I have different device models in A1 and B1 where "A1" is calling device model and B1 is receiving...

by Path Finder in

Add Line Breaks with Eval

This might be a silly question, but has anyone figured out how to add line breaks to text that has been evaluated wit...

by Communicator in

How Define a variable to use it in other search?

Hi experts, im trying to definde a variable in my search to use is in other search. it should work as a filter in the...

by New Member in

Create a baseline for each day of the week

Hi guys, I have query regarding how i can break my search for one month into weekly searches. I have been given...

by Explorer in

Multiple search values pass to another search

I have a query which returns 100 ids(ids are dynamic). I have to search for these 100 ids in another log and see if t...

by New Member in

Smart-mode search emits only one row of stats but gets auto-finalized for disk usage

I have a user whose monthly report search is being auto-finalized due to disk usage. I've ensured there are no other ...

by Communicator in

I want to pick up values from different columns from lookup files according to the sourcetype.

I want to pick up values from different lookup files according to the sourcetype. | lookup error_rules.csv EventSubTy...

by Loves-to-Learn in

Why are my timechart results getting skewed?

I have come across an issue with my timecharts. When I do a search for all day on Feb 26th and check 9AM, I see 1...

by Path Finder in

How to calculate request arrival rate only for weekdays and exclude weekends for PST time?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

How to setup a query to search and find file names with the current time value?

Hi, I have a query that searches a field i.e. filenames with a value in this format >> filename = folder_name/s...

by Builder in

Why is the description field not functioning when using eval?

Below is the search string I am using. Everything works like perfect except for the description field. The field rema...

by New Member in

Join or Subsearch performance

Hi all, I have a performance question about "join" and "subsearch". Even join is a ressource-guzzler command I saw...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

How can I correlate two fields which exist in separate events but share a common field?

fix this issue of filtering data in second LOOKUP as here Second lookup is only for checking condition when client is null to search lookup file

Dropdown is not populated when using base search

transforms.conf regex only n characters of a line

How to extract field and check if the value is greater than 300 for the last job?

How to create a search on charting time?

extract different models by audio and vedio type per day

I would like show sparkline from outputlookup table

how to extract values and make a "timechart span=1day"

Add Line Breaks with Eval

How Define a variable to use it in other search?

Create a baseline for each day of the week

Multiple search values pass to another search

Smart-mode search emits only one row of stats but gets auto-finalized for disk usage

I want to pick up values from different columns from lookup files according to the sourcetype.

Why are my timechart results getting skewed?

How to calculate request arrival rate only for weekdays and exclude weekends for PST time?

How to setup a query to search and find file names with the current time value?

Why is the description field not functioning when using eval?

Join or Subsearch performance

How to write query for Windows Remote Desktop Conn...

How to Detect 4 Commands run Within a 1 Second Tim...

Help with Transforming an ingest of timestamped da...

How to generate alarm for when CPU peaks at100% o...

Difference between per_second and span=1s in timec...