Splunk Search

Ask a Question

Discussions

Thread Info

Fieldalias Override another Fieldalias

Hi, I have a props file which contains the following: FIELDALIAS-aob_gen_alias_4 = dst AS dest FIELDALIAS-aob_g...

by Path Finder in

What is the difference between the Eval and the FIELDALIAS commands?

I am wondering what is the difference between eval & fieldalias commands? For example: EVAL-app = if(isnull(servic...

by Path Finder in

Confusing behaviour of fieldalias

I've have downloaded from Splunkbase and applied the Linux secure TA on my Splunk instance, and I've been facing with...

by Communicator in

How to add device pair requirement to SPL?

We have this search which works fine: | inputlookup critical_cyber_devices.csv | join SplunkHost type=outer ...

by Motivator in

Table field with duplicating from lookup.

In my search below I am looking to make a table. I am running into an issue where my results go into a table. ...

by Contributor in

Script error in Splunk cause/solution?

All, I am getting this error in a clean install of Splunk on my search head. Curious why this script reaches out ...

by Builder in

Generic Solution to Same Column Value Difference

What would be the best generic solution to https://answers.splunk.com/answers/760677/same-column-value-difference...

by Contributor in

mvcombine count all elements of the field

I have a list of 5 elements: After i use mvcombine i return only 1 result, but i have effectively 5 elements....

by Path Finder in

Drilldown using chart clicks but also need all values

Hi, Something eiher I forgot or not getting right. I have a chart. See attached. When I click on the EVENTYPE valu...

by Builder in

Two Queries That Return Results Do not Return Results After Join

I have written two individual queries that both return the expected results. A. tag=tag name location="location nam...

by Explorer in

How to edit my search to exclude duplicate events using one field and display a chart based on other fields?

I have a search that works, but I've recently discovered that my events are recorded in two separate log files, somet...

by New Member in

What does the ES tstats macro mean?

The tstats macro is defined, within the SA-Utils app as - tstats prestats=true local=`tstats_local` `summariesonly...

by Motivator in

How to pass search name to savedsearch

Hello, I have the following search, which works fine and returns the proper result "RCA_MEMORY": |makeresults ...

by Builder in

i want to create the field of error :

create the field "DM Call errors #" , then count this number. I tried to use case, but I dont have the field as titl...

by New Member in

Replace random string in a field

Hi team, I've 1 field named - 'URI' coming in micro service log dump. Example Values of URI field is like below...

by Explorer in

How to create a list of all indexes with source, host, and sourcetype with last seen field?

Hello all, I'm currently working on figuring how to create a list of as mentioned in the title with the last seen fie...

by Path Finder in

mvexpand not working for IP6 field

I have the Cisco ISE app loaded and there is a field, Framed_IPv6_Address that may contain up to six IPv6 addresses. ...

by Influencer in

Column chart

Hi all, I am having issues with creating column chart visualization. I have for example table that looks like th...

by Contributor in

operation:"copying source to destination", error:"Access is denied."

I was getting numerous errors given below on one of the SHC members, ERROR CsvDataProvider - The lookup table 'XXXX' ...

by Motivator in

View all Splunk instance in a single Splunk?

We have 6 splunk deployment server and need to login to every server to see the dashboards in respective servers. Is ...

by Explorer in

How do I get cumulative moving average?

Hi guys, I am trying to compute and chart the cumulative moving average (ref. of what is it:https://en.wikipedia.o...

by Explorer in

Box Plot Viz

HI, I tried to install the Box Plot Viz downloaded from here --> https://splunkbase.splunk.com/app/3157/#/details ...

by Path Finder in

Matching / Compaire 2 Fields

Hello, i would like to find out if both systems deliver the same output. The output of both systems is written to ...

by Path Finder in

help on a complex lookup data matching in order to calculate a new field

Hi I use the search below in order to catch a field called "flag_patch_version" from a csv file called "patchlevel...

by Motivator in

How to update 'Website URL' and 'Organization name' in Splunk Answers user profile

I don't see an option to add/update 'Website URL' and 'Organization name' in Splunk Answers user profile. Any guidanc...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Fieldalias Override another Fieldalias

What is the difference between the Eval and the FIELDALIAS commands?

Confusing behaviour of fieldalias

How to add device pair requirement to SPL?

Table field with duplicating from lookup.

Script error in Splunk cause/solution?

Generic Solution to Same Column Value Difference

mvcombine count all elements of the field

Drilldown using chart clicks but also need all values

Two Queries That Return Results Do not Return Results After Join

How to edit my search to exclude duplicate events using one field and display a chart based on other fields?

What does the ES tstats macro mean?

How to pass search name to savedsearch

i want to create the field of error :

Replace random string in a field

How to create a list of all indexes with source, host, and sourcetype with last seen field?

mvexpand not working for IP6 field

Column chart

operation:"copying source to destination", error:"Access is denied."

View all Splunk instance in a single Splunk?

How do I get cumulative moving average?

Box Plot Viz

Matching / Compaire 2 Fields

help on a complex lookup data matching in order to calculate a new field

How to update 'Website URL' and 'Organization name' in Splunk Answers user profile

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...