Splunk Search

Discussions

Thread Info

Compare IP_address field in 2 indexes and ignore the data with the same values / or matches and display the rest.

Want to run a report by comparing 2 indexes on " IP_Addresses" field. Ignore any matching " IP addresses" (If IP a...

by New Member in

Does someone have a lookup table for user agent strings (browser, os, versions, ect.) that they can share?

I've seen a Python script and App for this, but not a lookup table. Since my admin is not willing to install either o...

by Explorer in

compare find missing values from two indexes same field heading /name

Trying to create a report using two indexes on same field "Pcname". Different datatype one of from Active Directory a...

by New Member in

How to get stdev and avg from a multi column timechart for eventflow trends

Hello! I want to compare my event flow rate from the benchmark (last 21 - last 7 days [14 days in total] to the la...

by Observer in

Abandon Rate

Hi, I am trying to find the abandonment rate for users who started the registration process but didnt complete it wit...

by New Member in

PREAMBLE_REGEX

I've got a log file I'd like to have the Universal Forwarder watch and index, but there are 34 lines at the beginning...

by Explorer in

Why is multiple stats count eval not working?

SEARCH | stats count(eval(Status="1")) as Assigned count(eval(Status="2")) as In_progress, count(eval(Status="3")) as...

by Explorer in

How to search for latest case output

My search looks something like this: index=name | eval request=case(X, Y, X, Y, X, Y) | stats latest(request) as R...

by Explorer in

"An error occurred while fetching data" using a base search in a SH cluster

Here is the case: I've build a dashboard with 6 graphs/tables all using the same base search. It works like a char...

by Path Finder in

How do I write the regular expression to extract the domain name from email addresses in SMTP logs?

Hi, I am really new to Splunk and Regular Expression stuff. I was planning to extract just the domain names of all...

by Explorer in

please help on how to achieve the below kind of lookup/rename for 100+ fields of my events

My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl...

by New Member in

how to add same values totals in the field

Status Count Failed 2 Passed 16 Skipped 22 Failed 66 Passed 7 Skipped 8 Please help me out on how to add the value...

by Explorer in

Dedup command not working after using the stats list command

When I am running the following search: index=main sourcetype="access_combined_wcookie"| stats list(useragent) as ...

by New Member in

2つのIndexerのデータを連携する方法をご教授ください

２つのデータを別のindex名でインポートしました。 ２つのデータは、共通の端末IDにてリンクを取ることが可能です。・データA：各端末のバージョンを持ったデータ・データB：各端末のエラー情報を持ったデータやりたいこととして...

by Engager in

How to extract an IP address across different pattern of events?

I'm trying to extract IP (v4) addresses from different events. For instance, for an event such as: [...] sent ping...

by New Member in

Discarding source type data from _raw event after per-event source type override?

Disclaimer: This is a "self-answering" question: I'm already doing what the question asks. I'm "asking" this question...

by Builder in

How to break out eventstats by day?

I have an eventstats search that is working well. What I am having a difficult time with is that I am unable to retur...

by Explorer in

results are being truncated in join query

Problem: i have 200000 splunk events from which i only want 15000 events ( like vlookup in excel) Splunk event...

by New Member in

Finding events immediately following/preceding another event

tldr: I have an event of interest, and I want to find the next qualified event after it, but without specifically usi...

by Explorer in

How to rename extracted values

I have the following data: Code Area 1234.1234 ABC 9933.9933 DEF 6611.6611 GHI 8910.8910 ABC 8910.1...

by Explorer in

Lookup Table Question

Hello, This probably a stu*** question, but I am not able to find a clear answer. My code to generate the lookup t...

by Builder in

Timechart of two stats with split by same field, one as overlay, then color code columns based on uncharted value

I've been doing ugly hacks around this need for months and now I need to dig in and figure out an eloquent solution e...

by Communicator in

What would intermittently cause less events to return the raw data versus the total number of events it says it matched on?

This has been happening every now and then on our instance where we will have users run a search, it says it will ret...

by Contributor in

Log extrapolation problem

Good evening We have installed Splunk Enterprise Version 6.6.0.0. If we look for logs, the extrapolation is ok. If...

by New Member in

How to format event in search

Hi, I am running a search and the event structure is displaying as: { [-] line: 2019-09-27 11:47:29,696 [ser...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare IP_address field in 2 indexes and ignore the data with the same values / or matches and display the rest.

Does someone have a lookup table for user agent strings (browser, os, versions, ect.) that they can share?

compare find missing values from two indexes same field heading /name

How to get stdev and avg from a multi column timechart for eventflow trends

Abandon Rate

PREAMBLE_REGEX

Why is multiple stats count eval not working?

How to search for latest case output

"An error occurred while fetching data" using a base search in a SH cluster

How do I write the regular expression to extract the domain name from email addresses in SMTP logs?

please help on how to achieve the below kind of lookup/rename for 100+ fields of my events

how to add same values totals in the field

Dedup command not working after using the stats list command

2つのIndexerのデータを連携する方法をご教授ください

How to extract an IP address across different pattern of events?

Discarding source type data from _raw event after per-event source type override?

How to break out eventstats by day?

results are being truncated in join query

Finding events immediately following/preceding another event

How to rename extracted values

Lookup Table Question

Timechart of two stats with split by same field, one as overlay, then color code columns based on uncharted value

What would intermittently cause less events to return the raw data versus the total number of events it says it matched on?

Log extrapolation problem

How to format event in search

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions