Splunk Search

Thread Info

How do you find the difference between the following two events?

Hi, I have two events: event1: field1="A",field2="ABC",.....,fieldN="12" event2: field1="B",field2="ABC",.....,...

by Loves-to-Learn in

Is it possible to display\calculate the ISO year number for a date ?

With strftime(_time, "%Y-%V"), I can create a period to sort on a year and ISO weeknumber. When I have events on 3...

by New Member in

How to create a field with selected values of the same field

Hi , I have OS field which has many rows .In that i need to filter only the below values and create a field , Wind...

by Path Finder in

How do you search for a specific word when you don't know what the field is?

Heya Guys, I'm very new to Splunk and this is likely an obvious answer or I have skimmed across documentation and ...

by New Member in

Deploy search head cluster

Hello, I'm deploying a search head cluster and I have a doubt about the steps described on the following link: ...

by Explorer in

Why are delimited field extractions not working?

Hello, we are inputting data via the HTTP Event collector. The "event" member has this format, which we are trying to...

by Path Finder in

Field extract NOT search.

Hi My data format is as follows. A=123456789 Field was extracted for every three digits from field A. My field extra...

by Communicator in

Why Splunk search jobs stuck at "finalizing job" status for few days?

Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only ha...

by Splunk Employee in

subsearch for failed login

hi guys i wanted to search for a list of failed login attempts by privileged users from existing successful logons (E...

by New Member in

Trying to get month over month with detail.

My current working and pretty one is this: |eval Owner=ProductName | stats sum(Cost) as Total by TimePeriod, Owne...

by Engager in

How to specify a particular aggregate value in query for Single Value Visualization Chart?

how do i specify a particular value to be displayed in single value visualization chart? i only want the totalCount (...

by Path Finder in

When do you put a | (pipe) as the first character in a search

I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa...

by Path Finder in

Want to confine splunk process running on servers as required by our audit. How to achieve?

by Splunk Employee in

i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype

Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query...

by New Member in

Count of values in a multi-value field

Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k...

by New Member in

Setting several independent AND/OR conditions on single search

I'm running a search against a single index and sourcetype for events that have slightly different data. I want to se...

by Path Finder in

How can I condense this data into distinct session times? [Easy-ish search question]

Data: user Source_Network_Address session_start session_end bob 10.0.0.1 ...

by Motivator in

How do you return a table of a value by a department and then display it by how many days ago it occurred ?

I need to return a table of a value by a department and then display it by how many days ago it occurred (Very Import...

by Communicator in

How to add an SLA line overlay in a column chart?

I want to show TP99 in a column chart, and add a line to show SLA. Here is the chart I want: But the follo...

by Explorer in

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

I have the following data: A B C Pkg Area Count NP bcd D02 abc.d PP 1656 NP bcd D05 abc.d PP 870 NP bcd D01 abc...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How do you find the difference between the following two events?

Is it possible to display\calculate the ISO year number for a date ?

How to create a field with selected values of the same field

How do you search for a specific word when you don't know what the field is?

Deploy search head cluster

Why are delimited field extractions not working?

Field extract NOT search.

Why Splunk search jobs stuck at "finalizing job" status for few days?

subsearch for failed login

Trying to get month over month with detail.

How to specify a particular aggregate value in query for Single Value Visualization Chart?

When do you put a | (pipe) as the first character in a search

Want to confine splunk process running on servers as required by our audit. How to achieve?

i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype

Count of values in a multi-value field

Setting several independent AND/OR conditions on single search

How can I condense this data into distinct session times? [Easy-ish search question]

How do you return a table of a value by a department and then display it by how many days ago it occurred ?

How to add an SLA line overlay in a column chart?

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

Search Question

How do you use an inputlookup to search through all event fields?

How do you make a table based on a match between field and lookup?

Can you help me find the location of a session?

What is scheduler log event status=Continued ?

Buttercup Games Tutorial Extension - part 9

Buttercup Games Tutorial Extension - part 8

Introducing the Splunk Developer Program!

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions