Splunk Search

Discussions

Thread Info

How to timewrap for today Format

Hi Splunk Experts,The timewrap command is using d(24 hr) format, but I'm wondering is it possible to make it Today fo...

by Communicator in

How to extract Json Object Property to Create Table?

I have event Logs Similar to this. {Level: Information MessageTemplate: Received Post Method for activity: {Ac...

by New Member in

How to display the 1st 10 lines in events

Hi, I have Error logs which is having more than 50 lines but requirement is to be displayed for 1st 10 lines instea...

by New Member in

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Hello all, We have a Splunk alert that searches for high temperature events on Juniper routers, it's a very straigh...

by Explorer in

Why won't my dataset literals parse?

In the documentation on dataset literals there is an example query: FROM [ { state: "Washington", abbreviation...

by Explorer in

Extract OS using Regex

Hi, i have lookup which list out all red hat linux. for example, in my lookup have red hat 7, red hat 8 and so on.i n...

by Path Finder in

what are the benefits vs drawback in :: and =

whats the difference between :: and = in splunk search. what are the benefits vs drawbacks

by New Member in

Select the right index based on value in Dropdown

I have a dropdown with two values PROD and TEST. Based on my selection in my panels in the dashboard I have to choose...

by Engager in

change events only

I have events with the following keys: key1, key2 & key3. I would like to get the change events i.e. events that t...

by Loves-to-Learn Everything in

Excluding either the start or end of a transaction when parsing result with rex command

I'm using the rex command to parse a value out of the results of a transaction command. Is there an easy way to restr...

by Path Finder in

Need custom time for PDF schedule report

Dashboard xml:I am using this dashboard to Schedule PDF report, and all panels are showing data for 7 days.I need to...

by Path Finder in

Regex that matches all characters including newline

What's the simplest regex that will match any character including newline? I want to be able to match all unknown con...

by Path Finder in

Timechart of events per month

What is the fastest way to run a query to get an event count on a timechart per host? This is for windows events and ...

by Explorer in

How to compare event data with lookup data to find missing field values?

I need to compare the 2 fields from the Splunk data with the fields from the lookup and find the missing values from ...

by Explorer in

Splunk App for Anomaly Detection - "Could not load lookup=LOOKUP-HTTP_STATUS No matching fields exist."

In Step 2 "Add the Dataset" of "Create Anomaly Job" within the Splunk App for Anomaly Detection, when running the fol...

by Motivator in

How to subtract total values of 2 fields in a dashboard?

Hi there, I have a dashboard and I want to subtract the total number of events of 2 queries but not sure how to do...

by Path Finder in

Lookup and setting default values using a variable if an entry is not found in the lookup table

I have the following Query: index=obh_prod sourcetype=obh:edge:api proxy!="ow*" |lookup blink_six_providers Provide...

by Engager in

How to index data from zigbee2mqtt?

can't figure out how to indexing my data from zigbee2mgtt. The logs are exported from Home assistance via syslog, as...

by Observer in

What's best way to count calls from main search excluding sub search results?

Greetings. I'm trying to count all calls in this:index="my_data" resourceId="sip*" "CONNECTED"Where not in this:in...

by Path Finder in

How to find field value, based on where condition, and assign to variable?

Good Morning! I rarely get to dabble in SPL, and as such, some (probably simple) things stump me. That is what bro...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to timewrap for today Format

How to extract Json Object Property to Create Table?

How to display the 1st 10 lines in events

Search to match high temp events, but ignore specific events on host that trigger within 25 seconds of each other

Why won't my dataset literals parse?

Extract OS using Regex

what are the benefits vs drawback in :: and =

Select the right index based on value in Dropdown

change events only

Excluding either the start or end of a transaction when parsing result with rex command

Need custom time for PDF schedule report

Regex that matches all characters including newline

Timechart of events per month

How to compare event data with lookup data to find missing field values?

Splunk App for Anomaly Detection - "Could not load lookup=LOOKUP-HTTP_STATUS No matching fields exist."

How to subtract total values of 2 fields in a dashboard?

Lookup and setting default values using a variable if an entry is not found in the lookup table

How to index data from zigbee2mqtt?

What's best way to count calls from main search excluding sub search results?

How to find field value, based on where condition, and assign to variable?

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

How to timewrap for today Format

Need custom time for PDF schedule report

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...