Splunk Search

Discussions

Thread Info

How to convert an invalid field to a date?

index=pltwg_shopflex | eval Time=typeof(event.InventoryEventCarpet.InventoryEventCreateDateTime) "http://cimsplunk/en...

by New Member in

How to filter on DC after applying stats?

I have the following search in which I am looking for a list of each source IP, the list of websites they hit, the co...

by Influencer in

Timechart Span problem

Hi , Question regarding splunk timechart if i ran the command : index=_internal earliest=-1@d latest=now() | time...

by Builder in

Math function return only 17 most significant digits

Hello everyones, Every math operations or functions seem to round the number to the 17th most significants digits....

by Engager in

Best Practice for saved searches and own APPs / TA

Hi there, we have a SH-cluster and index-cluster (and Dextra deploy-server). We defined some automatic lookup and ...

by Path Finder in

Calculate average count by hour & day combined

Hi, I am wanting to calculate the average count of "incidents" per hour/day (i.e. Mon-07:00, Mon-08:00) over a 12 ...

by Explorer in

using a lookup file to populate a search query

I have a lookup table containing a list of building names - which I think may be useful in creating the query I need ...

by New Member in

Best query to check who modified an AD group

smtp address for the AD group was changed by an admin.Would like to check who made the changes in AD by renaming the ...

by New Member in

Search for regimented connections

Hey Guys, So i'm looking at multiple methods for detecting command and control connections, obviously 1 method alo...

by Communicator in

How to construct columns with the same data, and then use these pseudo columns to calculate

I want to get data ,as following How to construct columns with the same data, and then use these pseudo colu...

by Explorer in

How to create an eval column in a table that says "match" or "no match" if the value of all columns is the same/or not for each row?

test host1 host2 host3 temp test1 x1 x1 x1 Match test2 y1 y2 y1 No match test3 z1 z1 z3 No ma...

by New Member in

How to exclude fields from LinearRegression command/use subsearch to generate fields for LinearRergession ?

Consider fit LinearRegression | fit LinearRegression "name2predict" from "f1" "f2" into "test_model" Question 0 Wh...

by Engager in

Extract string from text based on character position

Hi, I’m looking to extract a numerical value from a string, however struggling as there is nothing to use as a delimi...

by New Member in

Splunk support telecom protocols

We have requirement to setup monitoring for telecom customer , Does Splunk below listed Protocols • IuPS Ranap - DTAP...

by Engager in

filtering search to exclude all instances of field 1 for when certain results in field 2

I have a search that brakes down some router alarms . my fields are Host_IP & Alarm What I'm trying to do is filter ...

by Explorer in

I am using the code for date but this is the time the event was created, not when it really happened. See Details

| convert ctime(_time) AS Time timeformat="%m/%d/%y". Can "event.InventoryEventCarpet.InventoryEventCreateDateTime" b...

by New Member in

"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job."

I just moved my whole dashboard to production environment but when I tried to test using a search string, following e...

by Communicator in

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

The two csv files I have are customers (fields= customerName,customerID,region,IsActive) with one row per customer an...

by Explorer in

Why is stats count by fieldname not working?

In search getting list of events and stats giving count of events but when extend the search by field name, throwing ...

by New Member in

create table based on end time and time limit

Hi, i need to create a table with the following conditions: This is my log: proceso,start,end,diferencia,tiemp...

by Engager in

Coalesce Fields With Values Excluding Nulls

I know you can coalesce multiple columns to merge them into one. However, I am currently coalescing around 8 fields, ...

by Explorer in

Sendemail (Splunk CLI) always sends email whether results are available or not...

I'm running the following search from Splunk CLI: ./splunk search 'index=test | search _raw!="scoobydoo" | sendema...

by Champion in

How to create a regex to extract data?

I am new to Regex and hopefully someone can help me. I am trying to extract data between "[" and "SFP". It doesn't ma...

by Explorer in

How to combine multiple complex searches into 1 output table?

I think I didn't describe my question properly because I don't really have a good grasp of Splunk Jargons but here ar...

by New Member in

I want to match multiple fields from different indexes whether these are matching to other index or not?

I want to match multiple fields from different indexes whether these are matching to other index or not. I was th...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to convert an invalid field to a date?

How to filter on DC after applying stats?

Timechart Span problem

Math function return only 17 most significant digits

Best Practice for saved searches and own APPs / TA

Calculate average count by hour & day combined

using a lookup file to populate a search query

Best query to check who modified an AD group

Search for regimented connections

How to construct columns with the same data, and then use these pseudo columns to calculate

How to create an eval column in a table that says "match" or "no match" if the value of all columns is the same/or not for each row?

How to exclude fields from LinearRegression command/use subsearch to generate fields for LinearRergession ?

Extract string from text based on character position

Splunk support telecom protocols

filtering search to exclude all instances of field 1 for when certain results in field 2

I am using the code for date but this is the time the event was created, not when it really happened. See Details

"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job."

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

Why is stats count by fieldname not working?

create table based on end time and time limit

Coalesce Fields With Values Excluding Nulls

Sendemail (Splunk CLI) always sends email whether results are available or not...

How to create a regex to extract data?

How to combine multiple complex searches into 1 output table?

I want to match multiple fields from different indexes whether these are matching to other index or not?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions