Splunk Search

Ask a Question

Discussions

Thread Info

Powershell vs WMI

Hi I an SPL command i use the Win32_DesktopMonitor WMI class and SPLUNK is able to use all the fields correspondin...

by Motivator in

Find the missed id in the Query2 compared with Query1

I have 2 queries producing some results Query1: index=foo* sourcetype="abc_uvw" activity="POST*/test1" source="/lo...

by Explorer in

Spliting multiple events in a transaction column , into seperate columns

Hi All, So when im running a transaction based on starts with .... ends with... i'm getting two events of the tran...

by New Member in

How to check if field exists in two indexes

Hello, I am looking at two indexes with the same field, "hostname". I am looking to create a table of the host...

by New Member in

Extract domain part of list of emails addresses.

Hi, My results are a bunch of email address, I want to display them in table grouped by their domains. What's ...

by Explorer in

Maintenance Time query help

Hi, I'm using a lookup which stores maintenance periods and can be used to exclude events of downtime from my main...

by Path Finder in

Combine and use query results contained in 2 other queries.

My data model is like: Key Source Destination 1 a b 1 b c 1 a c 1 a e because the source result table is too larg...

by Path Finder in

Search ID or sid

i have extracted this log as i need to get the search id to get the SPL used. this is a search that triggers an alert...

by Communicator in

Is it possible to put values of multiple fields in a field in a sequence?

Hi, Is this possible to do in spl? For example I have these fields: What I need to do is to arrange...

by Path Finder in

How to create a field of percentiles of a stats field

I have constructed a responsetime field using eval resp=endtime-startime,now I want to get a list of percentiles from...

by New Member in

timechart span value produces different averages for the day

Case 1: earliest=-1d@d latest=-0d@d ... | timechart span=1h count as Samples, avg(duration) as avg vs. Case 2: earlie...

by Path Finder in

Check IP against lookup file with IP/CIDRs.

Hi all, I am new to using lookups and I'm a bit confused. I've created a lookup file on my splunk instance called...

by Path Finder in

Searching multiple indexes to get the ID-Value and other associated columns

Hi there, I'm trying to join two indexes to get the id-value and ingest the data into main index. Here is my scena...

by Explorer in

How do I get host_regex to work for my log file names?

Log files are: /audit/files/20180515041511.scc145.audit.log.1 /audit/files/20180515041511.scc145.audit.log.2 /audit/...

by Engager in

Search two fields with same name but different values

I'm trying to create a stats table in Splunk that shows the IP of VMs and the IP of the Host that supports those VMs....

by Path Finder in

How to merge the results from two different indexes/sourcetypes.

Hi, I have two queries, one gives me the test-case names, test-id details and lsf jobid details. Another query giv...

by New Member in

Create search with percent of total

Hi all, Please help me! How to create a search with the percentage of desktops with outdated antivirus. Since even...

by Path Finder in

question about predict

so I have this query that detects anomalies in the errors from a specific source based on the mean absolute value of ...

by Path Finder in

How to sort group by results?

For example: raw data is 100,x,info=1,error=1,warn=1 101,x,info=1,error=1,warn=1 101,y,info=1,error=2,warn=1 10...

by Explorer in

How to write a search using my sample test data to get the expected table of results?

Hi Team, I'm Facing issue in designing a query for the following requirement : Sample data : Test data : ...

by Explorer in

How can I chart queries over time?

I have a query that end with | table jra_conn bam_conn bib_conn jra_conn, bam_conn, bib_conn are not Splunk fi...

by Contributor in

Search taking much time in different app than the search app

I have a Dashboard that when i open in the search app it show the results quickly, but when i open in other one it ta...

by Explorer in

Why do the REST API and Splunk GUI give different results for the same query?

When I run the query search index=* sourcetype="XXX" earliest=-7d@d latest=-6d@d | stats count via the REST API, I ge...

by New Member in

How do I clean metadata after deleting the eventdata for a particular source

Hello, I indexed data using files and directory monitor to index multiple files in a folder. I later deleted the d...

by Path Finder in

How to typecast integer to string and save that to a new field?

I have a numeric field that needs to be string to put be CIM compliant. I tried using tostring, but it still shows up...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Powershell vs WMI

Find the missed id in the Query2 compared with Query1

Spliting multiple events in a transaction column , into seperate columns

How to check if field exists in two indexes

Extract domain part of list of emails addresses.

Maintenance Time query help

Combine and use query results contained in 2 other queries.

Search ID or sid

Is it possible to put values of multiple fields in a field in a sequence?

How to create a field of percentiles of a stats field

timechart span value produces different averages for the day

Check IP against lookup file with IP/CIDRs.

Searching multiple indexes to get the ID-Value and other associated columns

How do I get host_regex to work for my log file names?

Search two fields with same name but different values

How to merge the results from two different indexes/sourcetypes.

Create search with percent of total

question about predict

How to sort group by results?

How to write a search using my sample test data to get the expected table of results?

How can I chart queries over time?

Search taking much time in different app than the search app

Why do the REST API and Splunk GUI give different results for the same query?

How do I clean metadata after deleting the eventdata for a particular source

How to typecast integer to string and save that to a new field?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions