Splunk Search

Discussions

Thread Info

search based on lookup table help

Hello All I have a lookup table that I created that only has ip address and hostnames. I want to run the following...

by Contributor in

map question

I'm getting some strange results with the map command. This is what I need to do... in one index (1st search) I have ...

by Contributor in

Using $starttime$ and $endtime$ in a macro with 'map'

I am trying to create a macro which uses $startime$ and $endtime$ in a map. Whenever I do however I get the following...

by Path Finder in

Why am I having issues with two fields that hold multi-values in one time import of OpenLDAP Data ?

I am importing a dump from my openLDAP into splunk via on one-time "data-import" . The fields, O, OU, DN, MAIL, etc a...

by Explorer in

Filter results by IP address from 3 lookup

Hello i have one trouble, i went to extract IP address that not in Lookup of list servers and not in lookup of lis...

by Engager in

How to get the events where the value is greater than 40 using where condition?

hello I use this code index="perfmon" sourcetype="perfmon:logicaldisk" instance=c: | eval Value=round(Value, 2...

by Motivator in

custom search command throw "You have insufficient privileges to perform this operation."

I copy gauge.py under C:\Program Files\Splunk\etc\apps\search\bin into C:\Program Files\Splunk\etc\apps\search\bin\te...

by Explorer in

Creating mean time to repair out of ping output script

Hi all, I know there's probably a simple answer, but being relatively new to Splunk, I'm still trying to get my he...

by Path Finder in

How to run a diff search with a Head 2 command across multiple systems?

I have developed a search, with help years ago, that will show differences in a netstat command using "diff" and "hea...

by Builder in

Timechart to filter inactive buckets

I need help with time chat query. Basically I want to display all the graph occurrences where the count hit 0 and sta...

by Communicator in

How to exclude events where the date greater than today?

Hi, Is there a way to exclude events in a search where a specific date field (not timestamp) is greater than today...

by Path Finder in

how to write query to show only failure records from the following query with field filter is Applicationstatus_MFT!="Success"

index=axway* sourcetype=":messages" SENDERROUTINGID="KNPROD" |stats count by PRODUCTIONFILENAME|fields - count |renam...

by New Member in

Extracted values not showing up in new fields

Hi all, I'm extracting a lists of values from a column called QoEReport but the extracted value does not show up in t...

by Communicator in

Map earliest/latest no longer working since update to 7.1.0

Our Splunk instance has recently (yesterday?) been updated to 7.1.0 from 7.0.0. My queries were working perfectly be...

by Explorer in

How to get employee name in chart?

Dear All, I have one employee master csv that have employee name, departmentname, projectname. If the employee is ...

by Explorer in

How to extract a string from a long field containing special characters?

Hi all, I'm trying to use use Rex to extract a specific value from a really long string which contains all kinds of c...

by Communicator in

Why are there no results found in a search while exploring the search tutorial?

Hello Team Splunk, I am following the simple search tutorial featuring logs in zip files from the fictitious compa...

by Communicator in

Kafka regex: Why is the command not working in Splunk search?

{"topic": "amx", "total_lag": 2670, "partitions": [{"lag": 117, "partition_number": 0}, {"lag": 122, "partition_numbe...

by Explorer in

Timechart /Timewrap - change in the x axis

Hi all, I am using the timechart graph to represent number of apples every week over last 28 days and compare it ...

by Explorer in

How to create a chart that shows the JSON count by fields within an object?

Each line of my log has the following json construct { resourceUsage: [ { cloud: AWS ...

by New Member in

Lookup Errors When No Lookup Is Used

I'm getting "Could not find all of the specified lookup fields in the lookup table......." even when I'm not using a ...

by Engager in

How do optimizations for field-based searches work?

When I search using key-value pairs as terms, what kind of optimizations does Splunk perform to retrieve the events t...

by Splunk Employee in

Regex : Extract text after occurrence of a specific recurring character

I have events like this - [2018-03-30 13:45:51,515] [[ACTIVE] ExecuteThread: '15' for queue: 'weblogic.kernel.Defaul...

by Champion in

How do I predict the monthly data using predict command in splunk?

Sample Data; Month Year X1 5 2015 220 6 2015 210 7 2015 225 Output Predicted results: Month year x1 8 2015...

by New Member in

Splunk query for formatting the output

Hello, i am new to splunk and SPL. Below are the sample logs and my query. i was trying to get output like shown b...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search based on lookup table help

map question

Using $starttime$ and $endtime$ in a macro with 'map'

Why am I having issues with two fields that hold multi-values in one time import of OpenLDAP Data ?

Filter results by IP address from 3 lookup

How to get the events where the value is greater than 40 using where condition?

custom search command throw "You have insufficient privileges to perform this operation."

Creating mean time to repair out of ping output script

How to run a diff search with a Head 2 command across multiple systems?

Timechart to filter inactive buckets

How to exclude events where the date greater than today?

how to write query to show only failure records from the following query with field filter is Applicationstatus_MFT!="Success"

Extracted values not showing up in new fields

Map earliest/latest no longer working since update to 7.1.0

How to get employee name in chart?

How to extract a string from a long field containing special characters?

Why are there no results found in a search while exploring the search tutorial?

Kafka regex: Why is the command not working in Splunk search?

Timechart /Timewrap - change in the x axis

How to create a chart that shows the JSON count by fields within an object?

Lookup Errors When No Lookup Is Used

How do optimizations for field-based searches work?

Regex : Extract text after occurrence of a specific recurring character

How do I predict the monthly data using predict command in splunk?

Splunk query for formatting the output

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions