Splunk Search

Discussions

Thread Info

Unable to draw timechart

I have a query that accumulates the total count for host over a 6 period of month. Now when I am trying to draw time ...

by New Member in

How to calculate the AVG of bytes_in per clientip?

Hi With this SPL, I have the average session time of each clientip in a web page. But I do not know how to put the...

by Communicator in

how to compare a field value with next whole column and fetch the result in next column?

for example, Col A Col B Col C apple apple apple orange apple orange pineapple orange pineapple grapes pineapple g...

by New Member in

How to fetch results to a table whose columns are sorted by date AND a timeframe of that date?

I have a test that I run between 1am and 6am each night. I am able to fetch the results for the last 21 days using th...

by Path Finder in

join between 2 lookups and using a date/time field that is not splunks default

I need to create a trend chart between 2 lookups which shows a difference between total closed and total opened. I ha...

by Communicator in

Why can't I push my data to a lookup table from a button?

Hi, I am trying to push data to a lookup table from a button. <html> <button class="btn" data-token-...

by Influencer in

Howto display search result matching a keyword and few line before and after the keyword matched

Hello, I've this specific requirement for log search when matching a keyword, the result show display the matched ...

by Path Finder in

Want to extract "component","environment" & "componentType" and there corresponding value in table format.

I have the following log output and I want to extract "component", "environment" & "component type" and their corresp...

by Path Finder in

SAP ETD integration with Splunk with hTTP event collector

we receive error 400 when we try to send the logs from SAP ETD over HTTP event collector to splunk. Does any one h...

by Communicator in

Totally Disable Search head Clustering

I have 2 nodes in my Search Head cluster and want to disable the Search head Clustering fully. I have a deployer also...

by Builder in

Why is the JSON index field extraction failing with large events (> 10k bytes)?

I'm using indexed field extraction to ingest JSON data over the HTTP Event Collector. It works great. Except, onc...

by Explorer in

How to append search result with top 100 results?

I will try to explain my issue in the easiest possible way. I have a result of a search that looks like this: n...

by Path Finder in

Subset Search using in original search

Hi Guys, Problem Statement : i would want to search the url events in index=proxy having category as "Malicious So...

by Explorer in

How to use conditional comparison of two field values from the same event to populate a third field

Hi all I am trying to use the eval case function to populate a new field based on the values of 2 existing fields ...

by Explorer in

Query on stats value = 0 or null

Hi Guys, I have a question here. Example i have a query statement that check for event logs captured by all my s...

by New Member in

How to Automate Threat Advisory tracking

Could you help me out on how to automate Threat Advisory Tracking IOC & IP's in ES

by New Member in

Display transaction_id, Amount and Grand total of amount.

[2019-07-19 10:13:49,210] package=com.ABCDpay,class=PostingServices,service=ProcessAccountingInstruction,component=CB...

by Contributor in

ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex: \|.?summarize.?action\=

Hello, I am getting this error in search head don't know why. Anybody had same issue please let me know. Thansk...

by Communicator in

How to calculate the average time in a URL?

Hi I want to calculate the average time of being in a URL. This SPL shows me the time spent in a URL, but NOT the ave...

by Communicator in

How to find the uncommon values of a field between two indexes?

I have two indexes "abc" and "def". There is a field in index "abc" ---> "operator_id". Similarly, there is a field ...

by Explorer in

Compare result of three different index searches

I have 3 Indexers I have data. Two Indexers are the source and Third one is the target. So if I am I am tryinng to Ad...

by Path Finder in

Timechart not populating the result

I have a checkbox named host in which user enters the hostname manually, and then as per the name entered it should d...

by New Member in

Is the result of "strptime" in seconds?

Hi I would like to know if the results of "strptime" are in seconds? index=main sourcetype=access_combined hos...

by Communicator in

Timechart not coming up instead a table is coming up for it

Timechart not coming up instead a table is coming up for it.Can anyone tell me what's wrong with the query.I want a t...

by New Member in

Help creating JOIN search

I'm trying to compare Field X from Index A with Field Y from Index B. Though the field names are different, they stor...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unable to draw timechart

How to calculate the AVG of bytes_in per clientip?

how to compare a field value with next whole column and fetch the result in next column?

How to fetch results to a table whose columns are sorted by date AND a timeframe of that date?

join between 2 lookups and using a date/time field that is not splunks default

Why can't I push my data to a lookup table from a button?

Howto display search result matching a keyword and few line before and after the keyword matched

Want to extract "component","environment" & "componentType" and there corresponding value in table format.

SAP ETD integration with Splunk with hTTP event collector

Totally Disable Search head Clustering

Why is the JSON index field extraction failing with large events (> 10k bytes)?

How to append search result with top 100 results?

Subset Search using in original search

How to use conditional comparison of two field values from the same event to populate a third field

Query on stats value = 0 or null

How to Automate Threat Advisory tracking

Display transaction_id, Amount and Grand total of amount.

ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex: \|.?summarize.?action\=

How to calculate the average time in a URL?

How to find the uncommon values of a field between two indexes?

Compare result of three different index searches

Timechart not populating the result

Is the result of "strptime" in seconds?

Timechart not coming up instead a table is coming up for it

Help creating JOIN search

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...