Splunk Search

Discussions

Thread Info

How to update certain time fields of lookup table without overwriting old table entries?

I'm currently trying to work with a csv lookup table that has the following columns. Susp_IP, Ticket_num, date_last_s...

by Explorer in

Why does the Search Results Wrapper not render the query results?

I am running queries that have results, yet the results section is blank and will not render the logs. I have a white...

by Path Finder in

How to convert to epoch time?

Is it possible to convert the following into an epoch timestamp using strptime; 2018-05-31T06:49:13Z Or will I ...

by Path Finder in

extract string to a field

I have some strings appearing in the events , i want to extract them ,it doesnt have any keyvalue pair sample event ...

by New Member in

Custom command giving unexpected result

I have followed below link but not receiving expected result. Step 1 Commands.conf [shape] chunked=true filename =...

by New Member in

How can I combine the events to bring it back as 1 event or even for it to show just a list of fields?

I have a search like this where it brings back a history of an event based on the guid. The last event has the inform...

by Communicator in

How to parse json data containing an array and plot it on a bargraph,How to Iterate through a json array in splunk data

I have a very limited knowledge of splunk. I am trying to parse json data containing an array and plot it on a bargra...

by New Member in

If Else functionality to pick different subsearch

Depending on what month it is I need to run a different sub-search. index=foo source=bar [| inputlookup serve...

by Path Finder in

issue with sort command

Hi, index="testdb" sourcetype="audt" | table Command, Duration | sort Duration | search Duration>=60. This search ...

by New Member in

How to ensure a transaction with an update finished before another transaction with the same input.

In Splunk I have an application that updates a database. Currently there's been an issue with receiving a transaction...

by New Member in

not getting empty row value count when doing count by fields.

i have four filed in a csv file, where some time , one filed value coming as empty, as like below field1 , field2, fi...

by New Member in

Splunk searches not yeilding data results for months

Hello, I am a splunk newby who started using splunk at my job to build dashboards for a call center setting. Since ap...

by New Member in

How to add seconds to epoch time using time modifiers?

I have a dashboard which uses tokens that look like this earliest=$TIME.earliest$ latest=$TIME.earliest$+60s ...

by SplunkTrust in

Why does query return 0 results if I don't specify index?

I have a query in splunk that returns 0 results if I type: my search terms here but works if I prepend index=*...

by Path Finder in

How to use the "IF" statement to evaluate a window of time?

I apologize in advance as I'm new to Splunk searching... I currently have a basic search for my dashboard that ret...

by Engager in

when using predict fields become null

so when I use the predict command my fields become null index=summary source="summary_events_2" orig_source=pnr m...

by Path Finder in

Server memory calculation over different time intervals in the same query

Hi, I am getting the memory data from windows server in Splunk every minute index=main sourcetype="Perfmon:*" c...

by Contributor in

Transacting Events Across Different Field Names

i'm using transact to group logon events on windows by Logon_ID. On Windows 10, there's also a Linked_Logon_ID that l...

by New Member in

How can I display ranges as text min - max?

If I have data such as this: SensorNo A B C D....Z AA AB.... 123 2.4 2.5 2.6 1.0 ....89.1 124 8.6 2.6 3.6 5.7 .... ...

by Path Finder in

How to use inputlookup OUTPUT properly when a column is blank?

This is a follow up question with respect to this previous question - https://answers.splunk.com/answers/627286/how-t...

by Explorer in

How to create below scenario?

I have below parameter and their values over server_Name: Parameters Server_Name1 Server_Name2 Now I want to ad...

by Communicator in

How to catch end of line symbols with regex?

I have symbols that mean end of line \r\n Example of string: D:\INSTALL\_SysinternalsSuite\processhacker-2....

by Explorer in

Ignore Field in Embedded Search but include it in Final Table

Scenario: - The data I need is ultimately contained in completely different indeces/sourcetypes - I have a set of 5 c...

by Explorer in

Strftime adds 1 hour after converting

I'm working on identifying which hosts are located in which time zone as the client does not have an inventory list a...

by Communicator in

event contains same field with different values

My events contain teh same fieldnames multiple times with different values. I.E. < active_recip="9" deliv_recip="0" h...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to update certain time fields of lookup table without overwriting old table entries?

Why does the Search Results Wrapper not render the query results?

How to convert to epoch time?

extract string to a field

Custom command giving unexpected result

How can I combine the events to bring it back as 1 event or even for it to show just a list of fields?

How to parse json data containing an array and plot it on a bargraph,How to Iterate through a json array in splunk data

If Else functionality to pick different subsearch

issue with sort command

How to ensure a transaction with an update finished before another transaction with the same input.

not getting empty row value count when doing count by fields.

Splunk searches not yeilding data results for months

How to add seconds to epoch time using time modifiers?

Why does query return 0 results if I don't specify index?

How to use the "IF" statement to evaluate a window of time?

when using predict fields become null

Server memory calculation over different time intervals in the same query

Transacting Events Across Different Field Names

How can I display ranges as text min - max?

How to use inputlookup OUTPUT properly when a column is blank?

How to create below scenario?

How to catch end of line symbols with regex?

Ignore Field in Embedded Search but include it in Final Table

Strftime adds 1 hour after converting

event contains same field with different values

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions