Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Calling different sourcetype stanza's in search-time field extraction defined in props.conf

Hi! I would like to get help if following configuration is possible or not. I already have 1000 of events as so...

by Communicator in

How to modify Windows Servers syslogs on indexer from a multiline format to a single line format before forwarding events to a third party system?

Hello, We have about 900 Windows servers which are being indexed by our single splunk enterprise instance. We are ...

by Path Finder in

Calculate time between events - query taking a long time

Here is my query: index=something st=something (EventID=9999 OR EventID=9998 OR EventID=9997 OR EventID=9996) | tr...

by Engager in

How to tag different values for the same field?

Hi, I have a search and if within an event, I have two values that I want to tag to the same field, what will be ...

by Path Finder in

Accumulated sum with a dc value.

Hi all, I have the following basic search - and I'm having trouble getting monthly accumulated plot of paths chang...

by Path Finder in

Where clause with eval and stats

Hi All. I want to calculate percent of Total revenue in Rural and Urban areas. The columns i have are Total_Revenue a...

by Contributor in

Is this what a full outer join looks like in Splunk ?

Hi, I am trying to do a full outer join on banklog and creditunionlog such that I can find the timestamp differen...

by Builder in

Join Two source based on content of fields present in other fields

Hi, I have BIG URGENT CASE here, and I'll appreciate your great help. Here it is, I need this type of (SQL) query ...

by Explorer in

splunk dropdown reset or on populating restore to the default value?

Dear All, im creating a dynamic splunk dropdown box . in the first populating the default value are selected. when...

by Explorer in

how to restrict where condition.?

Hi All. I have a scenario where, the where clause is used to filter and other side the same where clause should no...

by Contributor in

two where clause?

Hi All. I want to calculate churned customers from two placements (churn=0 means churned,1 as unchurned) and place...

by Contributor in

how do I get the max from each column

With a search like ....| eval Field3=Field1+Field3 I have data as follows(in the stats tab): _time Field1 Fi...

by Motivator in

show last week values Mon-Sun and NOT Sun-Sat using earliest and latest

How do I use earliest and latest to show last week Mon - Sun inclusive. I have tried this earliest=-1w@w latest = ...

by Motivator in

Combine of two different queries for single output (Aruba with Splunk)

Hi Team we have two queries as mentioned below: eventtype=cppm-fail-authentication cphost=* -->This gives me the l...

by New Member in

Sort by DataStore

Hello I have some data that I'd like to make a bar graph by each datastore. Can anyone help? Data below. {"dataSto...

by New Member in

Combine inputcsv and search to create a gauge

I am trying to create a gauge where the green, yellow, red are dynamically adjusted using average and percentages for...

by Builder in

How to cut off the worldmap for geostats?

Hi, is it possible to cut off the worldmap in the geostats visualization, so that scrolling left or right is not p...

by Motivator in

where clause with a variable

Hi. I need to get sum of totalrevenue where churn=1. I am able to get the count of churn whose churn=1 and total c...

by Contributor in

How do I create a token from a hidden search in SimpleXML

I want to have a hidden search in my simple XML dashboard <search id="base"> <query>index=_internal | stats cou...

by Path Finder in

Using the results of a query , and search it in a lookup table

I have a query which looks at FTP attacks, and the resulting field is called "IP", now i want to search the results f...

by New Member in

Splunk Search

Discussions

Calling different sourcetype stanza's in search-time field extraction defined in props.conf

How to modify Windows Servers syslogs on indexer from a multiline format to a single line format before forwarding events to a third party system?

Calculate time between events - query taking a long time

How to tag different values for the same field?

Accumulated sum with a dc value.

Where clause with eval and stats

Is this what a full outer join looks like in Splunk ?

Join Two source based on content of fields present in other fields

splunk dropdown reset or on populating restore to the default value?

how to restrict where condition.?

two where clause?

how do I get the max from each column

show last week values Mon-Sun and NOT Sun-Sat using earliest and latest

Combine of two different queries for single output (Aruba with Splunk)

Sort by DataStore

Combine inputcsv and search to create a gauge

How to cut off the worldmap for geostats?

where clause with a variable

How do I create a token from a hidden search in SimpleXML

Using the results of a query , and search it in a lookup table

Excluding Events Based Off CSV Lookup

splunk predict period limit 2000 ??

Splunk Add-on for microsoft cloud services not get...

Scheduling the training set in MLTK

Automatic Lookup local=true