Splunk Search

Discussions

Thread Info

How to use Wildcards with eval, stats, and count?

Hello! I have a field called "Customers Email" and I wanted to get a count of all the emails that end in .gov, .edu, ...

by Explorer in

Way to exclude results from Values() based on # returned?

I'm trying to do a search to find IPs trying to login in using multiple usernames (using Duo). I have it working ver...

by Engager in

Align all values of a table to the left (for PDF export)

Hello, I am currently trying to create a table on which every value, whether number or string, is aligned to the l...

by Communicator in

How to dedup in a search with a Lookup table?

I have a working search that uses a look up, that is like this: index=MyIndex [| inputlookup MyCSVFile | stats...

by Explorer in

How to combine two field values into one field from a .csv file?

Hello! I have a csv file where there are two fields called "Customers First Name" and "Customers Last Name". I w...

by Explorer in

How to get peak and average TPS for all the service call

Hi, We are looking for a splunk query using which we have to create a dashboard to show average and maximum TPS fo...

by New Member in

Why do transforming commands not work after upgrade to Splunk 8?

Hello, I have recently upgraded from Splunk 7 to Splunk 8.2.4. After the upgrade, I noticed that some transf...

by Path Finder in

How to search duration of job?

Hi, I am trying to build a query where I need Job duration. Each job could run multiple time and its start/end time ...

by Explorer in

How to change timestamp value on old data in an index?

Hi there, I have a requirement where I have a large number of events which was uploaded on the 4th November but th...

by Path Finder in

Is there a way to sort eval-ed field by one of its parent fields?

Hi all, I need some help sorting an eval field by one of it's components per below. ... | eventstats c...

by Path Finder in

How to refine search to pull the hosts that has 100+ results?

So based off my original query that shows 100+ hosts, I would like to generate a list of the hosts in statistics but ...

by Explorer in

How to compare GeoLocation values of login events for each user to previous logins?

I am trying to create an alert that triggers when the location field of a login event from a user changes. so if a us...

by Explorer in

Unable to get fields with rex?

Hello, I have this search results: Error for user flow: AAAAA - user: BBBB - Msg: {\"_e...

by Engager in

How to exclude top N values or percent from percentile calculations?

I'm trying to get an accurate percentile representation from a dataset of hourly metrics, excluding outliers. The da...

by New Member in

How to compare two multi value fields and return true when at least one of the values matches?

Hello Splunkers, I am trying to compare two multi value ID columns, and return true when at least of the val...

by New Member in

How can I build a report using my query of IP addresses with the location information off of the lookup file?

Hi Team. I have a splunk query with a list of IP addressses(Client_IP). I also have a lookup file with the IP ranges(...

by Path Finder in

Why is my Splunk License daily volume usage count 0 MB?

My doubt is that I can see,My Volume used today = 0 MB ( 0% of quota ). Why It's showing as 0 MB, I tried many queri...

by Engager in

Release Management with Splunk?

All, We're looking to open Splunk up some and let developers submit TAs and apps and what not without admin invol...

by Builder in

Refining the search query using dynamic values

Hi Community, I have a search query where I am trying to get values for the search from the results of another ...

by Communicator in

Search factor vs Replication factor-If I change my SF=2 , does this mean 2 copies are changed to primary?

i know that setting RF=2 ensures 2 copies of buckets on available indexers. so this consume 2X times of space/disk.no...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use Wildcards with eval, stats, and count?

Way to exclude results from Values() based on # returned?

Align all values of a table to the left (for PDF export)

How to dedup in a search with a Lookup table?

How to combine two field values into one field from a .csv file?

How to get peak and average TPS for all the service call

Why do transforming commands not work after upgrade to Splunk 8?

How to search duration of job?

How to change timestamp value on old data in an index?

Is there a way to sort eval-ed field by one of its parent fields?

How to refine search to pull the hosts that has 100+ results?

How to compare GeoLocation values of login events for each user to previous logins?

Unable to get fields with rex?

How to exclude top N values or percent from percentile calculations?

How to compare two multi value fields and return true when at least one of the values matches?

How can I build a report using my query of IP addresses with the location information off of the lookup file?

Why is my Splunk License daily volume usage count 0 MB?

Release Management with Splunk?

Refining the search query using dynamic values

Search factor vs Replication factor-If I change my SF=2 , does this mean 2 copies are changed to primary?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...