Splunk Search

Ask a Question

Discussions

Thread Info

Search for a value in a set of results, then indicate in a new field if the value was found

I have a somewhat complicated search whose results I present in a dashboard, and looks a bit like this: [ sear...

by Engager in

New field created through field transformation not appearing in search results

I have created a field called PROCESS via Fields » Field transformations I could not see in the field appe...

by New Member in

If len() then A else B

Hi All, I'm looking to include a If Else Check along with Len() Function along with Eval in my Search. My Raw s...

by Explorer in

How do I block GUI messages about missing indexes?

Since 7.3 the missing indexes message below goes to all my users causing many panicked questions about Splunk being d...

by Influencer in

Rename as Search vs Rename as Query?

Hi I need a little clarification as the related posts I have found are confusing. I inherited a lot of reports fr...

by Builder in

Why is imported error log producing wrong time and date stamps in results

Just installed Splunk Enterprise free edition on a Windows 10 computer. Downloaded a Wordpress error log from a de...

by Explorer in

How to search for the latest field value that is not equal to a certain value?

Hi Just not having luck with my syntax. I have proofpoint logs and I am looking for the latest final_action value tha...

by Builder in

Calculate last 3 months count average and compare the result with last month count

I want to calculate last 3months count and take its average and need to compare with last month total count. For exam...

by Explorer in

use case - Long running search query

Hi, For a testing purposes, can i have few long running search SPL queries please. Using the search tutorials sample ...

by SplunkTrust in

Need to compare the last hour values of the fields with current one hour

Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease ...

by Communicator in

Help with dur2sec function not displaying

Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to spl...

by New Member in

How to post process this query to display timechart instead?

Hi, I have this query that I use as a base search query. host=NETWEBA* sourcetype=iis NOT("ErrorGuid") cs_uri_s...

by Engager in

how to display a field two times in a table with the original values and after a rename of the values

hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am...

by Motivator in

Show result of multiple queries as rows of single Table (one query=one row)

Hi, I have a multiple search queries for which I have created separate panels in Dashboard, each showing the output a...

by Builder in

Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment?

We have an established Splunk Enterprise production environment that several departments use. Some people want to dev...

by Splunk Employee in

Can a variable value which depends on a dropdown token be included in search?

Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The v...

by New Member in

How to access data in rows of table and then search further using each of those values?

Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task i...

by New Member in

Search Help - Add Index to this _internal Search - And combine hosts

I would like to add which index each of these hosts comes from in this search. index=_internal source=*/metrics.lo...

by Builder in

join retrieving wrong results

| inputlookup fnms_copy1.csv | eval MACaddress = replace(MACaddress,":", "") | where MACaddress!=" " | rename MACaddr...

by Explorer in

How do you specify chart colours for a JSStack chart?

I have a simple column chart with fields '-','High', 'Medium', 'Low', 'None'. I am using JS stack with the following ...

by Contributor in

Using where in search

I have the following search index="pan" (dest_ip="192.168.*" AND NOT src_ip="192.168.*" AND NOT src_location="AU" ...

by Contributor in

How to stats by merging multiple events

I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] projec...

by New Member in

How to combine specific values from two multivalue fields

I have Splunk pulling in data from a lookup and creating two multivalue fields. I want to combine these two into a th...

by Engager in

Correlating fields and printing some fields .

Logger 1: has StartId: 1234, and commitCode as 101. Logger 2: has EndId: 1234(which is same as start ID), WebOrderID:...

by Contributor in

Find the LAST instance of an extracted field

I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.1...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search for a value in a set of results, then indicate in a new field if the value was found

New field created through field transformation not appearing in search results

If len() then A else B

How do I block GUI messages about missing indexes?

Rename as Search vs Rename as Query?

Why is imported error log producing wrong time and date stamps in results

How to search for the latest field value that is not equal to a certain value?

Calculate last 3 months count average and compare the result with last month count

use case - Long running search query

Need to compare the last hour values of the fields with current one hour

Help with dur2sec function not displaying

How to post process this query to display timechart instead?

how to display a field two times in a table with the original values and after a rename of the values

Show result of multiple queries as rows of single Table (one query=one row)

Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment?

Can a variable value which depends on a dropdown token be included in search?

How to access data in rows of table and then search further using each of those values?

Search Help - Add Index to this _internal Search - And combine hosts

join retrieving wrong results

How do you specify chart colours for a JSStack chart?

Using where in search

How to stats by merging multiple events

How to combine specific values from two multivalue fields

Correlating fields and printing some fields .

Find the LAST instance of an extracted field

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!