Splunk Search

Discussions

Thread Info

How to show a true value for the If function?

Hello All i have the below query which is based on a ping request running on the back end. the data looks like this ...

by Communicator in

AND condition in Regex

I need solution for the following example, My String : {{My_pa{ss}word}} In this string I want to select only sta...

by New Member in

How can I split similar fields into multiple related events?

I have some events like this. Wifi AP and DEVICE connected to it. A one to many AP to DEVICE relationship exists A...

by Splunk Employee in

Spunk Search Query for Trimming and Grouping

Hi, I have a CSV named Results2018. It has fields Group, Server, Issue. The field Issue has information about CP...

by Builder in

How to configure Splunk statistics table to display more than 100 rows?

Hi all, How to configure Splunk statistics table to display more than 100 rows? can this be achieved by editing a ...

by Communicator in

Does a saved search get a new sid each time it runs?

I'm trying to use the REST API to get the results of a search. I need to run a saved search daily and then extract th...

by Path Finder in

Confused with Trigger Conditions - Confused by Documentation

I am reading the documentation at the following page: http://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/AlertTr...

by Communicator in

| tstats to include data enrichment from a lookup

Hi, How can I use a tstats search, to match against a result and then OUTPUT additional content from the lookup wh...

by Path Finder in

Alternative of list(x)

Is there any alternative to list() function as it has limitation to return only 100 values? i have a multivalue list ...

by Engager in

If event X then event Y occurred Return no results, If just X occured return results

I am trying to perform a search to return only results that are "Broke". Broke means Event 7000 with a specific Messa...

by Explorer in

How can i use a field value from lookup file to set my earliest time for search dynamically ?

Hi, I have a PriorityEngines.csv lookup file like this - EngineName,TimePeriod Engine1,5 Engine2,10 Engine3,12 I h...

by Path Finder in

How to return events from a different time range dependent upon field value?

Completely new to Splunk, and hoping to find help with a search I'm using for a dashboard, but cannot get this workin...

by New Member in

adding multiple fields and value for fillnull

Following search is working perfectly fine. If field1 is Null it gets substitute by RandomString1 search | fillnul...

by Explorer in

Using streamstats to track currently active values

Given input like this: id, action, message 1, add, Adding this thing 2, add, Adding this other thing ...

by Contributor in

How do scheduled searches work?

General question about how scheduling searching behaves, we have a 3 node SH cluster and couple of indexers, and ...

by Path Finder in

OTHER option in timechart doesn't work

Hi Splunkers, I have search like this: index="myindex" host="myhost" | timechart span=1month latest(all_cnt) as "N...

by New Member in

How to join two searches?

Hi, I am trying to join two of my searches in splunk using a common field uniqueID but I am getting a error in Splunk...

by Explorer in

How to access values from event in Splunk

I want to access the values of the events that are coming after splunk search . Data is coming in below format on...

by Path Finder in

CIM version check

How do you check your CIM version info if you are using Splunk Managed Cloud Service?

by New Member in

transaction alternative

Have data in the following format ; 1:26:[06/28/2018][08:00:00.149][6959][3868982128][s537565/r17][servername1][filen...

by New Member in

How to use If and Not statement in one pass?

Hello all, What's the best way to use a NOT statement in an if statement. I'm trying to accomplish something simil...

by Path Finder in

How to search for a keyword2 with in 10 minutes after keyword1 occured in events?

I have a events log something like this, 2018-06-29 03:34:23.090 -5 Thread-55 CM 6107 1 Content Manager is unable ...

by Explorer in

map command usage for a adding a new column

I have a SEARCH-1 Which Gives results like -time column1 column2 I want to run a secondary search for each va...

by Path Finder in

How can I add where statement but only if something matches

Hello experts, I have a search that I am trying to add a where statement to which compares fieldvalueA to fieldval...

by Path Finder in

Extra indexed field in _meta require * in search query

Hi, I have an inputs.conf as below in my UniversalForwarder [monitor::///private/var/log/system.log] _meta = se...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show a true value for the If function?

AND condition in Regex

How can I split similar fields into multiple related events?

Spunk Search Query for Trimming and Grouping

How to configure Splunk statistics table to display more than 100 rows?

Does a saved search get a new sid each time it runs?

Confused with Trigger Conditions - Confused by Documentation

| tstats to include data enrichment from a lookup

Alternative of list(x)

If event X then event Y occurred Return no results, If just X occured return results

How can i use a field value from lookup file to set my earliest time for search dynamically ?

How to return events from a different time range dependent upon field value?

adding multiple fields and value for fillnull

Using streamstats to track currently active values

How do scheduled searches work?

OTHER option in timechart doesn't work

How to join two searches?

How to access values from event in Splunk

CIM version check

transaction alternative

How to use If and Not statement in one pass?

How to search for a keyword2 with in 10 minutes after keyword1 occured in events?

map command usage for a adding a new column

How can I add where statement but only if something matches

Extra indexed field in _meta require * in search query

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6