Splunk Search

Ask a Question

Discussions

Thread Info

How to replace/remove a specific character?

Hi, I have the below output : "(|01/01/16|01/01/18|01/05/18|04/02/18|05/01/17|05/05/16|05/08/17|)" The desi...

by New Member in

What's wrong with this eval statement? Getting 'Error in 'eval' command: The expression is malformed. Expected ). ' Error.

This is the eval statement i am using along with case but getting error. eval total=case(critical>0 AND high>0,cri...

by Communicator in

Alternatives to Lookup

Everyone, The events on splunk for me have data in the following format : ticket_num,actual_start_time,finish_...

by Path Finder in

Configure timespan bucket

Hi guys, I have to configure the timespan to roll data to warm, cold and frozen. The question is: How can co...

by Explorer in

Send Drilldown Search to a New Window

I want to click on an entry in a table and see the record or records behind it in a new window. I found one question ...

by Motivator in

assigning datetime field from the input file

I have a file to index which has a date field ( currentdate) . How to configure the input regex so as to use this fie...

by Builder in

update eval token with first row of a dashboard table

I have two tables in a dashboard, The top one lists all the WAN links and the bottom one shows the detailed link util...

by Builder in

Is there a way to dedup then use a time picker?

I am trying to create a report that would tell me if an item that should be available within a certain timeframe (i.e...

by Explorer in

Timechart using an epoch timestamp in the row instead of _time

Hi, I'm using JSON extract on my rows. I want to use the value that is contained in "message.time" instead of _tim...

by Path Finder in

splunk eval case statement compare the case-sensitive value or case-insensitive

Hi Everyone, I have a very small conceptual doubt. Does the eval case do case insensitive compare or will it compa...

by Communicator in

Get 10 minutes before 1 minute

If I search, I can see the count value of each field for one minute, and also want to know the sum count value 10 min...

by New Member in

How to calculate the size of the events per field?

I have a query as follows index=abc sourcetype=def | stats count by field_A | eval mb=round(count/1024/1024,2) ...

by Builder in

How to create a field with varying lengths of field values?

I want to create a field which extract values, however I have some field values that I want to extract which contain ...

by New Member in

Why is the result number not matching?

Hi - I have a query where it results in total number of results of number of people logged into an application and I ...

by Explorer in

How to search and trigger an alert if we are not getting a record for some hosts from a given host list?

I have total 12 hosts which are coming through my sourcetype (input) and are below: UK1 App Server 1 UK1 App Serve...

by Explorer in

Using conditional sum after case statement

.....search | eval Type=case(like(publishId,"%U"),"unsubscribed",like(publishId,"%S"),"subscribed") | stats count by...

by New Member in

timechart ratio by model

Hi, below is my query index_ sourcetype=main | stats count(eval(level="Error")) as ERRORS count(eval(level="In...

by New Member in

Is there any way that I can calculate the byte size for each field value based on count?

I have a query as below field_A!="A" AND (field_B="abc" OR field_B="def" OR field_B="ghi" OR field_B="jkl" OR fie...

by Builder in

How can I show the difference in a string field from one day to another?

I have a powershell script that audits some files and creates an Windows application event log with the filepaths of ...

by New Member in

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

I have multiple searches in splunk which use the same lookup table. Is it possible I can check among all the searches...

by Path Finder in

Lookup - How to compare and remove events from the search?

I need to remove a list of servers from my search. This list changes once a month so I thought of using a lookup tabl...

by Path Finder in

Events older then 30 days

The following is a sample entry from a splunk index... lastOccurrence=2012-06-25 18:42:38.0|firstOccurrence=2012-0...

by Contributor in

What is the order that executes in query when I use both AND, OR in splunk query?

I have two different queries like below Query 1 :- field_1!="A" AND field_2="B" OR field_1!="A" AND field_2="C"...

by Builder in

How to extract the last underscore part of a field?

I have a value a_b_c. How do I extract the last '_' item. So in this case it'd be 'c'. The number of of underscores i...

by Communicator in

Can you cache report results and use them towards another search?

I need to be able to compare report results over the period of a time. The report itself takes minutes to run for a 1...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to replace/remove a specific character?

What's wrong with this eval statement? Getting 'Error in 'eval' command: The expression is malformed. Expected ). ' Error.

Alternatives to Lookup

Configure timespan bucket

Send Drilldown Search to a New Window

assigning datetime field from the input file

update eval token with first row of a dashboard table

Is there a way to dedup then use a time picker?

Timechart using an epoch timestamp in the row instead of _time

splunk eval case statement compare the case-sensitive value or case-insensitive

Get 10 minutes before 1 minute

How to calculate the size of the events per field?

How to create a field with varying lengths of field values?

Why is the result number not matching?

How to search and trigger an alert if we are not getting a record for some hosts from a given host list?

Using conditional sum after case statement

timechart ratio by model

Is there any way that I can calculate the byte size for each field value based on count?

How can I show the difference in a string field from one day to another?

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

Lookup - How to compare and remove events from the search?

Events older then 30 days

What is the order that executes in query when I use both AND, OR in splunk query?

How to extract the last underscore part of a field?

Can you cache report results and use them towards another search?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown