Splunk Search

Discussions

Thread Info

How do I join multiple lookup tables?

I have couple of lookup tables as follows: Table 1 A 1 B 5 C 6 Table 2 A one A two A three B one C one Trying t...

by New Member in

Output multiple multiple field names and values under a single column?

Hello guys and girls, I encountered a situation where i need to extract data from two log types that have just 3 comm...

by New Member in

Can I concatenate the arguments contained in Linux auditd "EXECVE" events?

For example, a standard EXECVE event in my environment will appear as: type=EXECVE msg=audit($something$) : arg=3...

by Path Finder in

how to get data from multiple files(log files) and then display it together in a pie chart

I have multiple Deployment log files: 1. The first log file gives me all the logs related to the deployment in enviro...

by Explorer in

How to pass two drilldown tokens, one for the month from a timechart to a new panel and display a stats count for a clicked value

How to pass two drilldown tokens, one for the month from a timechart to a new panel and display a stats count for a c...

by Communicator in

Is it possible to the output _key from a kvstore (i.e. with "lookup", not "inputlookup")?

Is it possible to output the _key field from a kvstore when using lookup (not inputlookup)? I.e. something like th...

by New Member in

How does one continue a timeline along the x-axis to include each time increment after some last event until today?

Hello, I am still somewhat new to Splunk and have the following issue. I have a case where I want to count up t...

by Engager in

How do I compute the range between 2 values of _time with streamstats?

Hi, I am trying to compute statistics about the Splunk data. To do so, I've got a datamodel with the number of eve...

by Path Finder in

Is there a way to override the background-color of the total row using css?

But the ff css style can override the entire row: 1. font-weight 2. font-size 3. color The only style I can't over...

by Path Finder in

How do I extract a field from my raw data using rex?

Hi, I wonder whether someone may be able to help me please. I'm very new to using Splunk and most certainly to...

by Motivator in

How to keep a cumulative value of a field that occasionally resets to 0 in the source

Hi, I have a cumulative counter in a .csv log, the issue is, the software generating the .csv resets this counter fro...

by New Member in

Extract a string from a field using regex.

Hi All, I am having an issue on extracting a string in a field. For example, I have this data below: "18/10/201...

by Engager in

How do you calculate time difference between multiple events that aren't in chronological order?

I have 6 events. Each one has a timestamp, and I have extracted the time of each into a new field using eval. But now...

by Path Finder in

Sort results down to the millisecond

Currently in our log files, the _time value is rounded down to the nearest second and is sorted accordingly. But i...

by Engager in

How do you convert time in EPOCH Scientific Notation for Props.conf TIME_FORMAT on a universal forwarder?

We have a sevone network monitoring a JSON data time field formatted as EPOCH in Scientific Notation format. All the ...

by Explorer in

Looking for multiple results in query

I have the following query I use to get the latest status and time(_time). index=jenkins |spath job_name | search ...

by New Member in

Can you help me with this subsearch Question using Splunk's TimeWrap command?

I have this query that uses the timewrap command that I want to insert a subsearch instead of a 'fixed' value ( 193 )...

by New Member in

How do I remove empty rows in the result fields?

Folks !! I'm struggling with removing empty rows from the result fields in my results. In my results, i've got man...

by Explorer in

How to pass field values from initial search to further searches

I have some ironport logs that I am trying to tie together within Splunk without much success. Currently I have a ...

by Explorer in

How to include values from a search in a subsearch?

I have some ironport logs that I am trying to tie together within Splunk without much success. Currently I have a ...

by Explorer in

is there a search to find out which users (Pulling username from AD on windows) were logged on to a machine at a certain time or date ?

is there a search to find out which users (Pulling username from AD on windows) were logged on to a machine at a cert...

by New Member in

rename default fields

i'm using a NIFI flow to send in 3 values (host, message, moreData). I want to use host passed in from nifi as a JSON...

by Path Finder in

How do you apply coloring based on a column value string to the complete row?

Hi All, Context X Y Z ABC 98 97 67 DEF 50 45 23 GHI 3 2 1 So, if Context is ABC, i have to apply color coding ...

by Contributor in

conditional lookup with catch-all value

I am looking to retrieve the following a field from a lookup table depending on the lookup result of two fields as fo...

by Explorer in

How do you find true or false value in the following string?

Hi, I have to find the value of true or false from the following string in logfile. Below are 2 strings with eithe...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I join multiple lookup tables?

Output multiple multiple field names and values under a single column?

Can I concatenate the arguments contained in Linux auditd "EXECVE" events?

how to get data from multiple files(log files) and then display it together in a pie chart

How to pass two drilldown tokens, one for the month from a timechart to a new panel and display a stats count for a clicked value

Is it possible to the output _key from a kvstore (i.e. with "lookup", not "inputlookup")?

How does one continue a timeline along the x-axis to include each time increment after some last event until today?

How do I compute the range between 2 values of _time with streamstats?

Is there a way to override the background-color of the total row using css?

How do I extract a field from my raw data using rex?

How to keep a cumulative value of a field that occasionally resets to 0 in the source

Extract a string from a field using regex.

How do you calculate time difference between multiple events that aren't in chronological order?

Sort results down to the millisecond

How do you convert time in EPOCH Scientific Notation for Props.conf TIME_FORMAT on a universal forwarder?

Looking for multiple results in query

Can you help me with this subsearch Question using Splunk's TimeWrap command?

How do I remove empty rows in the result fields?

How to pass field values from initial search to further searches

How to include values from a search in a subsearch?

is there a search to find out which users (Pulling username from AD on windows) were logged on to a machine at a certain time or date ?

rename default fields

How do you apply coloring based on a column value string to the complete row?

conditional lookup with catch-all value

How do you find true or false value in the following string?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!