Splunk Search

Ask a Question

Discussions

Thread Info

Find variance between current hour value and avg value of same hour over last 2 weeks

Hi, I have an search that is used on a dashboard that I would like tweaked. Currently this search/panel displays ...

by Explorer in

join two indexes based on the date and the hour and try to match inside of minute

We have logs in two different indexes. There is no common field other than the _time . The timestamp of the events i...

by New Member in

Comparing two different sources

Hi Experts, I need to compare server lists from two different csv lookups and create a flag based on the comparison r...

by Path Finder in

CIM Authentication data model

Hello, I would like to know the aim of this default constraint : (`cim_Authentication_indexes`) ta...

by Motivator in

Capabilities

We want to provide few capabilities to the team Presently team has a capability to create email alert. What capab...

by Communicator in

cidr match is not properly working

Hi, Why my CIDR matching in not following the lookup content? Query i used is as below:| makeresults| eval ip="10...

by Path Finder in

Do time-based lookups work only after event-generating commands?

Hi, I have a KV time-based lookup generated from DHCP logs with content like this: time,ip,hostname,mac 17090...

by Explorer in

extract count of name value pairs from a json

Hi, I have multiple events with the following JSON object. { "timeStamp": "2024-02-29T10:00:00.673Z", "...

by New Member in

removing more than one field value conditionally

I am working on a query that lists hosts and their corresponding instances. My results look like the example below. ...

by Engager in

How to extract values from field and use it as column header

Hello all, how do I retrieve the values from my search and insert in the same row, extracting the values from the fie...

by Path Finder in

Optimize Regex

I am getting an error when using the following regex(?<=on\s)(.*)(?=\sby Firewall Settings)The error is "Error in 're...

by Explorer in

Calculate the number of events that occur between two other time values in each event.

Really struggling with this one, so looking for a hero to come along with a solution!I have an index of flight data. ...

by Path Finder in

Search help

Hi,In a table, I am looking to get a field value from previous available value in case its null.In below screenshot, ...

by Path Finder in

Add associated domain to values of dest_ip

I have a query that gets a list of destination ips per source ip. I also want to add a column for the associated doma...

by Explorer in

How to get events that have only a starting 'string' with no ending 'string' ?

What I am trying to write is some SPL code that will identify log events that only have a "Starting" event with no "C...

by Contributor in

Extract date and time

Hello Team, I need help in extracting the following date and time from the log,sample log: -0900, 04.25.01 THU 22FE...

by Path Finder in

Graph the difference between the totals of 2 search calculations

Dear SPLUNKos I need to create a time chart as per the belowRun one “grand total” searchRun second search which is...

by New Member in

Not getting results to lookup command

Hi,Need your assistance belowWe have created new csv lookup and we are using the below query but we are getting all ...

by Path Finder in

New install- why doesn't search work?

I have installed my first splunk enterprise on a linux server and installed forwarders on windows workstations using ...

by Loves-to-Learn Lots in

Need to create a pie chart out of a table

Hi All, I have got logs like below: Log1: </tr> <tr> <td >Apple</td> <td >59</td> <td >7</td> Log2: </tr>...

by Contributor in

how to pass the time range to input text fields for search data, when i select the time range through input=time

if select 24 hours in time filter, is there any automatic way to pass the 24hrs time rage to start date and end date?...

by Loves-to-Learn in

How to get sum of all columns into a new column?

Hi I need to do a sum of all columns into new column EVNT COL1 COL2 COL3 SUM 1 22 22 22 66 2 ...

by Explorer in

Passing lookup value to search

I have users.csv as a lookup file with almost 20K users. I'm writing a query for authentication events for a specifi...

by Engager in

Extract and/or add numbers from a string

I have string field: provTimes: a=10; b=15; c=10; it basically has semicolon separated sub-fields in the value. E...

by New Member in

Converting Splunk Curl API to Windows Powershell

I have a working script that allows me to retrieve the job ID of a search in Splunk. This is working in Windows usin...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Find variance between current hour value and avg value of same hour over last 2 weeks

join two indexes based on the date and the hour and try to match inside of minute

Comparing two different sources

CIM Authentication data model

Capabilities

cidr match is not properly working

Do time-based lookups work only after event-generating commands?

extract count of name value pairs from a json

removing more than one field value conditionally

How to extract values from field and use it as column header

Optimize Regex

Calculate the number of events that occur between two other time values in each event.

Search help

Add associated domain to values of dest_ip

How to get events that have only a starting 'string' with no ending 'string' ?

Extract date and time

Graph the difference between the totals of 2 search calculations

Not getting results to lookup command

New install- why doesn't search work?

Need to create a pie chart out of a table

how to pass the time range to input text fields for search data, when i select the time range through input=time

How to get sum of all columns into a new column?

Passing lookup value to search

Extract and/or add numbers from a string

Converting Splunk Curl API to Windows Powershell

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions