Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to assign numeric values based on counts?

Hello, I need some help. I'm trying to make a search where I take recipient_count and assign a "value" based on ho...

by New Member in

Using Lookup table of known errors in search to not include in results.

Hello splunk users, So I have a system that I am logging all errors to splunk. I have been getting a few false po...

by New Member in

How to eliminate duplicate rows in a scheduled lookup?

I have created a search to populate a lookup periodically. index x sourcetype=y | outputlookup abc.csv append=tru...

by Path Finder in

Get search results after earlier search query

I have a requirement where I have to show the logs in splunk after an earlier search query. i.e Suppose I get a set o...

by New Member in

Why is Splunk Python SDK export not using field extraction?

Hi there, I am trying to use the Python Splunk-SDK to query results from a search, and return a specific field th...

by Path Finder in

Find event with invalid JSON

Trying to find a consistent way of finding events that contain invalid JSON. We've ran into all sorts of different is...

by Communicator in

How do you create an if statement without the else?

I am producing a table that will monitor what various users are searching for and I am trying to limit the amount of ...

by New Member in

help on eval

hello i try to use the code below but everytimes i have an issue of quote or parenthesis even if i do modifications: ...

by Motivator in

How to assign multivalued field to a variable?

Hi, I'm trying to assign the multivalue field ApixRes and RestRes to a new variable result . But , it isnt working...

by Path Finder in

How to use stats count where OR stats count where on different fields?

Greetings, I'm pretty new to Splunk. I have to create a search/alert and am having trouble with the syntax. This i...

by Path Finder in

Field Extractions tutorial or recommended documentation?

Hi: I want to extract 3 fields from this line Create "/juanpablo/files/Splunk Info/universalforwarders.pdf" wit...

by New Member in

Has anybody integrated dynatrace managed 7x/appmon 7x events into splunk on premise

Hi Experts, Need your support for one POC, I need to know whether we can get the dynatrace appmon/managed 7.1 aler...

by New Member in

How to add a character to front of result if true in an if statement?

Hi, I want to use an eval if statement to add a minus onto the original value if it's is true. I am using table comma...

by Engager in

How can I give source string dynamically in COLLECT command?

I want to extract a value dynamically in a subsearch and give the value (string) to source= << string>> of COLLECT co...

by New Member in

search not returning after map command

I'm writing a search that extracts data from 2 indexes. I have 3 searches that tries to accomplish this. 1st searc...

by Contributor in

Will the below search work.

|inputlookup lookup |map [ search index=index ESP_APPLICATION=$ESP_Application$ |eval Actual_Start_Time='[search inde...

by Explorer in

Percentage per each MEMBER per row not per all of them in chart/timechart

Hi, I'm newbie here and read a little about my issue in docs and answers here but got no clue for now. I've got coupl...

by New Member in

splunk query for consecutive event in less than 5 s window

Hi I am trying to write a query to detect IIS start stop event 3201 and 3202 respectively. I wanted to create a query...

by Path Finder in

How to use rex to capture a list of fields?

I have the following log data: Number of Users:3 [1]UserId:1 NumberOfUserRoles:2 [1]UserRoleCode:1 UserRoleTex...

by Path Finder in

Need help with Where for _time from lookup

Hi all, So inherited a lookup table from former contractor and want to pull and display information based on what ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to assign numeric values based on counts?

Using Lookup table of known errors in search to not include in results.

How to eliminate duplicate rows in a scheduled lookup?

Get search results after earlier search query

Why is Splunk Python SDK export not using field extraction?

Find event with invalid JSON

How do you create an if statement without the else?

help on eval

How to assign multivalued field to a variable?

How to use stats count where OR stats count where on different fields?

Field Extractions tutorial or recommended documentation?

Has anybody integrated dynatrace managed 7x/appmon 7x events into splunk on premise

How to add a character to front of result if true in an if statement?

How can I give source string dynamically in COLLECT command?

search not returning after map command

Will the below search work.

Percentage per each MEMBER per row not per all of them in chart/timechart

splunk query for consecutive event in less than 5 s window

How to use rex to capture a list of fields?

Need help with Where for _time from lookup

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

compare today vs last week same hour stats and giv...

I think hidden characters are breaking my joins

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...