Splunk Search

Discussions

Thread Info

Join two lines in the same search

Hi all, I'm currently monitoring log files. I have exctrated 2 fields end_collection_timestamp & starting_collec...

by Path Finder in

How to join a lookup value for comparison?

The query below works, but i need to add a lookup value 'interval' to compare against the 'hours since last seen' val...

by Path Finder in

Requesting Assistance Writing a Search Request

I am writing a search which I intend to use to create an alert from. I keep getting "No Results" from this search unl...

by Path Finder in

Getting full result in join/append

I have a index, where i store values of items and their count (pulled from SQL DB). I run a search to return me items...

by Explorer in

External Python Lookup not working with Splunk 8.0 with Python 3

Hi, I have setup Splunk v8.0 in a separate VM and configured it to run strictly Python 3. Both my environments (S...

by Engager in

Splunk searching nested json

Hello I use automatic translation because I am not good at English. sorry. I took NVD 's CVE list (Json Feed) into...

by Explorer in

Multistep transaction using stats

Hi, I have following stats table key EventCode timestamp 5q9ptD2QRZGkIrv1hPD3Mg customerCreditTransferInitiationComp...

by New Member in

Can I count lines in table cell?

Hi, I have a search to show the number of times an IP address was trying to reach some Customer IDs. How can I c...

by Path Finder in

count of a field, and then sort by day

Im looking to count by a field and that works with first part of syntex , then sort it by date. both work independant...

by Engager in

How to merge two different queries with the same columns together?

Hi, I have different queries: Query 1: |inputlookup myLokkup | eval count=0 | table myField, count For Example...

by Path Finder in

Help to extract fields from the URL

I need to extract "internal-blue-ocf" as namespace and "stress-b.aps.gc1-b.lle.ocf.xxx.com" as service using rex from...

by Explorer in

Date type issue on extracted fields

Hi all, I have two date fields extracted (with regex) from log files. starting_collection_timestamp = Thu Oct...

by Path Finder in

Splunk TA for Citrix NetScaler

Hello All, I installed the Splunk Add-on for Citrix NetScaler https://splunkbase.splunk.com/app/2770/ And I...

by Contributor in

Question on multiple condition value for Cell drilldown

Hi, I have a panel in dashboard in table format. Example Table format as below : Signs Count Sigma 20 Board 30...

by Explorer in

Combine 2 lookup files and search query

Hi, I want to create a "table" with different rows on every column. For example: Column A | Column B | Column C a1...

by Path Finder in

How to get the most recent event with specific fields by "dedup" command in indexer cluster condition?

Our purpose is to get the most recent event with specific fields by "dedup" command in indexer cluster We have re...

by Explorer in

change date format

HI, I am receiving data from Solarwinds Server and it is in following format November 27, 2019 8:34 AM I need to conv...

by Explorer in

Can you help me figure out what I'm doing wrong with my Base Collectd Configuration for a lab?

All, I am not able to get collectD metrics to appear on my Splunk stand alone instance. I am setting up Colle...

by Builder in

How to get data from two or more data models in Splunk through a search?

Hi, Can anyone tell how I can get data from two or more data models in Splunk through a Splunk search? Like I want...

by Explorer in

timechart Index Time vs Raw Log's Time

Hi, This search string have helped us a lot during investigation. It paints a timechart / graphicall representatio...

by Builder in

How to convert similar rows to adjacent column

index= abc source=xyz|table JOBS,DAY,COUNT,START,END This is my current search which returns me result as: JO...

by Explorer in

Join result of two queries with common field ?

Hi, I have a use case where i need to join result of two septate logs on the basis of common field(breadcrumbId). ...

by New Member in

How to calculate duration between two events and plot this on a bar chart?

HI All, I am hoping one of you can help me figure out how to calculate time duration between the below sample even...

by Path Finder in

Sort the output of chart command

I am trying to plot chart by ObjectName , Date by Duration. And wanted to sort them by Date desc and Duration desc. I...

by Explorer in

Help counting, the field, pageName, when I'm trying to count two or more specific values.

Using Splunk Cloud - 7.0.11 My goal is to create a search and generate a table that I can use with MLTK. I'm searchin...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Join two lines in the same search

How to join a lookup value for comparison?

Requesting Assistance Writing a Search Request

Getting full result in join/append

External Python Lookup not working with Splunk 8.0 with Python 3

Splunk searching nested json

Multistep transaction using stats

Can I count lines in table cell?

count of a field, and then sort by day

How to merge two different queries with the same columns together?

Help to extract fields from the URL

Date type issue on extracted fields

Splunk TA for Citrix NetScaler

Question on multiple condition value for Cell drilldown

Combine 2 lookup files and search query

How to get the most recent event with specific fields by "dedup" command in indexer cluster condition?

change date format

Can you help me figure out what I'm doing wrong with my Base Collectd Configuration for a lab?

How to get data from two or more data models in Splunk through a search?

timechart Index Time vs Raw Log's Time

How to convert similar rows to adjacent column

Join result of two queries with common field ?

How to calculate duration between two events and plot this on a bar chart?

Sort the output of chart command

Help counting, the field, pageName, when I'm trying to count two or more specific values.

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown