Splunk Search

Discussions

Thread Info

How can I combine two chart query outputs as 1?

Part A: index=web splunk_server_group=hotel sourcetype=hotellog eventname=hotel-book earliest=-3d| eval dateyearw...

by New Member in

unable to extract all matching values in a single line; the interesting field only captures first matching value.

The string is a single line, i am unable to extract all matching value in this line. The interesting fields that Splu...

by Explorer in

How can I join two searches on a common field?

I'm trying to append a two tables on a common key. I am using |appendcols but the two tables are not internally joine...

by Path Finder in

lookuptable compare with new event

I called all the errors and created to lookup-table. I want to create a job which would compare the last 5 minutes of...

by Engager in

Find Time between events, including current Time.

Hello all, I've seen examples of how to find time between events using streamstats, and also to find the time sinc...

by Explorer in

Searching strings with accented characters

Hello, I'm having an issue when trying to filter events based on accented characters. For instance if I look a...

by Path Finder in

View full source of the log file

I have a need to view/export the source a log file. Requirement is to export all lines of the log file within a date/...

by New Member in

What are some of the best practices for field extractions?

Hi, There is some debate in our group regarding best practices for field extractions. We have a feed that has well...

by Champion in

find max length where field name is firstName_1,firstName_2...

My splunk entry is firstName_1="Tom" firstName_2="Jerry" firstName_3="Tom1" firstName_4="Jerry1" I would like to f...

by Engager in

Does Anyone Have Field Definitions for Cisco IOS Technology Add-On?

We have been asked to provide definitions for the following field names for events produced by parsing Cisco switch l...

by Engager in

One-Table Combining Different Search Results in Real-Time

My end goal is to show events in one table coming from multiple searches in real time. They all have the same fields....

by Path Finder in

How to display comparison between previous week with current week in Single Value with trendline

Hi, I have a query which should ideally give me results for the Last week and the current week Request count. i...

by Communicator in

subsearch or lookup from search results

Morning all, In short I need to be able to run a CSV lookup search against all my Splunk logs to find all Session...

by New Member in

Trouble with UTC time

I have some search results that return values in the format %Y-%m-%d %H:%M:%S. For example: ...some search... | ta...

by Path Finder in

In real-time alert, if I use lookup command, too many alerts triggered.

Splunk ver 7.1.1 I'm using real-time alert that trigger when there is event which has src_ip match black_list.csv ...

by Builder in

how to know the search history by user, but only the searches you type

Sorry for the inconvenience, but I'm looking for a query that only shows the searches typed by users, because when I ...

by Path Finder in

Replace a column with diagonal value in a table

host time timediff a 12:00 END a 11:55 1 a 11:50 1 I want to replace the "END" in timediff with the below value: t...

by Explorer in

Adding a date to a string Message

I am trying to create an error message based on a time frame, the last 15 min. and now. So the error message would sa...

by Path Finder in

count(var) by "a list of values within a field"

First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with ...

by New Member in

How to write a regex for string followed by number?

Below are my 3 logs, i want to write a query, to get all the below 3 logs: **EXT_CODE*[0-9]** with 1/2/3 digit fol...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I combine two chart query outputs as 1?

unable to extract all matching values in a single line; the interesting field only captures first matching value.

How can I join two searches on a common field?

lookuptable compare with new event

Find Time between events, including current Time.

Searching strings with accented characters

View full source of the log file

What are some of the best practices for field extractions?

find max length where field name is firstName_1,firstName_2...

Does Anyone Have Field Definitions for Cisco IOS Technology Add-On?

One-Table Combining Different Search Results in Real-Time

How to display comparison between previous week with current week in Single Value with trendline

subsearch or lookup from search results

Trouble with UTC time

In real-time alert, if I use lookup command, too many alerts triggered.

how to know the search history by user, but only the searches you type

Replace a column with diagonal value in a table

Adding a date to a string Message

count(var) by "a list of values within a field"

How to write a regex for string followed by number?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

comparing 2 KV files

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?