Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you add a field from a lookup that doesn't exist in the outer search?

I have a DHCP search that I filter based on a lookup: index=DHCP_IDX sourcetype="infoblox:dhcp" signature IN (DHCP...

by SplunkTrust in

How do I group two fields (multivalued)?

Hello, I have the following table: User Group ------------- ------------- User_A Group_A ---...

by Loves-to-Learn Lots in

Weird behaviour with searching the 'user' field in Security WinEventLogs

Hi all, I'm trying to do a search over some CIM fields in the WinEventLog:Security source (both XML and normal), b...

by Communicator in

How do you filter data for just one index when index=*?

Guys, I have the query with index=te*. I need this search in this form. I cannot change for separated index. my...

by Explorer in

How to execute a Splunk search in a dashboard on click of a button using JavaScript?

Hi, This is with regards to this link : https://answers.splunk.com/answers/378289/calling-java-script-from-dash...

by Contributor in

How to use a search (which is running from a paid app) in my own app?

Hi, I want to use a search which is running in paid app called "pinger" to my own app called "XYZ" Is there an...

by Explorer in

have to less 10 minutes from a timestamp when another field value is null

Hi Team, I have two fields named as file arrival time , Sla time . I have to list the no files that are going to v...

by Explorer in

Can anyone help me to match a value into lookup.csv if condition

I have a lookup.csv with all the public holidays in Singapore. I am trying to query if _time=datefield(meaning...

by New Member in

Can you help me compare two fields with numeric values?

I have a query where I do a bunch of computations, and then at the end of it, I want to add a new field based on the ...

by Explorer in

Can you help me with a stats count with different field names?

hello, I use the two query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Op...

by Motivator in

Fields extraction in file with single and multiline logs

Hi, I'm new in splunk. I currently want to analyse a log file. I'm facing issues to extract informations because ...

by Path Finder in

Want to extract FOID= into two field, Pls help

05:45:25.985 [http-nio-8080-exec-137] INFO c.b.h.i.s.i.OrderDecompositionServiceImpl - POID=20275475 FOID=TRAFFIC_MGM...

by New Member in

Why is the relative_time not converting +24y? Is there a limitation in the function?

Hi Splunkers, Why the relative_time function is not converting +24y? any reason? Any way to achieve this? |stat...

by Motivator in

How do I make a column chart that compares the result from last year with this year by month?

Hi everyone, I would like to make a chart that compares the result from last year with this year by month. ...

by Explorer in

Smtp email to send alerts

Hi, Can you please how to to create a alert and send email using smtp server. We have two seperate host s for indexer...

by New Member in

How do you merge multisearch results?

Hi, I tried many alternatives but no good results. Please help if possible. I have a multi search with two set...

by Explorer in

How do you combine two different values from a single field in a chart?

Suppose I have a chart that counts the number of tickets done by a particular branch and displays them by priority. ...

by Path Finder in

How do you get the raw fields ERROR and SUCCESS from log transactions into a same field TYPE using a regex command?

Hi Everybody! I am fairly new to Splunk, and I am trying to Create a dashboard where I need to get the Total numb...

by New Member in

How to access field displayName when searching a dataset?

I have a data model called DM1 with a data set called DM1. There are evaluated fields in this data set with different...

by Communicator in

What field name should I use for privileged users on change datamodel?

Hello, Right now i'm developing some compliance app. All my panel searches are with | tstats, so my fields are lim...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you add a field from a lookup that doesn't exist in the outer search?

How do I group two fields (multivalued)?

Weird behaviour with searching the 'user' field in Security WinEventLogs

How do you filter data for just one index when index=*?

How to execute a Splunk search in a dashboard on click of a button using JavaScript?

How to use a search (which is running from a paid app) in my own app?

have to less 10 minutes from a timestamp when another field value is null

Can anyone help me to match a value into lookup.csv if condition

Can you help me compare two fields with numeric values?

Can you help me with a stats count with different field names?

Fields extraction in file with single and multiline logs

Want to extract FOID= into two field, Pls help

Why is the relative_time not converting +24y? Is there a limitation in the function?

How do I make a column chart that compares the result from last year with this year by month?

Smtp email to send alerts

How do you merge multisearch results?

How do you combine two different values from a single field in a chart?

How do you get the raw fields ERROR and SUCCESS from log transactions into a same field TYPE using a regex command?

How to access field displayName when searching a dataset?

What field name should I use for privileged users on change datamodel?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Combine two searches on different sources based on...

Use the lookup table into a macro with parameters

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...