Splunk Search

Discussions

Thread Info

Creating a join when first search contains multiple values for a single field

Hey all, this one has be stumped. I'm trying to join two searches where the first search includes a single field with...

by Contributor in

Help with "set diff" (need to keep the time of the events in the results)?

I'm trying to get a result table of all he hosts in our OSSEC environment that have changed status over the past 24 h...

by Contributor in

Why is _time storing incorrect value?

I use the below saved search and scheduled it and enabled the summary index. | dbxquery connection=connectionname ...

by Communicator in

Current Month Estimated Billing not displaying Account ID in drop-down

Unable to get billing details in Splunk App for AWS. I have configured the billing input in Splunk Add-on apps.

by New Member in

Would you create rex or regex to extract a string and create a new field?

I have the raw data below. How do I get the strings after the "action": and put all the results into a new field? ...

by New Member in

Issue at selection with Time Range picker

Hi, we use in our environment (indexer cluster, searchhaed/deployment server) Splunk enterprise version 7.1.1. If...

by Contributor in

How do you search for events that match the exact text of a raw text?

Hello index="cs_test" "Splunktest" "Refund succeeded" OR *"action"=>"refund"* I have a below raw text log, I w...

by New Member in

need help with eval query

hi want to compare the email header and count by dest_port =25. (Im trying to detect a phishing email via email title...

by Path Finder in

,Is it possible to collect inventory, performance information, and status events from VPLEX?

,Is it possible to collect inventory, performance information, and status events from DellEMC VPLEX?

by New Member in

How to create a bar chart where the bar colors change dynamically if they are above or below an SLA line?

Hi. I have a bar chart that shows an SLA line and response times for today and the previous day. What I want is wh...

by Explorer in

Add another condition Help

Hello, please help create a search add another condition to fire this alert if there are no results Here is the sp...

by Engager in

Multiple values extraction and join common filed to other events at index time

Hi All, I am wondering if someone has implemented multi value fields at index time similar to the following The...

by Explorer in

How to refer root search from data model to build a tstats query?

I have a data model with root events, but now as per the latest requirement added root search as well in the same dat...

by Path Finder in

Could someone please let me know why there is a difference in cold bucket for % and GB

Hello All, When I ran a query to check disk usgae in GB & % ,I could see for hot bucket looks same for both GB & %...

by Engager in

How to create a regex to extract field values?

Hi, I need a regex to extract the value 'Fred' in quotes after the User declaration below; ,"User:"Fred", So...

by Path Finder in

How can I use a search result as a filename variable of a inputlookup statement

Hi, I like to setup a kind of help-text library based on unique msgcode-xx.csv text files. (or internal/external t...

by Contributor in

Compare stats of current day with previous day

Hi all! I am currently getting stats of current day as followed Port Count 25 25 443 75 53 990 I wanted a table li...

by Explorer in

TsidxStats Unknown function list

Hi, in the doc I can see we can use the list function with the pivot commands, but when I tried I got this error m...

by Engager in

VALUE FORMAT

Hi i have a value like this in a field 2018067155420 and i want to format it with this format : yyyymmddhhmmss so ...

by Motivator in

How to correlate logs with different sources to detect events

Hi, what I am trying to do is to create a search query based on two sources. Source 1 will be the logs I want to inv...

by Engager in

Converting Duration Field value to seconds

I have a extracted field call CallDuration and in logs it in format %H:%M:%S.%2N like 00:00:38.60 That means th...

by Contributor in

can i run curl command in the search head

can i run curl command in the search head to access the rest api logs

by Path Finder in

Related Fields

I have the following events: { "file_name": "java.exe", "process_id": "0fb9dcff-c345-4d76-ae53-af46cd34524...

by Explorer in

How to avoid extracting fields from quoted values?

We've noticed that key=value pairs inside a quoted value get extracted too. For example, with an event like foo="bar=...

by Path Finder in

Stats to use for comparison for present VS previous time

Hi, I have below search string: index=XYZ | eval ip = mvindex(split(ip_address,"/"),0) | lookup ABC IP as ip | ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating a join when first search contains multiple values for a single field

Help with "set diff" (need to keep the time of the events in the results)?

Why is _time storing incorrect value?

Current Month Estimated Billing not displaying Account ID in drop-down

Would you create rex or regex to extract a string and create a new field?

Issue at selection with Time Range picker

How do you search for events that match the exact text of a raw text?

need help with eval query

,Is it possible to collect inventory, performance information, and status events from VPLEX?

How to create a bar chart where the bar colors change dynamically if they are above or below an SLA line?

Add another condition Help

Multiple values extraction and join common filed to other events at index time

How to refer root search from data model to build a tstats query?

Could someone please let me know why there is a difference in cold bucket for % and GB

How to create a regex to extract field values?

How can I use a search result as a filename variable of a inputlookup statement

Compare stats of current day with previous day

TsidxStats Unknown function list

VALUE FORMAT

How to correlate logs with different sources to detect events

Converting Duration Field value to seconds

can i run curl command in the search head

Related Fields

How to avoid extracting fields from quoted values?

Stats to use for comparison for present VS previous time

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!