Splunk Search

Ask a Question

Discussions

Thread Info

Can not use earliest and eval together with map command

Hi Splunkers, How can i use earliest time and eval command together with a map command. Earliest value and Day of ...

by Explorer in

Add additional fields to the end of timechart

Hello, I have a bar chart that looks like this: What I want to do is move the "Backlog" field to the en...

by Path Finder in

How to search with the value of field as a variable pattern to match other fields?

Hi Here is an example of what I am after. I am trying to search URL strings that contain a specific domain.tld as...

by Builder in

How to match an IP address from a lookup table of cidr ranges?

I'm trying to search records where the destination IP is in a lookup table consisting of a list of cidr ranges, but t...

by Path Finder in

Get Utc in your _time dimension when using TimeChart

Hi, Intro: I understand that splunk populates the _time field at index time, from valid date strings in the raw ev...

by New Member in

Disable automatic lookups for a search

I am using a summary index where the events being added to it contain different types of data, and therefore have dif...

by Path Finder in

Qualys: Vulnerabilites Up trend/Down trend Over Last 7 Days

I am trying to put together a search that shows all of my vulnerabilities in Qualys for all of my servers that are be...

by New Member in

Is there a better way to join two sub-searches and 2 lookup-tables to main search?

So lets say i have three searches i need to join data from: Main search (search_int) has the following fields: ...

by Observer in

文字列を抽出して、テーブルにそれぞれ入れたい。

以下のログ例）からフィールドを抽出して、テーブル①、テーブル②に分けたいのですが、そのためのサーチ文をご教示いただけますでしょうか。 -----ログ例）------- hostname:hogehoge group:[ { ...

by New Member in

Length of every column in a table?

I have a table with ~50 columns. I am doing an addcoltotals on the table, but this only adds up the numeric fields. C...

by Explorer in

Help with stats needed

Hello, I have following search: index=mlbso sourcetype=*_abaptraces (( mtx OR mmx OR mm_diagmode OR sigigenacti...

by Builder in

Latest time and the corresponding raw data

Hi, Can anyone help me how to get the latest time of an event and its corresponding raw logs(_raw). When i use stats ...

by Explorer in

How to compare Column Chart with Line Chart?

I need to show in a column chart the count for the top 5 destination hosts in proxy logs and above it a line of summe...

by Explorer in

Search without join for multiple index

Hi, I have a requirement where I have 2 Index, I want to display the raw data, Below is the query I tried but I am...

by Path Finder in

Matching patterns in multiple varieties of field values

I have an index=os It has a field name os_description. This field has multiple versions/flavors of os mentioned in va...

by Builder in

How come the comment "macro" is not working?

I must be out of my mind. The comments built-in macro since version 6.5.0 gives me an error that it can't find the ma...

by Contributor in

does not appear in the field

Hi all I have event like that. 2019-10-26 15:00:09.158, servicename="ROOT2", area="SCP", place="tokyo", path="AAA1...

by Path Finder in

Counting session IDs across multiple fields

Hi all, brand new to splunk search syntax. I have a command like so: ... | stats count by userAgent, browserVersio...

by Engager in

How to select particular path using `where` ?

I have the followinf query sourcetype="server" host=*localqa* | stats count by Path | rex field=Path "\...

by Path Finder in

Inputlookup trend for 24hrs,7 days showing same graph

Hi experts! Since I am new to Splunk, I understand that we cannot use a time chart with inputlookup(?). But I am u...

by Explorer in

How to automate timechart for multiple users/fields?

Greetings all, Noob here. I have the following timechart: index=fileshare user_login=john_doe@mycompany.com (ev...

by Path Finder in

How to pull stats to display etime, bind_id, conn, and the search_filter for any operation that takes longer than 20 seconds

Hi all, I'm working with a sample log snippet below. The overall goal is to get stats about long-running operations. ...

by Explorer in

a blank tab created after clicking "open in search" in specific dashboard panel while SPL is ~10K long

We have a critical dashboard where users need to click on the magnifying glass to open up that search in a search win...

by Splunk Employee in

Creating a query for Sankey diagram from log data

I have a set of log data that is basically in this format: Event timestamp user 6 10/14/2019 1:29 U...

by Explorer in

Can we generate a report per index that shows the time back stats of the queries?

We need to decide soon how much storage to allocate to the hot/warm volume versus the cold one. Therefore, I would li...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can not use earliest and eval together with map command

Add additional fields to the end of timechart

How to search with the value of field as a variable pattern to match other fields?

How to match an IP address from a lookup table of cidr ranges?

Get Utc in your _time dimension when using TimeChart

Disable automatic lookups for a search

Qualys: Vulnerabilites Up trend/Down trend Over Last 7 Days

Is there a better way to join two sub-searches and 2 lookup-tables to main search?

文字列を抽出して、テーブルにそれぞれ入れたい。

Length of every column in a table?

Help with stats needed

Latest time and the corresponding raw data

How to compare Column Chart with Line Chart?

Search without join for multiple index

Matching patterns in multiple varieties of field values

How come the comment "macro" is not working?

does not appear in the field

Counting session IDs across multiple fields

How to select particular path using `where` ?

Inputlookup trend for 24hrs,7 days showing same graph

How to automate timechart for multiple users/fields?

How to pull stats to display etime, bind_id, conn, and the search_filter for any operation that takes longer than 20 seconds

a blank tab created after clicking "open in search" in specific dashboard panel while SPL is ~10K long

Creating a query for Sankey diagram from log data

Can we generate a report per index that shows the time back stats of the queries?

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions