Splunk Search

Discussions

Thread Info

Why do these 2 searches return different results based on the dedup?

Simple searches that return different restults based on where the dedup is. Seems like ti functuioning 2 different wa...

by Communicator in

How to correlate fields from two different searches?

Thanks in advance. I have events from two different sources: The first source (let's call it Source A) has the ...

by New Member in

Lookup Definition using Match Type

I am attempting to create a new "Week" field based on an external lookup. However, the date field in my sourcetype...

by Explorer in

How to compare 2 filename%y%m%d.csv from month appart?

Hi fellows! I have a scheduled job that output a single host list (in a unique Table) every day. the filename is a...

by New Member in

How can I convert duration to seconds? "1h 2m 3s" to 3723

I have a a field that is called rawtime that has a bunch of durations. My end goal is to graph per hour the average d...

by Engager in

Results for transactions with endswith not met

index=winevents host=servernames* EventCode=1511 OR EventCode=4647 | eval Sid=case(EventCode=1511,'Sid') | lookup lda...

by Communicator in

How to change the name of field values at y-axis

Hi, My idea is to shorten the value names at y-axis to a meaning full short names, so that it doesn't get truncate...

by New Member in

Average and Diff per host

Given I have multiple hosts, I'd like the host total within a bucketed time span, average of the totals across all ho...

by Path Finder in

Compare a field with lookup file

I was trying to compare searched result with lookup file. Is there any to compare results with lookup file. |mysea...

by Explorer in

First day of the month

Hello , I have a job of this month,the problem is that in my histogram i always have thersday as first day

by Explorer in

Help Deploying URL Parser TA to Index and Search Head Cluster

I've been trying to follow examples of other TAs that might use SCP v2 to add parameters I can't use because of chunk...

by New Member in

How to override only specific fields using appendcols?

Hi, Is there a way to only override specific fields only. When i use appendcols override=true, it is overriding all ...

by New Member in

How does one use REGEX, FORMAT, or something else, at index time, to replace "-" with "_" i.e. application_special-source-type => application_special_source_type?

Extracting "_" delimited fields from source file name (regex101.com) ([^\/]+)([^]+)([^]+)([^]+)([^]+)bro([^]+)([^]...

by Path Finder in

Is there a way to apply lookup table in a real time search?

Hi all, I just want to ask if there is a way that I can apply a lookup table in a real-time search? I have this colu...

by Builder in

What is the most efficient way of comparing two indexes.

I'm comparing in event1 from indexA is existing in indexB. Currently I am using join in comparing this two indexes bu...

by Path Finder in

prediction in splnuk

hi all, i am splunk 5.0 and i tried the query below with predict function as given in the document source="hdfs...

by Communicator in

10k row limit csv

I have looked at various solutions such as editing the conf files for an app to increase the 10K limit on emailed sea...

by Explorer in

sort column based on dynamic parameters

My table has variable columns size as Id, description, detail1, detail2, detail3, detail4, price1, price2, price3, p...

by Explorer in

Parsing a JSON string in search object

We changed how our data was getting into splunk instead of dealing with full JSON we're just importing the data strai...

by Explorer in

How to change a search query in the Splunk Insights for Infrastructure?

Currently I have incoming events (from logs). The predefined charts look like histogram of count of events for a spec...

by Explorer in

How to access a lookup table belonging to another app?

I've read the documentation that if permissions are set to Global for a lookup that it can be accessed from within an...

by Contributor in

Why do these searches yield such different results?

index="xyz" "a.b.c.d"=xyz | chart count by a.b Yields 232 results. In order to get field names that are more reaso...

by Path Finder in

How to change table header alignments?

The table header's alignments seem completely random. Some are aligned to the left and others are aligned to the righ...

by Communicator in

Regular expression with lookup

Blockquote I have to build a table that lists all the service names that are in particular format for e.g "ABC...

by New Member in

Can one Search Head Cluster search across multiple Indexer Clusters?

Hi, I am wondering if one Search Head Cluster can search across multiple Indexer Clusters. I have found this doc h...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why do these 2 searches return different results based on the dedup?

How to correlate fields from two different searches?

Lookup Definition using Match Type

How to compare 2 filename%y%m%d.csv from month appart?

How can I convert duration to seconds? "1h 2m 3s" to 3723

Results for transactions with endswith not met

How to change the name of field values at y-axis

Average and Diff per host

Compare a field with lookup file

First day of the month

Help Deploying URL Parser TA to Index and Search Head Cluster

How to override only specific fields using appendcols?

How does one use REGEX, FORMAT, or something else, at index time, to replace "-" with "_" i.e. application_special-source-type => application_special_source_type?

Is there a way to apply lookup table in a real time search?

What is the most efficient way of comparing two indexes.

prediction in splnuk

10k row limit csv

sort column based on dynamic parameters

Parsing a JSON string in search object

How to change a search query in the Splunk Insights for Infrastructure?

How to access a lookup table belonging to another app?

Why do these searches yield such different results?

How to change table header alignments?

Regular expression with lookup

Can one Search Head Cluster search across multiple Indexer Clusters?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions