Splunk Search

Discussions

Thread Info

Can i use comparations and conditional like function with search

Hi team i would like to use something like that | eval foo=if(like(Description,"%[search index=prueba | fields u_i...

by Communicator in

What sort of regular expressions does splunk use?

Just curious about this. Most of the regular expressions I see splunk use look nothing like standard/posix regular ex...

by Builder in

How to write this type of return query?

My query is: search[|inputlookup abc | stats count(Numbers) as sum| eval end=strptime(End_Date_Time,"%Y/%m/%d %H:%...

by Path Finder in

Skipped SavedSearches

Hi! I get sometimes messages that some savedsearches are skipped. The only information what I get is an event i...

by Communicator in

Combine 2 separate searches and display on a single Time Chart

I am trying to combine the results from 2 different search queries into a single time chart. I am using "Shared Time ...

by Path Finder in

Data count issues using | where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to search based on time

Using | where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to se...

by Explorer in

how to expand multi value fields with different formats

Hi , I want to expand as erach event for the attached example

by Explorer in

Search earliest"-10m" based on a datetime field from the event and not from the indexed time

Hi, i want to search the events from the last 10 minutes based on the secondary datetime field from a event. No...

by Explorer in

Show the a particular percentage using Single Value

Hello Splunkers, I've been trying to show in a Single Value Visualization 3 different percentage values. My sea...

by Explorer in

Chart for Events falling within same time

I have events event_starttime, event_endtime, event_duration, event_name I want chart of events falling in common ...

by New Member in

Lookup Tabel with UrLs

Looking for assistance in creating a lookup table with UrLs, my syntax below does not work. Any ideas on how to use a...

by New Member in

How to form key, value pairs from 2 multivalue fields?

Hi I am trying to extract data from 2 multivalue fields and trying to form key value pair, for example, I have data s...

by Explorer in

Merge dataset from tstat with data from external *.csv file.

Hello, I have to merge dataset with data from csv file. CSV file is well added. Dataset: ACTION, CLASS, CURREN...

by Engager in

How to take the values from lookup file as an input to a search query

I am trying to take the value of a field from the lookup file and passing that as an input value to a field in my sea...

by Communicator in

Comparing average to one row

Hi, I'm looking for a way to take the average of a bunch of fields and compare one row to that average using a vis...

by Engager in

How to search for fields with empty values?

I'm trying unsuccessfully to select events with fields with empty values. How can this be accomplished? My even...

by Path Finder in

How to retrieve multiple values of a single field in a single table row?

I have a few logs in this format: |preferenceDetails:-preferenceType=BILL_NOTIFICATION,preferenceAction=OPT_IN,pre...

by Path Finder in

How to use rex to parse Select Query in a log?

Hi, I have a log like below "12","select a.a,b.b,c from a,b where a.a = b.a group by xxxx","impala",2017-06-30...

by New Member in

How to summarize a lot of fields with mvappend

I am trying to find the standard deviation from the postfix log. I assume the following search sentence. index=pos...

by New Member in

How do you pass a case or if statement value to a lookup table search?

Background: I have having some issues with LDAP Identities that have the same identity name so I was trying to car...

by Engager in

Using lookup table as source for search

I am looking for a way to perform a search and produce results matching search results against a lookup table or vice...

by New Member in

Timechart grouping

I am trying to analyze patterns of heap usage by Java Virtual Machine (JVM) level and 5 jvms grouped as a host. Now I...

by New Member in

How to reformat the table output?

| base query with some eval commands | table a_snake, a_cat, a_dog, b_snake, b_cat, b_dog, c_snake, c_cat, c_dog ...

by Contributor in

How to get the overall average and average per 5 minutes on a Time Chart?

I have a timechart which currently outputs the average value for every 5 minutes over a period of time for the field ...

by Path Finder in

extract fields from csv file preamble

I have a csv file where the column header is on the fourth line. Before that are several interesting fields which i w...

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can i use comparations and conditional like function with search

What sort of regular expressions does splunk use?

How to write this type of return query?

Skipped SavedSearches

Combine 2 separate searches and display on a single Time Chart

Data count issues using | where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to search based on time

how to expand multi value fields with different formats

Search earliest"-10m" based on a datetime field from the event and not from the indexed time

Show the a particular percentage using Single Value

Chart for Events falling within same time

Lookup Tabel with UrLs

How to form key, value pairs from 2 multivalue fields?

Merge dataset from tstat with data from external *.csv file.

How to take the values from lookup file as an input to a search query

Comparing average to one row

How to search for fields with empty values?

How to retrieve multiple values of a single field in a single table row?

How to use rex to parse Select Query in a log?

How to summarize a lot of fields with mvappend

How do you pass a case or if statement value to a lookup table search?

Using lookup table as source for search

Timechart grouping

How to reformat the table output?

How to get the overall average and average per 5 minutes on a Time Chart?

extract fields from csv file preamble

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions