Splunk Search

Discussions

Thread Info

ID of the max value event

Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z,...

by Explorer in

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version...

by New Member in

How do you treat a variable value as another field with Splunk?

I have a field named "object_XXX_property", where XXX string is dynamically generated and is held in another field na...

by Explorer in

Help with slot time conditions

hi i use the request below but i have an issue with the relative_time: secondlastday=I dont want to have events af...

by Motivator in

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

I have: sourcetype_a` and`sourcetype_b Where one field message_ID exists in both source types. I want to lo...

by Engager in

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

Hi all, I have a CSV lookup file to map with one field in my indexed data. The search was working perfectly before, b...

by Communicator in

How to call Splunk custom endpoint using jquery ?

Dear all, I wish I could make a call such as $.ajax(...) to my custom endpoint. But which Splunk method should ...

by Explorer in

Custom app logo spanning across app navigation menu bar in Internet Explorer

The custom app logo which appears on the right side of the app navigation menu bar appears fine in Google Chrome, Fir...

by Explorer in

How to improve efficiency of my regex statement?

I have this query | rex field=_raw "(?ms)^[^\]\n]\]\s+(?P [^:]+)(?:[^:\n] :){2}(?P [^,]+)[^:\n]...

by Contributor in

How do you populate a field if the search time extracted field (using regular expression) is not presented in the logs?

Hi All, I am trying to populate a custom field value if my search time extracted field is not present in the raw ...

by Path Finder in

Can you help me create a regular expression to extract 2 values from a string?

log1: com.google.AbcdExtension] [mthd] | null - Bound **CLINIC-MBR-GROUP-INC**:23490110094900 -- total execution ...

by Explorer in

How do you find consecutive events in two different searches?

Hi, This is a newbie question. I have two different searches. I want to combine the search results and only dis...

by Loves-to-Learn in

How do you sort dates from newest to oldest in a drop down?

I have a drop down which populates the dates in MM/DD/YYYY format, which is an extracted field in the raw data. I wan...

by Builder in

SQL Help - pull URL with specific querystrings

Consider we have the following URLs http://abc.com/?a=1&b=2&c=3 http://abc.com/?d=1&e=2&a=3 http://abc.com/?f=1&g=...

by New Member in

How come our tstats with datamodel does not group by field?

We have an index with quite a few index-time fields, and an accelerated datamodel that adds a calculated field there....

by Builder in

How do you get counts with wildcards?

Suppose I have the following data, but I don't know the GUIDs ahead of time: Path /boat/826ec68b-cc87-41f9-b93b...

by Explorer in

Events list of append command

I have a query like this: first_query | dedup 1 id | search action=drop | stats count by action, destination | fie...

by Path Finder in

How come our data is not lining up correctly in the following search?

I've written a search that charts data into a table. The query extracts run times greater than 25% over its calculate...

by Contributor in

Migration Issue

We are about to migrate stuff from one cloud env to AWS.. set up is done.. issue is : we have old splunk instance ...

by New Member in

How to compare data from the same month for multiple years?

I am doing a very basic search that just shows the top URIs during a specific month each year. I would like to be abl...

by Explorer in

"search base=X" not working with append

I am using the "search base=X" approach to generate stats. When I try to run two searches using append (or join et...

by Communicator in

Why am I unable to convert _time to epoch with my search?

_time 2016-03-02 07:00:13.405 Above _time is the data format in the logs. I need to find difference between a few...

by Explorer in

How do you extract everything that ends with a certain word?

Hi all, I have this line in the event log ComputerName=sgp1ply1fe01.xxx I want to extract only "sgp1" using...

by Path Finder in

Heavy forwarders are currently configured to send some palo alto logs to one server1 . Can you please let me know how to forward a copy of that same traffic to different serve2r(indexer), UDP 514? Current forwarding to server1 must remain in place.

Heavy forwarders are currently configured to send some palo alto logs to one server1 . Can you please forward a copy ...

by Path Finder in

Splunk Map issue when passing token on the kml map

i have a plotted the map with the kml files . When i select a value from the dropdown to locate a point in the map, i...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

ID of the max value event

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

How do you treat a variable value as another field with Splunk?

Help with slot time conditions

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

How to call Splunk custom endpoint using jquery ?

Custom app logo spanning across app navigation menu bar in Internet Explorer

How to improve efficiency of my regex statement?

How do you populate a field if the search time extracted field (using regular expression) is not presented in the logs?

Can you help me create a regular expression to extract 2 values from a string?

How do you find consecutive events in two different searches?

How do you sort dates from newest to oldest in a drop down?

SQL Help - pull URL with specific querystrings

How come our tstats with datamodel does not group by field?

How do you get counts with wildcards?

Events list of append command

How come our data is not lining up correctly in the following search?

Migration Issue

How to compare data from the same month for multiple years?

"search base=X" not working with append

Why am I unable to convert _time to epoch with my search?

How do you extract everything that ends with a certain word?

Heavy forwarders are currently configured to send some palo alto logs to one server1 . Can you please let me know how to forward a copy of that same traffic to different serve2r(indexer), UDP 514? Current forwarding to server1 must remain in place.

Splunk Map issue when passing token on the kml map

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6