Splunk Search

Ask a Question

Discussions

Thread Info

Column width adjustable table

Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you...

by Path Finder in

How to create a sub-search that looks for events 10 mins earlier

index=windows sourctype=bla EventCode=g host=abc user=cvb NOT [ search index=email |table _time,host |fields _time, ...

by Engager in

KV_Mode against Constant value host fields

I have a new data source that extracts quite well using KV_mode = auto (or KV_Mode=json). The data itself is a si...

by New Member in

Field extraction

I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/...

by Contributor in

How to alert when a deviation has been detected in volume between two time periods?

I currently use the following query to compare volume counts between current day and a week ago: sourcetype=abc in...

by New Member in

creating a scatterplot with time on the x-axis

I'm looking to create a multi-series scatter plot where time is on the x-axis. An example would be something like...

by Splunk Employee in

What's the difference between an event and a log

Can anyone explain me what's the difference between an event and a log. According to me, an event is set of logs ...

by Explorer in

How to create new field combined from existing fields

Hi I have such a table in which is described the proces of any TestMachine: A B C D TestStart TestStatus TestDuration...

by Contributor in

How to combine two searches into one table using count twice

I have two searches, one getting the current connections and the other getting an average. I'm trying to grab the fie...

by Path Finder in

How to get the row text from inputlookup in a variable for email alert

HI! I am using a CSV file to catch some alerts, and that part works fine, I catch all my alerts. index="main" ...

by Engager in

Comparing appVersions over time

Hi, I am trying to compare my latest app vs all the other app Version to evaluate adoption rate. I would like to disp...

by New Member in

Is it possible to use EVAL field in sendemail with DBXQUERY search?

I am needing to pass a custom date to the sendemail subject line and I know it is possible using a standard Splunk se...

by Explorer in

handling error issues

i ran a normal query, but it is auto cancelled after sometime ,so i am interested in why the query has failed.is ther...

by Engager in

How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf

Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I rece...

by Contributor in

Per day and Per second results not matching up.

I am running following queries to get event counts average per second and per day over a weeks period but the results...

by Path Finder in

Convert columns to rows

I have a table like below A B C 1 2,3,4 Hello Need a query for which output will be like below A B C 1 2 Hello ...

by Builder in

Multiple fields in one chart

Hi, I struggling to create chart, which will be with multiple field values (max,avg and min pauses) + need to see mo...

by Explorer in

How do i find out if a field contains part of another field?

Hello community. I'm struggling to find emails that have a word in the subject which also have the word in an atta...

by New Member in

How to get results for individual fields per second

I have the following query which gives me per second average results for the events. Is there a way I can modify it ...

by Path Finder in

There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior?

Rather than use 3rd party websites, we'd like to use Splunk to geolocate an address that may not yet be indexed. Simi...

by Explorer in

search show results not existing in logs.

Hi Splunker; I have the below search: index=winevents host=prdaddc02 OR host=PRDADDC01 OR host=DZITHQ-DC3 sourc...

by Path Finder in

Unexplained: Inconsistent/incomplete transaction eventcount when using maxevents with startswith

I am getting an inconsistent number of events in a transaction, relative to the value specified for maxevents=x: ...

by Explorer in

epoch time difference between first and last.

Hello All, I am trying to find the difference between first time and last time in epoch time. and i want the diff...

by New Member in

Help with regex with two different type events

Hello I have the below sample events Thu Sep 5 10:00:02 EDT 2019 XDB EXPIRED & LOCKED 28-SEP-11 CTXAPP Thu Sep 5 ...

by Builder in

Reading Event Counts for all indexes and then reading their corresponding Count for threshold Check Specified in the lookup File

Can Please anyone help me in building the query for my alert so that It takes the index name and its corresponding th...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Column width adjustable table

How to create a sub-search that looks for events 10 mins earlier

KV_Mode against Constant value host fields

Field extraction

How to alert when a deviation has been detected in volume between two time periods?

creating a scatterplot with time on the x-axis

What's the difference between an event and a log

How to create new field combined from existing fields

How to combine two searches into one table using count twice

How to get the row text from inputlookup in a variable for email alert

Comparing appVersions over time

Is it possible to use EVAL field in sendemail with DBXQUERY search?

handling error issues

How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf

Per day and Per second results not matching up.

Convert columns to rows

Multiple fields in one chart

How do i find out if a field contains part of another field?

How to get results for individual fields per second

There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior?

search show results not existing in logs.

Unexplained: Inconsistent/incomplete transaction eventcount when using maxevents with startswith

epoch time difference between first and last.

Help with regex with two different type events

Reading Event Counts for all indexes and then reading their corresponding Count for threshold Check Specified in the lookup File

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

I have been trying to use the CASE function in spl...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data