Splunk Search

Discussions

Thread Info

How to use two different search time ranges in one splunk rule?

I have the following scenario: I have to find events with certain specifications in the last 15 minutes, and the sear...

by Path Finder in

Is it possible to split lines and re-use certain fields?

I have thise event: ID=FAKE_ID_NAME,TS=1570441680,F1=1380,F2=60,F3=60,F4=1500 For my analysis it would be very ...

by New Member in

How to combine multiple field values to create single field name in eval statement.

Hi, I'm trying to combine the values of multiple fields to together form a single field name in an eval if stateme...

by New Member in

Use Kafka Streams to perform Splunk Transaction

Hello, My client uses an email solution that produces a log for each step in email processing, hence, we have a va...

by New Member in

timechart sorting multiple fields

I have the following query index="search_index | timechart avg(time1) as time1_in_mins ,avg(time2) as time2_in_m...

by Path Finder in

Matching showing incorrect values

Hi guys & girls, about the following query: | makeresults | eval expectedm="10" | eval expectedM="1" | eval mat...

by Loves-to-Learn Lots in

Using external lookup and mstats together

Hi All, I have a search like this: | mstats span=1d sum(_value) as "ClosedTime" WHERE index=metrics_prod metric...

by New Member in

Count of values in from values() function

hello there, I am trying to create a search that will show me a list of ip's for logins. issue is i only want to s...

by Path Finder in

How to use Splunk ODBC driver to import an excel report to splunk?

Hi All, I want to import a scheduled excel report generated from one prod system to splunk. When I manually import...

by Explorer in

help for doing a pie chart from 2 subsearch

hi I have the search below `test` [| inputlookup host.csv | table host | rename host as USERNAME...

by Motivator in

Good design ?

so I have 1000 pages in my application .. I want to check which pages are performing poorly ... a trend .. I am t...

by Contributor in

extracting value from complex JSON

Hi, need help on how to extract dat from this JSON. i have used spath to extract a part of my JSON to get this data s...

by Loves-to-Learn in

Return only those events who exist in consecutive time bins

So I'm working on a search that returns standard network stuff and using a bin to bucket the data by a day. Something...

by Path Finder in

Drilldown Search Removing Math Operators

I am using the new Drilldown feature in Splunk Enterprise 6.6 to drilldown to a search. In the Drilldown Editor di...

by Path Finder in

Splunk query not giving me results

HI All, Could any one help me in this on urgent basis: My query is malfunctioning : index=auto_prod_okta eventTyp...

by Path Finder in

Joining two queries using Append and results are different

Hello Experts Actually I am trying to join the results of two queries and show in dashboard. There are 3 indexe...

by Explorer in

How to generate timely fake event and compare with real event

Hello all, how do I create a timely dummy event (without using "|lookup" external file) to compare with the real gene...

by Path Finder in

What's the difference between NOT and != ?

It appears to us that NOT and != are different. It seems that != <val> implies that <val> is not empty. Is it right?

by Motivator in

How to pass earliest / latest parameters to a macro from a map section ?

Hello everyone, I'm stuck since many days trying to understand what is preventing Splunk from passing arguments to...

by New Member in

Advanced filtering on |inputlookup command

A large kv lookup table (>2M entries and growing) holds metadata and is processed on a regular schedule to solve some...

by Builder in

Lookup csv file not producing correct results

Hello, I have a lookup file called fs_src_mac_tg.csv has two columns: src_mac and exists src_mac = a list of mac addr...

by Explorer in

Timechart automatic high resize

Hi, I've got a timechart with different columns (depending on the search). If I don't get many columns, the high of ...

by New Member in

Dew Point Calculation

I am trying to produce or calculate the Dew Point in Celsius of data in two separate indexes. I believe the offcia...

by Explorer in

Regular expression in log message

I'm struggling now. Could you please help me? There are two hosts. they have same log data. the host name is di...

by Path Finder in

Join not working

index="event" | rex field=Macaddress mode=sed "s/(.{2})/\1-/g s/-$//" | rename Macaddress as "macAddress" | eval Se...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use two different search time ranges in one splunk rule?

Is it possible to split lines and re-use certain fields?

How to combine multiple field values to create single field name in eval statement.

Use Kafka Streams to perform Splunk Transaction

timechart sorting multiple fields

Matching showing incorrect values

Using external lookup and mstats together

Count of values in from values() function

How to use Splunk ODBC driver to import an excel report to splunk?

help for doing a pie chart from 2 subsearch

Good design ?

extracting value from complex JSON

Return only those events who exist in consecutive time bins

Drilldown Search Removing Math Operators

Splunk query not giving me results

Joining two queries using Append and results are different

How to generate timely fake event and compare with real event

What's the difference between NOT and != ?

How to pass earliest / latest parameters to a macro from a map section ?

Advanced filtering on |inputlookup command

Lookup csv file not producing correct results

Timechart automatic high resize

Dew Point Calculation

Regular expression in log message

Join not working

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions