Splunk Search

Discussions

Thread Info

eval last event of 3 date fields

Hello, 3 date fields (A B C) : in the source file |20180830|NULL|20180223 How can I compare this 3 dates and extract ...

by Path Finder in

Is there a way to check if a value is between a list of values?

Hello! Is there a way to check if a number is between a list of ranges in a multi value field? For example on t...

by Path Finder in

How to replace a character with blank/space value?

My field name is 'fileName' and the values it contains are like this: PVOLFEPCL-00515+Berger+Profile+Settings.docx...

by Contributor in

Changing the now() reference point before running a saved search

Is it possible to change the value of now (or the reference point it uses) so that I can back-date and run a saved se...

by Path Finder in

How do you present an All Green Dashboard when no alerts have been triggered?

I have a requirement to present a management dashboard that shows the number of alerts triggered for any clients, but...

by Path Finder in

Searching two indexes to compare and show the difference

index="proxy_logs" category="none" | top category, protocol, url, cs_Referer limit=1000 | eval results = if(match(u...

by Explorer in

How do you create a total column in a chart?

Hi, I'm pretty new to Splunk and have been playing around with it. index=sse_cae_summary_idx new_sourcetype=ss...

by Explorer in

How to search only events based on values from a field in lookup file?

Lookup file jobsla.csv: Contains start and end batch jobnames for different apps, frequency the jobs will run on(like...

by Explorer in

How do you use a range with the where command?

TransactionName=WPP* | stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS c...

by New Member in

How do you search to return a table of only fields that change between events?

Lets say I have a query that returns all of the updates for a given bug ID. This returns a result set for the specifi...

by Engager in

How do you remove all duplicate events from a search?

I have two indexes, A and B. Events are copied using the |collect command from Index A to index B. Later, I am trying...

by Explorer in

Why is the following regex expression not matching as expected?

I have a field user= xyz\user11 and i need to match user11 ignoring xyz in the user filed below is the regex expr...

by Path Finder in

Best way to publish a live dashboard that does not allow the logged in user to search other data, and has a persistent login.

I'm trying to put a dashboard on a TV in a high traffic hallway with people that aren't allowed to search the other i...

by Path Finder in

How do you use multiple y-axis fields while using the xyseries command?

I have a static table data which gives me the results in the format like ERRORCODE(Y-Axis) and When It happens(_time ...

by New Member in

Why is tstats command with eval not working on a particular field?

hi, I am trying to combine results into two categories based of an eval statement. The original query returns...

by Builder in

Enable FTP

How do I enable FTP? (I know how to capture the logs after they are FTP'd to us) We have devices that cannot have...

by Contributor in

How do I use a comparison search to find all devices not reporting to Splunk?

I am trying to find all devices not reporting into splunk via a qualys scan of our DMZ and searching against all inde...

by Contributor in

Can you use a regex in serverclass.conf?

Trying to filter out a specific type of device type, by host name, in serverclass.conf. Currently all our tablets ...

by Communicator in

How do you count the difference in an ongoing count for a given time period?

I have a JMX search going on which tracks orders placed every 30 seconds. index=dot_jmx mbean_property_destination...

by Communicator in

In a chart count where days are the column header, how do I get the days to list in chronological order?

I'm trying to get a table where "Days" are the column headers (chronologically) and hours are the row headers that sh...

by New Member in

What does "P" stand for in regular expression query?

I am trying to understand more about a regular expression query used in Splunk. what does character P stands for in t...

by Explorer in

Why are two of my columns empty in a table returned by a lookup file with multiple fields?

I used a lookup file which is configuring like this field1, field2, field3, field4 value1, value2, value3, value4...

by Path Finder in

How do I combine 3 searches?

I have search1 which is a join of 2 different log sources ( S1 , S2 ). After joining these sources, I used rex to ext...

by New Member in

Transpose command causes other columns to be displayed as rows?

I am having issues with the QuestionText fields in my query below. I am trying to take all the QuestionText entries a...

by Path Finder in

How to rebuild Timeline custom visualization app in windows?

Need to change the date format for timeline graph and found solution. Accordingly updated the 2 js file for the app a...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

eval last event of 3 date fields

Is there a way to check if a value is between a list of values?

How to replace a character with blank/space value?

Changing the now() reference point before running a saved search

How do you present an All Green Dashboard when no alerts have been triggered?

Searching two indexes to compare and show the difference

How do you create a total column in a chart?

How to search only events based on values from a field in lookup file?

How do you use a range with the where command?

How do you search to return a table of only fields that change between events?

How do you remove all duplicate events from a search?

Why is the following regex expression not matching as expected?

Best way to publish a live dashboard that does not allow the logged in user to search other data, and has a persistent login.

How do you use multiple y-axis fields while using the xyseries command?

Why is tstats command with eval not working on a particular field?

Enable FTP

How do I use a comparison search to find all devices not reporting to Splunk?

Can you use a regex in serverclass.conf?

How do you count the difference in an ongoing count for a given time period?

In a chart count where days are the column header, how do I get the days to list in chronological order?

What does "P" stand for in regular expression query?

Why are two of my columns empty in a table returned by a lookup file with multiple fields?

How do I combine 3 searches?

Transpose command causes other columns to be displayed as rows?

How to rebuild Timeline custom visualization app in windows?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions