Splunk Search

Discussions

Thread Info

How do I write the regex to extract the Application Name from my sample raw logs?

I have the following results from my search. I am trying to extract the Application Name from the raw log using the f...

by Explorer in

How to use values in field names to calculate against field values from eval or rex?

Sample data: I have several field values in one sourcetype that are variable limits that can change week by week. The...

by Contributor in

When I run my search, it returns results, but why am I getting "Search is waiting for input..." when used in a dashboard panel?

The following search returns results when I run it as a search, but not when it is used as a dashboard panel. The das...

by Path Finder in

How to use a variable to determine which CSV lookup to use in my search?

I have multiple CSV lookup files and I want to use a variable to determine which lookup table to choose in my search....

by Path Finder in

How can I improve the accuracy and performance of my search that uses appendcols multiple times?

Hi All, I am writing various Splunk searches to get result set from iis logs. For each search, I have different wh...

by New Member in

How to remove the timezone from my field in a CSV file?

I'm fetching the data from a CSV file, but the issue with my data is that some of the values are in PDT and some are ...

by New Member in

How to edit my search to filter out a certain result?

Hi everybody! In a Splunk Dashboard, I created a Bar Panel with this: * | stats count(U*) as U* | transpose | r...

by New Member in

Why am I getting less fields returned from a search with the stats command compared to transaction?

Hello! I've been told to use stats values() instead of transaction for performance issues. However, with long log ...

by Engager in

How to search for results that are in result A, but not result B?

I have 2 logs: an error log and a success log. When an item fails (error log), it is retried. I would like to filter ...

by New Member in

Is there a more efficient solution than my current search to validate whether data from two different sources is the same?

I am trying to validate whether data from two separate sources is the same. I have indexed two csv files of 450,000+ ...

by Path Finder in

Null Question

Null

by Path Finder in

Stats/Chart count distinct users by Country and eval field?

Hi, I have a query showing the amount of distinct logins by IP address based on the "term" i've created in the que...

by Path Finder in

Is it possible to use a search value or a token in the outputlookup name?

Hi! Is it possible to pass into lookup's name created by outputlookup command a token or a search value? Smth l...

by Builder in

How to dynamically fill null values with the last known field value based on the results of search?

I have log data that doesn't always contain a user ID, but I would like to fill the user ID field with the last known...

by Engager in

How to edit my search with appendcols to alert on a 99% drop in logging from an app_pool?

alt text I want an alert if an application pool drops more than 99% of logging. (We have an issue where before a JVM ...

by Builder in

How to gather a span of 5 Seconds for the Max EPS/TPS for a given Day Span?

So I've posted a question a week ago regarding finding the max EPS for a timespan of a day. The query that I am using...

by New Member in

How to search for two groups of field values?

So I've got 2 different values I'm trying to use; letters & numbers. I want to be able to say If letters = a b or...

by Communicator in

What is the best way to join a row with rows in another table?

Hi guys, I need to create a join with a row, and this row has multiple occurrences in another table. What is the b...

by Path Finder in

how to place commas in the output of a chart with columns that varies depending on the search

how to place commas in the output of a chart with columns that varies depending on the search (example is date). Samp...

by Explorer in

Why is my search with an eval case condition resulting in error "The expression is malformed. Expected )."?

Hi All, When I execute the search below, it works fine: index="X" sourcetype="xx" "applicationCode: 123" "prov...

by Explorer in

Splunk Search

Discussions

How do I write the regex to extract the Application Name from my sample raw logs?

How to use values in field names to calculate against field values from eval or rex?

When I run my search, it returns results, but why am I getting "Search is waiting for input..." when used in a dashboard panel?

How to use a variable to determine which CSV lookup to use in my search?

How can I improve the accuracy and performance of my search that uses appendcols multiple times?

How to remove the timezone from my field in a CSV file?

How to edit my search to filter out a certain result?

Why am I getting less fields returned from a search with the stats command compared to transaction?

How to search for results that are in result A, but not result B?

Is there a more efficient solution than my current search to validate whether data from two different sources is the same?

Null Question

Stats/Chart count distinct users by Country and eval field?

Is it possible to use a search value or a token in the outputlookup name?

How to dynamically fill null values with the last known field value based on the results of search?

How to edit my search with appendcols to alert on a 99% drop in logging from an app_pool?

How to gather a span of 5 Seconds for the Max EPS/TPS for a given Day Span?

How to search for two groups of field values?

What is the best way to join a row with rows in another table?

how to place commas in the output of a chart with columns that varies depending on the search

Why is my search with an eval case condition resulting in error "The expression is malformed. Expected )."?

Splunk lab module 4

How to reassign orphaned search in splunk light?

Splunk dashboard single value trendinterval time a...

How do I monitor & troubleshoot if all data source...

Configure HTTP Event collector to log client sourc...