Splunk Search

Ask a Question

Discussions

Thread Info

help on rangemap command with loadjob

Hi I use the search below in order to display GOOD or BAD in a panel When I execute the query i have a result But...

by Motivator in

Can you help me with a subsearch?

Hi, I use the search below in order to display the model of a host for only the host which has a Wear_Rate>0 Bu...

by Motivator in

How to capture 2nd max value of a field and compare with 1st max value of the same field

I have data in json format as following:- {Run=1 , Average=2.1, Max=3, Min=1.4, Transaction=Sample1} {Run=1 , Average...

by New Member in

Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip)

I am using distinct count with time chart for the whole day (yesterday). The result is varying if the span is changed...

by New Member in

Reference Time on Dashboard Load (and adjust to time change)

Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right ...

by Path Finder in

Two searches but only need to return results of the second search that match the first

ok so...I have been banging my head against the wall on this one for a bit. I have tried using join (which I don't an...

by New Member in

Dedup search results not showing for a user

I have a user that is a doing a search that has | dedup in it. While I can see the results when I run the search (I'm...

by New Member in

help on join command please

hi I use the search below index =* sourcetype=* | dedup host | stats count This search returns 87 events I...

by Motivator in

how to display a 0 result instead an empty result

hi I use the search below and I would like to have a 0 results displayed when there is no events corresponding cou...

by Motivator in

After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days?

I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the c...

by Path Finder in

Search to find indexes with events and display index size, total events , earliest and latest events per index

Hi, what would be the best way to find indexes with events and display its size, total events , earliest and lates...

by Builder in

Compare current and last one hour event value in same search.

Hi All, I have to monitor the queues. And for that I have made the basic dashboard where it shows the details. Det...

by New Member in

Can you help me create the regex for an Index time field extraction?

Hi, We are trying to create an index time field extraction. I tried following the docs, but I am making a mistake ...

by Path Finder in

Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error

index=app_core sourcetype=app_log cluster_name=app1_cluster is_scheduled=1 | eval [ search index=app_core sourc...

by Explorer in

Is Splunk 7.x Fundamentals Part 1 (eLearning) free?

I just finished all the modules and the final quiz, my question is Do I have to pay for the certification of "Splunk ...

by New Member in

How do you search logs for a letter at a specific position?

I'm very new to Splunk and need help with a search. I want to perform a search to show me the results where the 5...

by Explorer in

Simple Regex in search

I have a string of data that includes a field named user that has a value made up of domain\userid (eg prod\3245762 o...

by Contributor in

lookup a csv if a field has certain value

Good day, I have a lookup file "Mainlookup.csv" that contains an IP address, Mac address and Host name of Clients ...

by Path Finder in

Replace Null values in xyseries chart

Hello, Splunkers I have a search of index=sql | bucket span=1h _time | stats count by _time source | xyseries _tim...

by Path Finder in

Find who all ran that query during a particular timeframe?

I have a query, I want to know who all ran that query during a particular timeframe? Is it possible to know? Can some...

by Communicator in

List of event codes that found in another search

Hi, I'm trying to create a query to provide a list of event codes that are found in one period time that is NOT found...

by Engager in

Count the number of users in more than one time bucket as percent of total users

I want to count userid that are in more than one bucket. The goal is to see how many users are returning users. I use...

by Communicator in

Why does my real-time alert continue to send emails/sms?

I have a query for which I've configured a real-time alert when the query returns a result. I'm getting 25 to 35 emai...

by Explorer in

List all Windows domain members a user is logged in to

How might one obtain a list of all the Windows domain members a specific user is currently logged in to? Our domai...

by Observer in

Trouble appending columns for a second search

Here is the example in the Splunk documentation: specific.server | stats dc(userID) as totalUsers | appendcols [ s...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

help on rangemap command with loadjob

Can you help me with a subsearch?

How to capture 2nd max value of a field and compare with 1st max value of the same field

Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip)

Reference Time on Dashboard Load (and adjust to time change)

Two searches but only need to return results of the second search that match the first

Dedup search results not showing for a user

help on join command please

how to display a 0 result instead an empty result

After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days?

Search to find indexes with events and display index size, total events , earliest and latest events per index

Compare current and last one hour event value in same search.

Can you help me create the regex for an Index time field extraction?

Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error

Is Splunk 7.x Fundamentals Part 1 (eLearning) free?

How do you search logs for a letter at a specific position?

Simple Regex in search

lookup a csv if a field has certain value

Replace Null values in xyseries chart

Find who all ran that query during a particular timeframe?

List of event codes that found in another search

Count the number of users in more than one time bucket as percent of total users

Why does my real-time alert continue to send emails/sms?

List all Windows domain members a user is logged in to

Trouble appending columns for a second search

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...