Splunk Search

Ask a Question

Discussions

Thread Info

Tstat search taking a long time - "IO" "CPU" and "Disk Access" all very low - What can i do?

HI I am running a BIG TSTAT search off a Datamodel - The bottle neck is dispatch.stream.local + dispatch.fetch (I ...

by Influencer in

List of unused lookup definitions

Hi there, How can I get a list of unused lookup defs in my environment - so ones that I have lying around, but not...

by Builder in

Can you help us with the following Lookup table error: "ERROR LookupOperator - Error in 'lookup' command"

Can anyone help me with error below? ... 11-06-2018 16:34:19.371 WARN LookupOperator - Failed to find static look...

by New Member in

searches on 7.2.0 doesnt works while on 7.1.6 and below it does work

examples : index=sentinelone (host="*") sourcetype=threats| fillnull siteName value="NULL" | search (siteName="Andre"...

by Explorer in

How to write the regex for transforms.conf to extract fields and assign the proper sourcetype for my sample log format?

Need your help, We have this below format of log and need to assign sourcetype to extract the fields, can you plea...

by Builder in

How to use head command at the end if we have multiple joins in a search?

Hello Guys, I have a search in which i am using different join commands(4 join commands) and finally at the end, i...

by Path Finder in

Split the address field with regular

I want to use rex to get a field value. Now I have a field named URL Some data such as : http://10.2.3.44:8080 htt...

by Path Finder in

Partial String Conversion to lower case

Hi, Could anyone assist, thanks. I have two tokens values that vary depending on chosen drop down box but are a...

by New Member in

Can you help me replace one slash with "_" so I can extract a field?

Hi. I want to get a field. Now this field named location_code contains "/" such as "/home/name/p" I want to...

by Path Finder in

Can splunk compare two strings and return % likeness/similarity between the two?

For example, if i have a username of bsmith843 in a field returned by one search, and bsmiths845 as a field from anot...

by Splunk Employee in

how to compare a field value with all the values in a other column

by Explorer in

What is the best way to go about using multiple eval commands, subsearches, and foreach commands?

I'm trying to sort smartsheets by certain combinations of row/column values. If I remove one of the 'foreach' blocks,...

by New Member in

Is there a way to make Splunk Search Language more readable?

I'm looking for ideas on ways to make Splunk searches more modular and readable. Yes. I just inherited some dashboard...

by Contributor in

Table Data Bar - Customize

I have a question for someone who's much better at JS and CSS than I am. I'm looking to place a data bar within a ...

by Communicator in

How do I specify relative time ranges for an extracted field?

Hello, I am trying to specify a relative time range for a specific field in my search rather than the "_time" fiel...

by Engager in

How do you include host IP address in the following Splunk search?

Hello, All our servers should have more than 2 apps installed. We run this report for a list of systems missing ap...

by Explorer in

How to show a hidden field in a tooltip when I hover over rows in the table?

Hi all, I'm trying to do something like this: http://blogs.splunk.com/2014/01/29/add-a-tooltip-to-simple-xml-tabl...

by New Member in

How do you remove matching terms from searches?

In Splunk 7.1.2, when searching, it will suggest terms that have been indexed in the past. I have deleted some data, ...

by New Member in

Why do lookup searches fail with "The lookup table does not exist or is not available" error?

Searches with lookups are failing in our environment. I have created a lookup file called dt1.csv and a lookup defini...

by Path Finder in

If I have 2 different fields that match in 2 indexes, how do I return and merge fields from both indexes?

I have googled and searched my little heart out, but I am unsure if I am querying using best practice or if this woul...

by Path Finder in

Why is my query using the transaction command missing some events?

Here is ALL of the data that is actually in the logged transaction: Nov 1 15:41:18 mail qmail: 1541101278.677067 n...

by Explorer in

How do you do an outer join of two stats searches?

Hello, I am trying to do an outer join of two searches. I have 2 server groups (Gateway="opaxvgw1" OR Gateway="...

by Explorer in

How do you timechart a time-constricted search?

Heya, This might be something really simple, but I just can't get my head around how to do it. I'm using Splu...

by Explorer in

Can you help me check multiple conditions in Splunk?

I have to check multiple conditions like if Auth = "PASS" and Basc = "PASS" and RReg = "PASS" then result ="PASS" els...

by New Member in

Question on regex field extraction in props.conf - in which search time variable they are stored?

Hi All, I have some question on the regular expression extraction they can be added in props.conf Supposing I have...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Tstat search taking a long time - "IO" "CPU" and "Disk Access" all very low - What can i do?

List of unused lookup definitions

Can you help us with the following Lookup table error: "ERROR LookupOperator - Error in 'lookup' command"

searches on 7.2.0 doesnt works while on 7.1.6 and below it does work

How to write the regex for transforms.conf to extract fields and assign the proper sourcetype for my sample log format?

How to use head command at the end if we have multiple joins in a search?

Split the address field with regular

Partial String Conversion to lower case

Can you help me replace one slash with "_" so I can extract a field?

Can splunk compare two strings and return % likeness/similarity between the two?

how to compare a field value with all the values in a other column

What is the best way to go about using multiple eval commands, subsearches, and foreach commands?

Is there a way to make Splunk Search Language more readable?

Table Data Bar - Customize

How do I specify relative time ranges for an extracted field?

How do you include host IP address in the following Splunk search?

How to show a hidden field in a tooltip when I hover over rows in the table?

How do you remove matching terms from searches?

Why do lookup searches fail with "The lookup table does not exist or is not available" error?

If I have 2 different fields that match in 2 indexes, how do I return and merge fields from both indexes?

Why is my query using the transaction command missing some events?

How do you do an outer join of two stats searches?

How do you timechart a time-constricted search?

Can you help me check multiple conditions in Splunk?

Question on regex field extraction in props.conf - in which search time variable they are stored?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions