Splunk Search

Discussions

Thread Info

Smart-mode search emits only one row of stats but gets auto-finalized for disk usage

I have a user whose monthly report search is being auto-finalized due to disk usage. I've ensured there are no other ...

by Communicator in

I want to pick up values from different columns from lookup files according to the sourcetype.

I want to pick up values from different lookup files according to the sourcetype. | lookup error_rules.csv EventSubTy...

by Loves-to-Learn in

Why are my timechart results getting skewed?

I have come across an issue with my timecharts. When I do a search for all day on Feb 26th and check 9AM, I see 1...

by Path Finder in

How to calculate request arrival rate only for weekdays and exclude weekends for PST time?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

How to setup a query to search and find file names with the current time value?

Hi, I have a query that searches a field i.e. filenames with a value in this format >> filename = folder_name/s...

by Builder in

Why is the description field not functioning when using eval?

Below is the search string I am using. Everything works like perfect except for the description field. The field rema...

by New Member in

Join or Subsearch performance

Hi all, I have a performance question about "join" and "subsearch". Even join is a ressource-guzzler command I saw...

by Path Finder in

Relative Time Value to Timepicker Latest

Hey, I got a dashboard with different panels. They are all controlled by a single timepicker. Usually the timerang...

by Path Finder in

How to list user accounts with domain?

Hi, Splunk Enterprise. I am trying to get the list of all user accounts using below code, but the result showi...

by Explorer in

Why is time chart with span of 1w always Thursday to Thursday?

Title pretty much says it all. Every time I go to run a time chart with a span of 1 week it runs from Thursday to Thu...

by Path Finder in

How to join 2 events and retrieve the status?

Hi, I have a scenario where I need to check if a customer has placed an order when he has been offered an offer. ...

by Explorer in

Field Extraction recommendations for Avaya call log

I'm trying to do a field extraction for an Avaya call log. With this particular log event, every character, including...

by New Member in

Why are the columns reordered when implementing reporting command?

Hi forum, I'm trying to implement a custom reporting command. Here is the smallest implementation which does nothi...

by Builder in

How to break a single event into multiple?

Hi team, I have the following as a single event in splunk. )V 2019-03-11 msp raw utility_extract13L hdfs:/data...

by Explorer in

kvstore with custom key fields

Can I define a custom key field in a kvstore? I've created the kvstore with following configuration: _key, targetU...

by Explorer in

How to create a single value timechart after stats?

Hi, I'm doing a device count based on device latest time event registration. I'm getting the correct device regist...

by New Member in

Extract Hostname, Date and time from the log

Hi all I want to extract Hostname, date and time from the log, Kindly help sample log: Mar 12 09:13:46 hostname...

by Explorer in

multiple joins and subsearch question

I have got 3 queries that I need to join together. First query has a subsearch. I used a subsearch because I need ...

by Explorer in

Where to find unmatched regex events?

I know this is a silly question but for some cases I need to know where the unmatched events go because my regex is t...

by Path Finder in

Need to dedup results based on id only if the field is not empty

Hi, I need help deduplicating in a search where only half the data contains an id. Basically, the old data has a f...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Smart-mode search emits only one row of stats but gets auto-finalized for disk usage

I want to pick up values from different columns from lookup files according to the sourcetype.

Why are my timechart results getting skewed?

How to calculate request arrival rate only for weekdays and exclude weekends for PST time?

How to setup a query to search and find file names with the current time value?

Why is the description field not functioning when using eval?

Join or Subsearch performance

Relative Time Value to Timepicker Latest

How to list user accounts with domain?

Why is time chart with span of 1w always Thursday to Thursday?

How to join 2 events and retrieve the status?

Field Extraction recommendations for Avaya call log

Why are the columns reordered when implementing reporting command?

How to break a single event into multiple?

kvstore with custom key fields

How to create a single value timechart after stats?

Extract Hostname, Date and time from the log

multiple joins and subsearch question

Where to find unmatched regex events?

Need to dedup results based on id only if the field is not empty

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to convert large bytes to human readable units...

How to extract all the multi-values in excel?

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...