Splunk Search

Discussions

Thread Info

Two Nearly Identical Inputs But One Doesnt Work (PowerShell)

So I have the two below in my inputs.conf the top one works, the bottom one does not. Both commands work fine when ra...

by Path Finder in

Get percentage after case and stats calculations

...search | eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed") | stats dc(account...

by New Member in

search does not return anything

I have tried to add to monitor several log files but so far search returns nothing I am using trial version with max ...

by New Member in

stuck on a subsearch

Hi, I have this query, what I'm trying to do is pull the mac address out of events with a 405 error dedup them the...

by Motivator in

map command field not being evaluated

I have an issue with a field within the map command not being evaluated appropriately. The scenario is this: do so...

by Contributor in

get all events, except for those occurring near time of other events

I need to get all the following events EventCode=4733 EXCEPT for any of those which occur within...

by Explorer in

Line chart with different events

I have a splunk log in following format: ||pool-2-thread-1|| INFO SUCCESSFULLY COMPLETED at END_TIME: 2018-05-07T...

by New Member in

How to make this transaction work and find values from one result set that might be related to the other?

I am trying to correlate two resultsets. One is a straight search of apache logs. The other is a table that that took...

by Builder in

Is it possible to hide, suppress or remove the column header row in a report?

I have a report that looks similar to this: Is it possible to hide, suppress or remove the column header r...

by Path Finder in

How to find action time stamp particular task?

How to find action time stamp of particular task that should come after action time stamp of particular task?

by Engager in

Search app: Remove extracted values from event column

Is it possiple to remove information from the column "Event" in the search app view? Some values have allready been e...

by New Member in

Use Field with Timestamp as Eventtime

Hi Community! I have a problem with a German Timestamp Field! I would like to extract the correct Timestamp from t...

by Communicator in

Get the number from the log with ":" Symbol

I have a log which looks like follows: ||pool-2-thread-1|| INFO com.tmobile.sfdc.reports.service.OpportunityServi...

by Path Finder in

Problem with Splunk outputting log entries as hex

I am running into a problem I cannot seem to figure out. One log file I have splunk reading from suddenly starts read...

by New Member in

Search related question

The following command should return the minimum value and it does. source="SampleFilePERF.log" | stats min(ELAPSED...

by Engager in

IPv6 summarization - config to perform at search time

I receive logs from a device with the full form IPv6 address, as well as using capital letters. Example: 2001:0DB8...

by Path Finder in

stats count sum

Why does the following query not display the number of logins and logouts (index="ggg-sec") EventCode=4624 OR Even...

by Communicator in

How to filter logs from the source with a universal forwarder?

Hi, I have UFs on a few ec2 aws instances, reading logs from /temp. I want to regex and only send logs contain...

by Builder in

Duplicate Values causing Conflict | Can't Fix

Hey, I'm trying to create a dashboard where there can be multiple entries for a field. There is a report behind my mu...

by Communicator in

How to merge two fields values into a single field?

Hi, I have the below stats result **Service Method Action** Service1 M...

by Explorer in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Two Nearly Identical Inputs But One Doesnt Work (PowerShell)

Get percentage after case and stats calculations

search does not return anything

stuck on a subsearch

map command field not being evaluated

get all events, except for those occurring near time of other events

Line chart with different events

How to make this transaction work and find values from one result set that might be related to the other?

Is it possible to hide, suppress or remove the column header row in a report?

How to find action time stamp particular task?

Search app: Remove extracted values from event column

Use Field with Timestamp as Eventtime

Get the number from the log with ":" Symbol

Problem with Splunk outputting log entries as hex

Search related question

IPv6 summarization - config to perform at search time

stats count sum

How to filter logs from the source with a universal forwarder?

Duplicate Values causing Conflict | Can't Fix

How to merge two fields values into a single field?

how to fetch the corresponding value from the data...

Adjusting search to remove and add user to lookup ...

Invalid authorization - Code 3 - Why Splunk Zendes...

How to filter xml logs from wineventlog?

Combining multiple searches on multiple source fil...