Splunk Search

Ask a Question

Discussions

Thread Info

Search Marcos

Hello, i have two fields Vers0 and Vers1 given in hexadecimal. They encode the Software-Version, in the Form: ...

by Explorer in

Raw Logs

Hi , How do I fetch the raw logs for the source type :wms_oracle_sessions? Query: index=main sourcetype=wms_ora...

by Path Finder in

Finding the ratio between fields in different events

I have the a search (picture below) which is calculating the open option interest on several ticker symbols. I was ...

by Engager in

Extracting names from fields

Hi, I am trying to extract name of the individuals from the field that I have in the data. For example from the da...

by Explorer in

Eval field based on similar events or single event

i have a case where i need to determine if a row has been repeated multiple times or not . it may have 4 common va...

by Builder in

How to get latest time from an index's subsearch

When i run this query it seems to run just fine as an adhoc search but when i schedule it, it throws the following er...

by Communicator in

Assigning a field value to "Earliest" "Latest" time modifiers

Hello, I am interested in making the results of one index search (in particular the values of fields early and late) ...

by Explorer in

How to group by field and calculate Error rate ?

Hello, I'm trying to determine the Error rate for individual servicename . I'm having trouble while performing grou...

by Explorer in

Combined Linux Searches

Hello , Im trying to run a audit search for high priority linux servers - should have the following in the search ...

by New Member in

Failed to parse a JSON string

Hi I get data from an CSV file and one of the filed imported is a JSON string called "Tags" which looks like th...

by Engager in

JIRA add-on not ingesting historical data

Hi, I am using jira add-on available in splunk base app-1438 to ingest events from JIRA cloud instance to splunk . ...

by New Member in

combine two evals in to a single case statement

I have 1600+ storage arrays and they are from multiple vendors, each with different thin provisioning levels. I curre...

by Path Finder in

How to create a lookup table

I'm new to Splunk and was wondering how to do a lookup table. So what i'm trying to get is something like a lookup o...

by Explorer in

rex help

Hello, index=myindex| spath "Rules{}" output=rules |mvexpand rules | table device ip rules Now my rules has data ...

by Communicator in

rex help

I am using a query below which gives me rules field index=myindex| spath "Rules{}" output=rules |mvexpand rules | t...

by Communicator in

How to create a report that appends the data of every past month in the excel before sending

Hi, I want to create a report through splunk that will send out an email consisting data of each months stats by au...

by Communicator in

Timechart on a rate calculated by 2 sourcetype (monthly)

Hi all, I have a problem creating a time chart based on calculations of 2 values from different source-type. Let me...

by Observer in

How to use lookup function for fuzzy matching

Sorry, my English is not very good. I extracted a field named "user-agent", I also have a CSV file, the specific c...

by Communicator in

Using single column Holiday table how do I determine whether today is a holiday?

I have a lookup CSV table that lists dates of holidays in a single column. HolidayTable.csv: HDate1/1/2020..........

by Communicator in

Comparing with NULL

Do I understand correctly that NULL is neither equal (==) nor not equal (!=) to any value? I know about isnull() func...

by Communicator in

Timechart filldown

I have a dashboard search which ends with a timechart like this | eval VUser=if(isnotnull(Stop_time),0,VUse...

by Path Finder in

How to compare list with lookup?

Hi all, I'm trying to compare list of apps by server with a list of apps in lookup to find if its installed or not. I...

by Path Finder in

Percentile 25 and Percentile 75 provides different result while using streamstats and stats

Hello, I have 3 values 15,26,18. Now assume my 18 is my latest value and i want to find p25 and p75 including the l...

by Path Finder in

Renaming the 'range' field from rangemap

I have a search that reads a value 0-10. I use a rangemap command to insert custom icons in toa table based on the wh...

by Communicator in

Sniffing Ports Up/Down -- IFconfig?

Looking for a way to monitor sniffing ports on a sensor. Each port is tied to a different part of the system and wou...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search Marcos

Raw Logs

Finding the ratio between fields in different events

Extracting names from fields

Eval field based on similar events or single event

How to get latest time from an index's subsearch

Assigning a field value to "Earliest" "Latest" time modifiers

How to group by field and calculate Error rate ?

Combined Linux Searches

Failed to parse a JSON string

JIRA add-on not ingesting historical data

combine two evals in to a single case statement

How to create a lookup table

rex help

rex help

How to create a report that appends the data of every past month in the excel before sending

Timechart on a rate calculated by 2 sourcetype (monthly)

How to use lookup function for fuzzy matching

Using single column Holiday table how do I determine whether today is a holiday?

Comparing with NULL

Timechart filldown

How to compare list with lookup?

Percentile 25 and Percentile 75 provides different result while using streamstats and stats

Renaming the 'range' field from rangemap

Sniffing Ports Up/Down -- IFconfig?

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to get alert result through API?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas