Splunk Search

Discussions

Thread Info

How do I put a line graph that shows data in both indexes into one graph?

Hi, I want to get a line graph with two indexes of data. My command is index=interface sourcetype="in_t"| timec...

by Path Finder in

How come my data model is accelerating within 5 secs but can't fetch the data from data model?

When we start the acceleration of a data model, it completes successfully. But, when we run the below query, we are n...

by Explorer in

Is it possible to have another column header on top of a column header?

So basically it'll be like this... I wanna know if there's a way for Column 2 and Column 3 to have their '...

by Communicator in

How do you execute a two pattern search where the first pattern host(is a field ) should be ignored on second pattern search?

I was executing my search on a log file. This is the pattern i want to search ** END ABCD234** hour>00 where this ...

by New Member in

How do i find base64 strings within a field: eg URI=/something1/something2/something3_base64_string etc

hello, i'm trying to list URIs with base64 strings in them of at least 24 characters (i havent got to the length b...

by New Member in

How to create a search string to get data from multiple *.txt files?

Dear Team, I'm trying to to get data from two *.txt files into a single Line Chart. For example, with the foll...

by New Member in

Why can't I see the logs in the search head when I select the time window?

I can't see the recent logs in the search head for pan devices when i select the time window for anything except all ...

by Engager in

Why can't the addcoltotals command support an optional Boolean field for comma support?

Please, why can't the addcoltotals command support an optional Boolean field for comma support? https://docs.splunk.c...

by Communicator in

RESTapi error while using dbx query any idea how to fix this?

curl -k -u rvanteru https://splunkang.brock.com:59447/servicesNS/rvanteru/splunk_app_db_connect/search/jobs/export --...

by New Member in

How do I match IPs with discontiguous mask?

I am trying to match IPs from discontiguous mask as follow: 10.0.32.64/255.0.224.192 where as 1st octet: Ma...

by Explorer in

How to edit my streamstats search so that values from a field are displayed?

Hi Guys, I am facing a strange problem with streamstats command. Below is my search snippet. There are "blank" val...

by Explorer in

Handling high number of events with streamstats

Dear all, I have been working with streamstats for about 2 years by now and have been always facing the same issue...

by Explorer in

How can I round to the nearest half with the eval command?

Hello, I have some values that are in the format of : 0, 0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5 I am trying to ...

by Communicator in

Cannot figure out how to do bucketing in Splunk using return values from previous row

Been at this for a day or two. Can't figure it out. I have a list of efforts in a column [1 2 3 2 1 3 1 1 1 5] I h...

by New Member in

How can I use the output of streamstats in current row, and have it feed back into streamstats for next row?

I need to calculate a running total, which uses two values from the previous row (one being this calculated total), a...

by New Member in

eval last event of 3 date fields

Hello, 3 date fields (A B C) : in the source file |20180830|NULL|20180223 How can I compare this 3 dates and extract ...

by Path Finder in

Is there a way to check if a value is between a list of values?

Hello! Is there a way to check if a number is between a list of ranges in a multi value field? For example on t...

by Path Finder in

How to replace a character with blank/space value?

My field name is 'fileName' and the values it contains are like this: PVOLFEPCL-00515+Berger+Profile+Settings.docx...

by Contributor in

Changing the now() reference point before running a saved search

Is it possible to change the value of now (or the reference point it uses) so that I can back-date and run a saved se...

by Path Finder in

How do you present an All Green Dashboard when no alerts have been triggered?

I have a requirement to present a management dashboard that shows the number of alerts triggered for any clients, but...

by Path Finder in

Searching two indexes to compare and show the difference

index="proxy_logs" category="none" | top category, protocol, url, cs_Referer limit=1000 | eval results = if(match(u...

by Explorer in

How do you create a total column in a chart?

Hi, I'm pretty new to Splunk and have been playing around with it. index=sse_cae_summary_idx new_sourcetype=ss...

by Explorer in

How to search only events based on values from a field in lookup file?

Lookup file jobsla.csv: Contains start and end batch jobnames for different apps, frequency the jobs will run on(like...

by Explorer in

How do you use a range with the where command?

TransactionName=WPP* | stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS c...

by New Member in

How do you search to return a table of only fields that change between events?

Lets say I have a query that returns all of the updates for a given bug ID. This returns a result set for the specifi...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I put a line graph that shows data in both indexes into one graph?

How come my data model is accelerating within 5 secs but can't fetch the data from data model?

Is it possible to have another column header on top of a column header?

How do you execute a two pattern search where the first pattern host(is a field ) should be ignored on second pattern search?

How do i find base64 strings within a field: eg URI=/something1/something2/something3_base64_string etc

How to create a search string to get data from multiple *.txt files?

Why can't I see the logs in the search head when I select the time window?

Why can't the addcoltotals command support an optional Boolean field for comma support?

RESTapi error while using dbx query any idea how to fix this?

How do I match IPs with discontiguous mask?

How to edit my streamstats search so that values from a field are displayed?

Handling high number of events with streamstats

How can I round to the nearest half with the eval command?

Cannot figure out how to do bucketing in Splunk using return values from previous row

How can I use the output of streamstats in current row, and have it feed back into streamstats for next row?

eval last event of 3 date fields

Is there a way to check if a value is between a list of values?

How to replace a character with blank/space value?

Changing the now() reference point before running a saved search

How do you present an All Green Dashboard when no alerts have been triggered?

Searching two indexes to compare and show the difference

How do you create a total column in a chart?

How to search only events based on values from a field in lookup file?

How do you use a range with the where command?

How do you search to return a table of only fields that change between events?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions