Splunk Search

Discussions

Thread Info

How do I run these two searches at the same time and compare fields extracted with rex for similarities?

Hello all, I have two searches (shown below) where in the first, I extract two fields Code and Serial, and in the ...

by Path Finder in

We currently have this search to calculate the percentage of time for a status using transaction, but can it be improved or use stats instead?

We have a way of calculating the percentage of time the status is in the “OK” state by using transaction to find the ...

by Path Finder in

Searching failed login data, how do I pull the timestamps into my search results?

My search displays this, but I when I change my search to this to get a clearer picture, I miss the time stamps - thi...

by New Member in

Search for logs which are NOT key value

Does anyone have a data curation search that I snag? Looking for logs and values which are not currently done in key ...

by Builder in

how to rename column name based on condition

Hi all, I want to name the column name based on condition as below snapshot, for example, if Q1=A, then rename row...

by Path Finder in

How to extract fields delimited by semicolons and the last field with variable values from my sample data?

Using Splunk Enterpise 6.2, I'm trying to get the fields extracted using search-time props.conf / transforms.conf and...

by Path Finder in

fields in subsearch not showing all results?

Hi all, I tried to find log entries of same mail using queue id from sendmail log. However, for the same time span...

by Communicator in

How do I use regex to search a field for content?

I'm searching for specific GET requests for example: GET /wddyr.php?id=41576619113845C1EE http/1.1 User-Agent: Moz...

by Path Finder in

How can I selectively append 0 on an attribute with a value less than 10 digits

Hi there, I'm handling a set of data which in one of the attributes, CustNo is inconsistent. I need to append "0" ...

by Explorer in

How to run a search only if the format of the passed in ticket number is valid?

I've been struggling with how to use 'if' via eval to determine whether or not to run a search. We only want to ru...

by Explorer in

Using outputlookup and inputlookup in the same search, why am I getting "The lookup table 'Results.csv' is invalid"?

Hi , Below is my search: < base-search > | outputlookup Results.csv | search inputlookup Results.csv | xyseries...

by Path Finder in

After joining 2 tables with just the fields I need, how do I store this new table with the "table" command to use in a different search?

I tried to create a search by joining 2 tables and created a new table with just the fields I need. When I tried to v...

by Engager in

How to optimize the performance of my search reporting on how much data was indexed for arbitrary fields?

Hello, I know it's easy and straightforward to get ingestion metrics (how much data was ingested) based on sourcet...

by Contributor in

How to search accounting transactions based on the local date where the event was created, not the reporting user's timezone?

I have accounting transactions from different timezones coming into Splunk via a message queue. These transactions ar...

by New Member in

Splunk Search

Discussions

How do I run these two searches at the same time and compare fields extracted with rex for similarities?

We currently have this search to calculate the percentage of time for a status using transaction, but can it be improved or use stats instead?

Searching failed login data, how do I pull the timestamps into my search results?

Search for logs which are NOT key value

how to rename column name based on condition

How to extract fields delimited by semicolons and the last field with variable values from my sample data?

fields in subsearch not showing all results?

How do I use regex to search a field for content?

How can I selectively append 0 on an attribute with a value less than 10 digits

How to run a search only if the format of the passed in ticket number is valid?

Using outputlookup and inputlookup in the same search, why am I getting "The lookup table 'Results.csv' is invalid"?

After joining 2 tables with just the fields I need, how do I store this new table with the "table" command to use in a different search?

How to optimize the performance of my search reporting on how much data was indexed for arbitrary fields?

How to search accounting transactions based on the local date where the event was created, not the reporting user's timezone?

I am trying to search for a data that gives a report only from 6 am to 6.30 am everyday. How do I schedule the search?

Only return single event that has reoccurring field in 1 minute span.

How do I edit my rex syntax to extract the value from my data for a particular field?

How to filter transaction results based on results of a subsearch?

How do we edit the format of a token value before it is passed to a search?

Incomplete LOOKUP results

Getting the error ImportError: splunklib.modulari...

Field Extraction Struggle

Extraction using rex

How to populate nonexistent values in a table?

Using lookup to filter out fields from current sea...