Splunk Search

Discussions

Thread Info

How do I search for all the IPs that are located in the domain controller?

This is my first time using Splunk and I don't know many commands. I am looking for a command where I can get all the...

by New Member in

How to convert KB to MB?

Hi I need to convert these 2 counters from KB to MB TotalSpaceKB=486757372 FreeSpaceKB=435455092 Do I have to divide ...

by Motivator in

Splunk7.1.2 でタイムゾーン・時刻ズレ／日時のデフォルトフィールド(date_xxxx)の不具合

Splunk 7.1.2でデータ取込みを行い、日時の不デフォルトフィールドを使って9:00～17:00以外の時間範囲というサーチを設定していました。 index=test_index date_hour>=9 AND date_...

by Explorer in

mvexpand gives less results

Now when i use mvexpand i just get 600 results in statistics, instead of getting 1412 alll the events as below: S...

by Explorer in

How can I extract values starting with a specific name using regex?

Hi All, Kindly help me with regex for below sample data. Its only a sample there might be some other pattern of da...

by Builder in

Dynamic conditions composition into a search uses fields extracted from a lookup

Hi to all, I would like to define a dynamic condition into a lookup, which uses the fields defined inside a search...

by Path Finder in

How do I convert the following data into a pivot table?

With the following search index=msperf sourcetype="perfmon_processor_xml" | xpath outfield=Architecture "//COMMAN...

by Path Finder in

Why is the chart only valuing 15% above calculated average response?

I've created a chart that only shows run times above a 60 day average and it's corresponding average, which works per...

by Contributor in

rex extract field not working as expected/ miss handling ")" in regex

Hi I have a field with following value 16/08/2018 03:04:11 - Christian (Work notes) Remote Desktop Notes: - still...

by Communicator in

correlate between two sources

hi i have tow devices, i want to check the result of the same event in tow devices. for example if one source is bloc...

by Explorer in

How do you get events time interval as 15 minutes on timechart x-axis?

Hi one and all, I have my log data as below for every 15min interval. 2018-08-23,16:16,11230,37393,49019 2018-08-2...

by Explorer in

What regex search could I use to find fields that contain exactly 6 digits?

I need to search for fields that contain exactly 6 digits. For example, it should return fields that contain "1234...

by New Member in

Why do I get a 400 stanza error when using a join command in searches?

I tried to add a simple join onto my search but Splunk throws a 400 error {"messages":[{"type":"FATAL","text":"Mi...

by Communicator in

How do I split _raw data into multiple table fields?

I have the following data in _raw and I need to split the data at the semicolon into multiple fields in a table LO...

by Engager in

The command table does not show all fields

My data : _time MODULE NOMBRE_DE_WA_ECRITS [...] 2016-07-18 20:02:37 MOD1 10 My search : eventtype=log_sepa | t...

by Explorer in

How do I find missing information from query 2 and query 1

I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results d...

by Explorer in

Charts with positive and negative values

Is it possible to have charts with both positive and negative values? For example, if I have a time series that ca...

by Communicator in

How to concatenate results from the same field?

Hi, I want to concatenate results from same field into string. How can I do that? e..g |inputlookup user.csv...

by Path Finder in

How can I compare sum(bytes) in two time period using sub-search?

Hi. im new to Splunk. I'm trying to compare the sum(bytes) for an hour ago, and the same hour one week before by c...

by Explorer in

Can I use join by using multiple fields from the main search to match a single field on the subsearch?

I have a search with the following table as output: time customer circuit_id parent_circuit device_card 8...

by Communicator in

Extract string to use for lookup

Need to do a lookup using the hostname field from my events data and an asset name from my asset/cmdb data. However, ...

by Path Finder in

How to use SPL to count the number of clients of a deployment server?

We know we can see the number of clients on the Forwarder Management page of the deployment server, but I want to sho...

by Contributor in

Extract string between 2 string

Hi Community, I have a question about regex and extraction I want to extract only the string between /var/log/n...

by Explorer in

How do I present run time values for the past 30 days, but only display those that are greater than the average?

Hello - we are looking to present daily run time values of events in a search, but only display the daily run time va...

by Contributor in

How does integrating Splunk Universal Forwarder into a Windows System Image work with a deployment server?

Hi all, I have been working on integrating the Splunk Universal Forwarder into a system image that we will use to ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I search for all the IPs that are located in the domain controller?

How to convert KB to MB?

Splunk7.1.2 でタイムゾーン・時刻ズレ／日時のデフォルトフィールド(date_xxxx)の不具合

mvexpand gives less results

How can I extract values starting with a specific name using regex?

Dynamic conditions composition into a search uses fields extracted from a lookup

How do I convert the following data into a pivot table?

Why is the chart only valuing 15% above calculated average response?

rex extract field not working as expected/ miss handling ")" in regex

correlate between two sources

How do you get events time interval as 15 minutes on timechart x-axis?

What regex search could I use to find fields that contain exactly 6 digits?

Why do I get a 400 stanza error when using a join command in searches?

How do I split _raw data into multiple table fields?

The command table does not show all fields

How do I find missing information from query 2 and query 1

Charts with positive and negative values

How to concatenate results from the same field?

How can I compare sum(bytes) in two time period using sub-search?

Can I use join by using multiple fields from the main search to match a single field on the subsearch?

Extract string to use for lookup

How to use SPL to count the number of clients of a deployment server?

Extract string between 2 string

How do I present run time values for the past 30 days, but only display those that are greater than the average?

How does integrating Splunk Universal Forwarder into a Windows System Image work with a deployment server?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions