Splunk Search

Ask a Question

Discussions

Thread Info

How to add a word after a count?

Hello I use the search below and I would like to do 2 different things 1) How to do for adding a word after the st...

by Motivator in

How to filter name by id which start with a specific number?

Hi All Please help me with rex to filter name by id which start with "9" . Ex: Sample log ContactId:"1234...

by Explorer in

How to search a lookup table or file by the column that has timestamp

I'm trying to pull events from a lookup file that has in one column a timestamp. There will be instances where I'll n...

by Explorer in

Need to search all request based on IP address

I have these pattern in logs and I want to search burst of requests coming from one IP address For example: lin...

by New Member in

How to sort the column names alphabetically at the end of the search?

This is my sample search: | makeresults | eval data = " 1-Sep 657 34 35; 2-Sep 434 34 35; " ...

by Motivator in

How do I add an extra row to calculate the average of the rows above?

I have connected to my database using Splunk DBConnect and using a simple sql query I have managed to get some data f...

by Path Finder in

How to find a log entry that doesn't have a match with another one?

So, I get a bunch of log entries that look something like this (grossly simplified) example: host1 tag - foo host1...

by New Member in

How to get the first and last number of consecutive integers by search?

Hello Splunkers, Need your help on this. This is my query for testing: | fields id | sort id | delta id AS...

by Explorer in

'earliest': '03/09/2019:17:07:00' is significantly slower than "earliest_time": "-2d" (earliest vs. earliest_time)

Greetings, 'earliest': '03/09/2019:17:07:00' is significantly slower than "earliest_time": "-2d". Is this a known ...

by New Member in

How to edit my search to compare a lookup table to an index?

I have tried all of the examples but am still not getting accurate results. I have a lookup table with (1) column onl...

by Contributor in

Why is rename not working for Timechart Lists?

Hello, I'm running into an issue trying to rename timechart lists. I'd like to give these a more friendly presenta...

by Engager in

How come our INPUTLOOKUP is returning no results?

I'm trying to get this use case going from MS Windows AD Objects, but I can't get any results. index=wineventlog s...

by Explorer in

How do I perform a stats count(fieldname) without it deleting all other search results output?

I do believe I'm missing something fundamental here.... So, the search: index=X returns many events where each eve...

by Path Finder in

How to select yesterdays date from the following search?

Hello, I know it is a simple question but I am somehow struggling with it. I have the following search: index=m...

by Builder in

Efficient and "correct" way to counting stats based on a sequence of events within a rolling timeframe

Creating stats count based on a sequence of events within a timeframe. For example, count the unique sessions, within...

by Path Finder in

How to use of Group by on the Event Number column to get the latest result by EventTime?

I have a table like below in Splunk I want to apply a group by on Event Number col and want to get the top(la...

by New Member in

External URL link with Hyperlink in alert message body

Hi Splunkers, Is it possible to add an External URL as Hyperlink in the message body of an alert? I know we can pl...

by Engager in

How to catch information from inspector job?

Hi I would like to catch the information in the example below: This search has completed and has returned 1 000...

by Motivator in

Some logs were missed by splunk in search index

While using splunk, we are missing some events in search index. There is no repeated behavior of this kind but they a...

by New Member in

How to use plus sign before a result to calculate percentage?

Hello I use the eval below in order to calculate a percentage | eval Trend_Proc_time=round(100-(Proc_dest*100)/(Pr...

by Motivator in

How do I search from a lookup table and match when part of a string from an events' field matches a value in a lookup table?

Hi all, I know many questions exist similar to this one but none are useful for my particular use case. Please if...

by Path Finder in

How to use rex to extract username from emailid?

Hi All Please help me to extract username from the emailid. Ex: test123@test.com abc2@test.com Required: ...

by Explorer in

How to split data into multiple columns?

I am having data in a single field in this format: 1. xyz 2. dsh bh 3. sdh dsd() 4. trrt .... so on I want to spl...

by Path Finder in

How to get the sum of total number of failed items count after excluding Item Not Recognized and Loading for both fields?

I have two fields body.response.failedItemsCount , body.failedItemsCount , In this I have to filter with two unwanted...

by Explorer in

How to use 'where' command in multiple places?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add a word after a count?

How to filter name by id which start with a specific number?

How to search a lookup table or file by the column that has timestamp

Need to search all request based on IP address

How to sort the column names alphabetically at the end of the search?

How do I add an extra row to calculate the average of the rows above?

How to find a log entry that doesn't have a match with another one?

How to get the first and last number of consecutive integers by search?

'earliest': '03/09/2019:17:07:00' is significantly slower than "earliest_time": "-2d" (earliest vs. earliest_time)

How to edit my search to compare a lookup table to an index?

Why is rename not working for Timechart Lists?

How come our INPUTLOOKUP is returning no results?

How do I perform a stats count(fieldname) without it deleting all other search results output?

How to select yesterdays date from the following search?

Efficient and "correct" way to counting stats based on a sequence of events within a rolling timeframe

How to use of Group by on the Event Number column to get the latest result by EventTime?

External URL link with Hyperlink in alert message body

How to catch information from inspector job?

Some logs were missed by splunk in search index

How to use plus sign before a result to calculate percentage?

How do I search from a lookup table and match when part of a string from an events' field matches a value in a lookup table?

How to use rex to extract username from emailid?

How to split data into multiple columns?

How to get the sum of total number of failed items count after excluding Item Not Recognized and Loading for both fields?

How to use 'where' command in multiple places?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions