Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

avg many fields

HELLO I try to do an avg on multiple fields but i dont succeed for one field i use this / stats avg(ReadOperationC...

by Motivator in

How to build a lookup table with a condition?

I have a lookup of epoch times: epoch_time_lookup.csv Start Time End Time 1529737700 1529737800 1529737600 1...

by Path Finder in

Why is the query with 3 sub search returning several items?

Hello there ! This is my first post here  I've already read a lot of query/answer, try a lot of things, but .......

by Explorer in

How to show a true value for the If function?

Hello All i have the below query which is based on a ping request running on the back end. the data looks like this ...

by Communicator in

AND condition in Regex

I need solution for the following example, My String : {{My_pa{ss}word}} In this string I want to select only sta...

by New Member in

How can I split similar fields into multiple related events?

I have some events like this. Wifi AP and DEVICE connected to it. A one to many AP to DEVICE relationship exists A...

by Splunk Employee in

Spunk Search Query for Trimming and Grouping

Hi, I have a CSV named Results2018. It has fields Group, Server, Issue. The field Issue has information about CP...

by Contributor in

How to configure Splunk statistics table to display more than 100 rows?

Hi all, How to configure Splunk statistics table to display more than 100 rows? can this be achieved by editing a ...

by Communicator in

Does a saved search get a new sid each time it runs?

I'm trying to use the REST API to get the results of a search. I need to run a saved search daily and then extract th...

by Path Finder in

Confused with Trigger Conditions - Confused by Documentation

I am reading the documentation at the following page: http://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/AlertTr...

by Communicator in

| tstats to include data enrichment from a lookup

Hi, How can I use a tstats search, to match against a result and then OUTPUT additional content from the lookup wh...

by Path Finder in

Alternative of list(x)

Is there any alternative to list() function as it has limitation to return only 100 values? i have a multivalue list ...

by Engager in

If event X then event Y occurred Return no results, If just X occured return results

I am trying to perform a search to return only results that are "Broke". Broke means Event 7000 with a specific Messa...

by Explorer in

How can i use a field value from lookup file to set my earliest time for search dynamically ?

Hi, I have a PriorityEngines.csv lookup file like this - EngineName,TimePeriod Engine1,5 Engine2,10 Engine3,12 I h...

by Path Finder in

How to return events from a different time range dependent upon field value?

Completely new to Splunk, and hoping to find help with a search I'm using for a dashboard, but cannot get this workin...

by New Member in

adding multiple fields and value for fillnull

Following search is working perfectly fine. If field1 is Null it gets substitute by RandomString1 search | fillnul...

by Explorer in

Using streamstats to track currently active values

Given input like this: id, action, message 1, add, Adding this thing 2, add, Adding this other thing ...

by Contributor in

How do scheduled searches work?

General question about how scheduling searching behaves, we have a 3 node SH cluster and couple of indexers, and ...

by Path Finder in

OTHER option in timechart doesn't work

Hi Splunkers, I have search like this: index="myindex" host="myhost" | timechart span=1month latest(all_cnt) as "N...

by New Member in

How to join two searches?

Hi, I am trying to join two of my searches in splunk using a common field uniqueID but I am getting a error in Splunk...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

avg many fields

How to build a lookup table with a condition?

Why is the query with 3 sub search returning several items?

How to show a true value for the If function?

AND condition in Regex

How can I split similar fields into multiple related events?

Spunk Search Query for Trimming and Grouping

How to configure Splunk statistics table to display more than 100 rows?

Does a saved search get a new sid each time it runs?

Confused with Trigger Conditions - Confused by Documentation

| tstats to include data enrichment from a lookup

Alternative of list(x)

If event X then event Y occurred Return no results, If just X occured return results

How can i use a field value from lookup file to set my earliest time for search dynamically ?

How to return events from a different time range dependent upon field value?

adding multiple fields and value for fillnull

Using streamstats to track currently active values

How do scheduled searches work?

OTHER option in timechart doesn't work

How to join two searches?

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

Tips & Tricks When Using Ingest Actions

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...