Splunk Search

Discussions

Thread Info

Real Time Searches

Any disadvantages if we are running real time searches and alerting using those, currently we are testing few functio...

by Path Finder in

fieldformat not working?

I'm using fieldformat (Splunk 5.0.5, search head in a cluster, if that matters) in order to change how the time is di...

by Communicator in

change lookup macth_type

Hi I have a list of words in a lookup table and i would like to return the events of a search that match any of th...

by Explorer in

Alt key to add NOT no longer works on fields in V6

We've just upgraded to V6, and one of the first things I've noticed is that you can't use the Alt-Click to add the NO...

by Communicator in

Conversion from string to date

I am having a field deliveryExpiry (String type) in my log and I want to compare whether the expiry is before the cur...

by New Member in

Creating a multivalue field from a result?

Hey everyone, So this feels like something I should be able to do with the standard search language, but I am fail...

by SplunkTrust in

searchmatch with macro expansion

Hello & merry xmas to all, I would like to create a macro-expansion using searchmatch (eval-command) such that the...

by Communicator in

Conflicting Event count in Search App based upon time range

I executed this search on my data, over two different time ranges: "malware" | timechart count The time ranges...

by Explorer in

Javascript or HTML5 in app setup pages?

Someone just asked me if it was possible to have something like a slider on the app setup page for entry of data. ...

by Builder in

Using lookup tables and searching it twice

We have a user lookup table that contains information such as username, email, and managername. I can do a lookup to ...

by Splunk Employee in

How to add percentage on statistic field?

Hello, My search: index=test sourcetype=traffic | stats sum(A) as A sum(B) as B sum(C) as C sum(D) as D | transpos...

by Contributor in

Subsearch results display in different columns with same field by differenet timerange

sourcetype=xxx earliest=-1d@d latest=-0d@d | stats count by host | append [search earliest=-2d@d latest=-1d@d | stats...

by Path Finder in

How to get index time in subseconds ?

Hi Splunkers, I want to know the index time lag in subsecond order by following command. index=main | eval inde...

by Contributor in

What is pulldown_type?

Hi! I would like to know what pulldown_type option (props.conf) affects in splunk. Are there any description in th...

by Communicator in

V6 free splash page display bug

Demonstrated below: Black text on dark grey background - totally useless from an accessibility perspective. What h...

by Motivator in

How do you 'Tag' based on a search?

I'm almost certian I used the wrong lingo but I'd like to essentially create a field based on search or regex, but I ...

by Communicator in

Getting top values from two fields

I have a index that contains both destination and source countries in each entry. I would like to get a list over top...

by Engager in

How to identify session from log based on request timestamp

Hi Guys, My log message looks like below, Time message 10:00 AM “log message 1” 10:10 AM “log message 2” 10:20 A...

by New Member in

Formatting the digits

Hi! I would like to do something similar to sprintf of perl. Which would be like, sprintf("%02d) put a 0 ...

by Communicator in

Inhibiting alerts from saved searches that had search errors

Is there a way to inhibit alerts from saved searches that had errors? Saved searches will sometimes fail with errors ...

by Path Finder in

Display results only above a certain number

Hi all, I am having trouble displaying search results when I specify that the returned results must be greater tha...

by New Member in

Predict: Can I show only the predicted events in the future?

I like the predict clause, but how can I show only the prediction of the 'future'. For example: index=prd_stats ea...

by Path Finder in

How to get the Source from one query and search specific variable in that source??

Hi, I have a sourcetype = ALLXMLDATA, where I have added multiple XML files as data inputs such XMLfile1, XMLfile2...

by Builder in

How do I get the value of one field if the value of another field matches?

Hi, I have 2 data logs "datasource1" and "datasource2", under same sourcetype name="DATALOGS", for e.g. datasou...

by Builder in

Get the output in double quotes.

Hi, I have written a search query which shows a specific value from the datalog. what i want is to show the reult ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Real Time Searches

fieldformat not working?

change lookup macth_type

Alt key to add NOT no longer works on fields in V6

Conversion from string to date

Creating a multivalue field from a result?

searchmatch with macro expansion

Conflicting Event count in Search App based upon time range

Javascript or HTML5 in app setup pages?

Using lookup tables and searching it twice

How to add percentage on statistic field?

Subsearch results display in different columns with same field by differenet timerange

How to get index time in subseconds ?

What is pulldown_type?

V6 free splash page display bug

How do you 'Tag' based on a search?

Getting top values from two fields

How to identify session from log based on request timestamp

Formatting the digits

Inhibiting alerts from saved searches that had search errors

Display results only above a certain number

Predict: Can I show only the predicted events in the future?

How to get the Source from one query and search specific variable in that source??

How do I get the value of one field if the value of another field matches?

Get the output in double quotes.

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...