Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can a field value of any column but used as a fieldname in eval?

I have a field as field1, and field2 which is an indexed event: Field1 1.A 2.B and another table I have as mat...

by Observer in

Using a column of field names to dynamically select fields for use in eval expression

Hi. Suppose my search generates the first 4 columns from the following table: field1 field2 field3 lookup r...

by New Member in

Search Question: Event Sampling

Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?...

by Builder in

extract no.

hi all I have events in json format need to extract number from this sip:+1234566@12.23.34.45 example: i need +1234...

by Path Finder in

How to convert rows to columns

I have this result I whant convert in this transpose command does not work the stats command may work, but...

by New Member in

How to add counts and sum from different fields

Hi, New to Splunk and still trying to get to grips with it. I am trying to present a single table with the followi...

by Engager in

How to Find Standard Deviation of a Daily Volume?

I'm trying to find the standard deviation of the daily volume of traffic per host. index=index sourcetype=sourcetype ...

by Explorer in

Increase max time for a script alert

I am running a script from a alert which takes around 30 mins to complete . But instead my script is getting fired wi...

by Path Finder in

Duplicate Host Field from JSON Event

Hey there, we are pumping millions of Zabbix events in to our splunk environment over a Heavy Forwarder. The event...

by Explorer in

dynamic hostname replacement with real source server IP addsress in log source

Hi, we facing an issue with replacement of the hostname with real ip of the source server in the logs The logs are se...

by New Member in

Text function replace and "\"

Hello folks, I am experiencing problems to use replace to change a field value like "qwerty\foo" to "qwerty\foo". ...

by Communicator in

How do I group events that are less than 15 seconds apart?

| transaction uno, programId, devicetype maxpause=15s | eval s_time=_time | eval e_time=_time+duration | eval watch_s...

by Engager in

Find average for multiple hosts

I'm trying to create a search that will show the average connections per host and then the current connections. The g...

by Path Finder in

Separating the string in the field

I have various search string under the field name entity: Entity 1 ABC:BOOT2NDSUNQTR_MAINT4_sfsdfdsfsdf...

by New Member in

Optimizing Tweaks For Slow Queries

I have a simple query | stats count(abc) as xyz Now since it is taking too much time- i decided to tweak it a...

by Contributor in

Question about JSON and licensing

I was speaking to someone the other day and they told me that when you ingest JSON formatted files and set INDEXED_EX...

by Builder in

Rex for different pattern of same fields within same event

Trying to formulate a Regex that would work with events something like the below one. When I tried extracting the fie...

by Communicator in

why timechart is not working in this query?

index=abc sourcetype=xyz earliest=-65h latest=-61h |stats count as Fail by school |where like (school, "%public%") |t...

by Explorer in

How to to many to single mapping in multi value fields

i have a event like this stage_result: [{ stage_name:deploy, edge:[ { type:Parallel }, { type:Parallel }] }, { sta...

by Path Finder in

Mstats and timechart spl for metric by host

I was looking to graph out all of our ‘free space’ on a single timechart but am struggling with the syntax. Each line...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can a field value of any column but used as a fieldname in eval?

Using a column of field names to dynamically select fields for use in eval expression

Search Question: Event Sampling

extract no.

How to convert rows to columns

How to add counts and sum from different fields

How to Find Standard Deviation of a Daily Volume?

Increase max time for a script alert

Duplicate Host Field from JSON Event

dynamic hostname replacement with real source server IP addsress in log source

Text function replace and "\"

How do I group events that are less than 15 seconds apart?

Find average for multiple hosts

Separating the string in the field

Optimizing Tweaks For Slow Queries

Question about JSON and licensing

Rex for different pattern of same fields within same event

why timechart is not working in this query?

How to to many to single mapping in multi value fields

Mstats and timechart spl for metric by host

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...