Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Filter search string to field with only 1 specific value

I want to output computers who only has started 1 specific application Field values: Application + Computers There...

by New Member in

Help on subsearch

Hello I use the search below it works fine..... BUT for some host, I cant catch the fields there is in the subsear...

by Motivator in

How to group results that has 5 or more distinct values in list(repo_name) ?

Hi, I have a search query as below. query | stats list(repo_name) by user_login This returns username with t...

by Engager in

How do I disable drill down (completely) for certain columns in a table?

Hi there, I need to disable drilldown on certain columns. Unlike the answer given here... https://answers.splun...

by Motivator in

How to display a linechart that uses the same field for different devices?

So I have HomeAssistant installed and I'm sending all of the events off to my splunk server. I recently had my attic ...

by Path Finder in

Find the "No events"

Given the search stats count by Name, Fruit results in: Name, Fruit, count Mike, Bananas, 10 Mike, Apples, ...

by New Member in

How to populate a lookup file with eval?

Hi, I would like to update a lookup file with, for an example 10 new information, through Splunk Search only. Th...

by New Member in

how to compare characters in two fields and return number of matches?

I have two fields se_split and re_split which are lined up like so re_split se_split a ...

by Explorer in

adding another field after using set diff

Hi Splunkers I have a set of results from using set diff which is all good. I am now wanting to output another fie...

by Contributor in

How to compare the same search from the previous day to current day using set diff?

Hi guys, I am very new to Splunk (about 1 month or so) and I am having some trouble incorporating "set diff" into ...

by Engager in

How can I normalize timechart with field values having wide variation

Have a log file that has http response codes in a particular field. I am doing timechart on it but as the 200 respons...

by New Member in

How to correlate two searches with one field containing other index's field?

Hi, I have two queries with one field being common to correlate and combine the result. But the problem i am facin...

by Communicator in

Time conversion from UST to EST in search results

Hello Team, I am facing this issue where my logs are written in EST and the time stamp on the log is UST ( Lets s...

by Explorer in

Identify elapsed time from two records sharing the same key

by New Member in

desfased server hour

Hello splunkers, I have this search: index = "sti" sourcetype = "Genera_AVI" | fields _time | head 1 | eval tiempo...

by Path Finder in

How do I filter field values not present in the successful events in the super search

I wanted to extract MAC address from events that were never succeeded within a time boundary. I am dealing with event...

by New Member in

How to compare IP's list from one Index with IP's in different index?

Hello splunkers, I have two different indexes with large number of IP's. Let's say 30k in one index A and >100k in...

by Path Finder in

I would like to use timechart to show the trend for 7days using below

source=IN1 STATUS=SUCCESS OR STATUS=FAILED earliest=-2d@d+14h latest=-1d@d+14h APP=DEV | stats count(APP) as "numbero...

by New Member in

Can you help me build a query that shows users who have not connected to a VPN in the last 7 days?

New to Splunk and I am learning as much as I can. I am trying to build on a query I have that shows the users who hav...

by Engager in

Trouble comparing timestamps

I have two timestamps in different formats and I want to see how much time has elapsed between them. I have a rex tha...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filter search string to field with only 1 specific value

Help on subsearch

How to group results that has 5 or more distinct values in list(repo_name) ?

How do I disable drill down (completely) for certain columns in a table?

How to display a linechart that uses the same field for different devices?

Find the "No events"

How to populate a lookup file with eval?

how to compare characters in two fields and return number of matches?

adding another field after using set diff

How to compare the same search from the previous day to current day using set diff?

How can I normalize timechart with field values having wide variation

How to correlate two searches with one field containing other index's field?

Time conversion from UST to EST in search results

Identify elapsed time from two records sharing the same key

desfased server hour

How do I filter field values not present in the successful events in the super search

How to compare IP's list from one Index with IP's in different index?

I would like to use timechart to show the trend for 7days using below

Can you help me build a query that shows users who have not connected to a VPN in the last 7 days?

Trouble comparing timestamps

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month