Splunk Search

Discussions

Thread Info

Can you help me to create a join in a lookup file?

Hi all, I need your help. I created a lookup file (hierarchy_lookup.csv) with this layout I would like ...

by Engager in

How to disable the app icon background color in Splunkbase later on?

In our inital release version 0.9.0 (https://splunkbase.splunk.com/app/4317/) we intentionally adjusted the app navig...

by Engager in

Is there any way to fix cut-off Sparklines?

Hello all, I have been adding sparklines to my tables. I noticed that sometimes the sparklines look cut off at the...

by Motivator in

C# SDK separate field notation

Hey, i would like to send fields separate from raw data, so its not displayed in normal search result eventtext, o...

by New Member in

columns with fwdtype

i am looking for ideas how to generate report in the following format Clustername HF UF cl01 hf-1 uf-1 hf2 ...

by New Member in

How to remove one field to be shown in column chart

I have created a query which have 4 columns in statistics and want to show column chart as well but with 3 columns. h...

by Engager in

Export to dump with wrong values in fields

Hi, I'm trying to export some data with the dump command, the data from the dump is not exported correctly, some valu...

by New Member in

How do you manipulate table results from a combined results?

Hi, I am stuck trying to manipulate my table when using a subsearch. Please see below query. search .... | sta...

by Explorer in

How do I query the percentage of unique sessions seeing errors?

I'm trying to come up with a query that's a percentage of users (via session ids) experiencing errors. i can find the...

by New Member in

Ignore a row to calculate Summary total in Table?

Data is like below: Is there any way to enable Total Summary but ignore "%" row to calculate Total?

by Motivator in

Create a table that contains 'ALERTS'. User will verify the alerts, click on the specific event and the particular event will disappear.

Hi all, I would like to create a table that contains 3 scenarios. ( Low, High, Severe) The table will keep appen...

by Explorer in

How do you search one way between two deployments/environments?

I have inherited an deployment that has multiple environments: PROD, FTI, and oldFTI. I am needing to search from FTI...

by Contributor in

splunk admin system admin - lab is closed same day??

Hi I was participating today to system admin course and found out at the end of the course the lab will be active on...

by Path Finder in

How would I divide this table into hours?

source=****** "Result from operation" | rex field=message ".*?returnCode=(?<code>\d+).*" | eval status=if(code=0000,"...

by Engager in

How to convert string to date?

I have an existing column "Date" and I need to convert it from a string like 4/2/2018 to a date of 4/2/2018. I've ...

by New Member in

How can I have the hostname included in a scheduled Splunk report?

Splunk Enterprise 6.5.3 I have created a report to email me a .pdf . However, the report does not include the host...

by Path Finder in

How do I use greater/less than with floating points in eval?

So, I've crafted a query that I thought would be working, but due to the nature of floating point numbers in Splunk, ...

by New Member in

escaping hyphen if any field has hyphen(-) as value

Hi I have data like below in the Active Directory. Account Name - L-15485 D-5486 BLR-DC-09$ Here is my query...

by SplunkTrust in

searching subset of original search

Good afternoon, I am trying to find a way to carry out a search to find a subset of data and to then carry out mo...

by Communicator in

How do you extract data from the following field event_message: "P5_Transfer,CLO,2018-08-08 12:12:57,Cardston transfer custom start point."

The following field after event_message is event_parameters:Film Configuration: {0} Name: {1} DateTime: {2} Note: {3}...

by Engager in

Why does my query not find values in the lookup table sometimes when they do in fact exist in the lookup table??

I have several csv lookup tables that are nightly updated by a scheduled report when no one is using the system. The ...

by New Member in

How do I use Splunk to combine two searches with a subquery with no common field?

HI all, I have a log file that looks like that: 10-12-2018(8:50) INFO system.logIn - log in: yoni 10-12-2018(8:...

by Explorer in

Can you help me build a table based on a lookup table?

I'm a fairly inexperienced Splunk user that could use some pointers on how to accomplish building a dashboard/table u...

by New Member in

How do you get logs regarding a deleted or modified file?

How to get logs do you get logs regarding deleting or modifying file / Folder from servers?

by New Member in

Can you help me write an if statement for the following condition?

Hi, I need to write an if statement for the following condition. I have two services in which status is shown by 0...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me to create a join in a lookup file?

How to disable the app icon background color in Splunkbase later on?

Is there any way to fix cut-off Sparklines?

C# SDK separate field notation

columns with fwdtype

How to remove one field to be shown in column chart

Export to dump with wrong values in fields

How do you manipulate table results from a combined results?

How do I query the percentage of unique sessions seeing errors?

Ignore a row to calculate Summary total in Table?

Create a table that contains 'ALERTS'. User will verify the alerts, click on the specific event and the particular event will disappear.

How do you search one way between two deployments/environments?

splunk admin system admin - lab is closed same day??

How would I divide this table into hours?

How to convert string to date?

How can I have the hostname included in a scheduled Splunk report?

How do I use greater/less than with floating points in eval?

escaping hyphen if any field has hyphen(-) as value

searching subset of original search

How do you extract data from the following field event_message: "P5_Transfer,CLO,2018-08-08 12:12:57,Cardston transfer custom start point."

Why does my query not find values in the lookup table sometimes when they do in fact exist in the lookup table??

How do I use Splunk to combine two searches with a subquery with no common field?

Can you help me build a table based on a lookup table?

How do you get logs regarding a deleted or modified file?

Can you help me write an if statement for the following condition?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions