Splunk Search

Ask a Question

Discussions

Thread Info

How do I group per N minutes and remove duplicates within those?

The inital search is this: index=myindex myapplication UID=* IDX=* IDOK=* | dedup IDX | table _time,UID,IDX,IDO...

by Contributor in

Can you help me with the following stats data query?

Hello, I use the request below index=windows sourcetype="wineventlog:system" SourceName="Disk" (EventCode=7 OR ...

by Motivator in

How can I use SDK or RESTfulAPI to retrieve the SPL definition inside a panel of a dashboard?

by Splunk Employee in

Histogram of transaction durations

Hi, I have this query that finds the duration of the transaction times. index=wholesale_app buildTarget=* prod...

by Motivator in

With the transaction command, how do I get the duration between the first startswith to the last endswith?

query like below: | transaction startswith="Init" endswith="FINISHED" by ip | table duration ip Each IP has mu...

by Path Finder in

How do I count each value of a multi-value field and show the top 30 with percentage?

Dear Community, So far, I have gone through the posted QnAs, but haven't yet found a way to make it work with my d...

by Explorer in

How do you extract fields from an existing field's value?

I have a field that contains one long string looks like below 18/10/2018 03:42:26 - Chirs Lee (Work notes) comment...

by Communicator in

Can you help me use the inputlookup command to return results from one table but not another?

I have two tables. How can I use the inputlookup command so I only get results of the entries that are NOT in the 2nd...

by New Member in

Converting relative time into epoch for the time range picker

Good day, Recently, I worked on a project that required me to set up a way for users to retrieve records from SQL ...

by Path Finder in

Why is the information column turning red at search time?

While doing a basic raw search, I came across something I've never seen in Splunk -- the information column is turnin...

by Communicator in

Multivalue value from props transforms fields.conf

I've field extracting as: allowed_ip: 10.1.1.10,10.2.2.15,10.3.3.14" Using makemv in inline gives separate values mak...

by Path Finder in

Using earliest and latest variables in a form

(Using Splunk6) Does any one know if Splunk can do something similar to this <fieldset autoRun="false" submitButt...

by Path Finder in

How to search when an event was indexed?

Hi, Is there a way to tell when an event is actually indexed? I have a customer who is saying events are showing u...

by Champion in

How do I convert milliseconds to seconds on stats output?

I have this query and I'm trying to convert the response time from milliseconds to seconds but it's not working. What...

by Communicator in

How do you make a division with 2 numbers from the same field filtered by a condition from another field?

Hi everyone, I need to make a division with 2 numbers from the same field, but they are filtered from another fiel...

by Path Finder in

How do you upload a CSV using button click?

Hi All, I want to upload a CSV file into a particular lookup folder related to that app only using javascript or ...

by Motivator in

How can I retrieve a list of LDAP users in my Splunk search?

I need to create a search that can retrieve a list of privileged group members from my LDAP server so I can then use ...

by Explorer in

How to parse a raw msg using rex then get the stats count by that field?

I've read a few posts here already but hoping to clarify some items that I have. I need regex (rex) a raw or list msg...

by New Member in

How do you make a 'stats count' where field count > 20... is grouped by another field?

We need a report that lists the USERIDS that have more than 20 failed logins per DBNAME (a failed login is RETURNCODE...

by New Member in

How do you go about formatting a nested JSON that was extracted using the spath command?

There all kinds of questions (and not too many answers) about processing nested JSON, either at the source or in sear...

by Path Finder in

Can you help me with the following error from my indexers?: "SID s already running"

Hello All, I am occasionally seeing this error from my indexers. Has anyone else seen it? ERROR StreamSearch - ...

by Path Finder in

How do you include additional fields from an inputlookup in results?

I have the following search in which I match up the user field from the lookup to the index, getting the top return o...

by Influencer in

Can you help me with my string to date query?

Hi Community , I have a question about a conversion beetwen string to date. I have some extract in CSV from my ...

by Explorer in

How do I join multiple lookup tables?

I have couple of lookup tables as follows: Table 1 A 1 B 5 C 6 Table 2 A one A two A three B one C one Trying t...

by New Member in

Output multiple multiple field names and values under a single column?

Hello guys and girls, I encountered a situation where i need to extract data from two log types that have just 3 comm...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I group per N minutes and remove duplicates within those?

Can you help me with the following stats data query?

How can I use SDK or RESTfulAPI to retrieve the SPL definition inside a panel of a dashboard?

Histogram of transaction durations

With the transaction command, how do I get the duration between the first startswith to the last endswith?

How do I count each value of a multi-value field and show the top 30 with percentage?

How do you extract fields from an existing field's value?

Can you help me use the inputlookup command to return results from one table but not another?

Converting relative time into epoch for the time range picker

Why is the information column turning red at search time?

Multivalue value from props transforms fields.conf

Using earliest and latest variables in a form

How to search when an event was indexed?

How do I convert milliseconds to seconds on stats output?

How do you make a division with 2 numbers from the same field filtered by a condition from another field?

How do you upload a CSV using button click?

How can I retrieve a list of LDAP users in my Splunk search?

How to parse a raw msg using rex then get the stats count by that field?

How do you make a 'stats count' where field count > 20... is grouped by another field?

How do you go about formatting a nested JSON that was extracted using the spath command?

Can you help me with the following error from my indexers?: "SID s already running"

How do you include additional fields from an inputlookup in results?

Can you help me with my string to date query?

How do I join multiple lookup tables?

Output multiple multiple field names and values under a single column?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Help generating table

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...