Splunk Search

Discussions

Thread Info

How do you find the same field values but are in two different fields?

I am trying to run a search to find the same field values will give me some results. An example would be if I wanted ...

by Explorer in

Why is the Eval on an extracted field explodes number of scanned events?

Hello everyone, Here is a wierd case i just faced. In a props.conf file (on the search head), i extract some field...

by Engager in

realtime alert for each event when reaching x number in y mins

I am trying to configure a real time alert that will fire off one alert for each event found in a search. I want one ...

by New Member in

What is the best way to get regex sed to remove any words with numbers?

Trying to get ideas on the best efficient/simple rex mode=sed to replace any words with a number(s). Examples of ...

by Contributor in

How to create a table from nested JSON keys with different names?

Part of my json event looks like this: 1. "certificatecache":[ 2. {"type":"cacheSize","int32value":"10"}, 3. {"typ...

by New Member in

Grouping in the where clause

I'm needing to use multiple AND's and OR's in my where clause and the way I'm writing it is giving me inconsistent re...

by New Member in

How do I highlight just a line from the event?

I have a event as below, and I want to highlight the entire line "Message: Processing - UnAuthenticated User". Messag...

by New Member in

How to get the list of unique exceptions which are occurring only today but not in the past?

I am trying this command but looks like its displaying all the exceptions. please let me know how to get the exceptio...

by Explorer in

How to find the 3rd/Nth largest value from a field?

Is there a function such as max()/min() in Splunk, so that I can find the 3rd/Nth largest value from a field? For exa...

by Explorer in

ThruputProcessor: Do you require a chmod on the file to write the changes?

I'm not able to edit this file due to permissions; anyone know if you require a chmod on the file to write the change...

by New Member in

Adding splunk logback appender prevents application termination

I have the following logback configuration and I am using it in a simple java application that does nothing but loggi...

by Explorer in

question on eval and if in case of multiple validations

ex: if value1=1 and value2=2 then i should be able to eval value3 based on a comparison condition ( i.e value3>90,tes...

by Builder in

Splunk changelog for modifications in rex command

Hello, Is there a place, that ignore, where it is possible to read what has been changed between splunk releases f...

by Path Finder in

Why is the event break not working when there is a new line?

Sample data: { "sensorName": "test1" } { "sensorName": "test2" } { "sensorNa...

by Explorer in

How to apply the condition in multivalue event?

Splunk Experts, How to write the eval command to compare the Multivalue, Below is data, **Servicename** ...

by Explorer in

Optimize query with multiple subsearches

Hello, I have a query with multiple subsearches that is slower than I would like, so I am looking for ways to opti...

by New Member in

How to return a group by value with the highest number of items?

How do I modify the following query to return the name of the FRUIT with the highest count: index="myindex" URI="m...

by Path Finder in

How can I get the lag TIME using JOIN or Lookup using a "greater than" condition?

Hello, I am trying to calculate the lag TIME between producers and consumers on my kafka setup. I want two know ho...

by Engager in

rt_md realtime searches?

Hello, does anyone what generates realtime searches whose search_id starts with "rt_md"? I rarely run real time se...

by Explorer in

Can I merge few rows into 1 row depending on the value of a field?

Hi, I have a lookup file and I am using below query to show results in statistics table in my dashboard which is w...

by Communicator in

How to make another field as date field instead of _time?

I am doing a chart command on two fields as below index=main sourcetype=csv "Site "=* "Content "=* | chart count( ...

by Builder in

Need help with splunk-launch.conf

Hello fellow Splunkers! I'm SUPER NEW at using splunk and I have received the same error message. I was hoping thi...

by New Member in

How to differentiate events with Field values and group them by a different field?

Hello Everyone I have to differentiate few events with their field values. In my events I have a field called E...

by Path Finder in

How to calculate response time from logs?

I want to calculate response time from my logs for all records and our application logs in below format, 19-02-201...

by New Member in

How to create Splunk Regex to search for a field after n occurrences of comma?

I have been trying to create Splunk rex but it doesn't work for some reason and would need help in finding any word o...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you find the same field values but are in two different fields?

Why is the Eval on an extracted field explodes number of scanned events?

realtime alert for each event when reaching x number in y mins

What is the best way to get regex sed to remove any words with numbers?

How to create a table from nested JSON keys with different names?

Grouping in the where clause

How do I highlight just a line from the event?

How to get the list of unique exceptions which are occurring only today but not in the past?

How to find the 3rd/Nth largest value from a field?

ThruputProcessor: Do you require a chmod on the file to write the changes?

Adding splunk logback appender prevents application termination

question on eval and if in case of multiple validations

Splunk changelog for modifications in rex command

Why is the event break not working when there is a new line?

How to apply the condition in multivalue event?

Optimize query with multiple subsearches

How to return a group by value with the highest number of items?

How can I get the lag TIME using JOIN or Lookup using a "greater than" condition?

rt_md realtime searches?

Can I merge few rows into 1 row depending on the value of a field?

How to make another field as date field instead of _time?

Need help with splunk-launch.conf

How to differentiate events with Field values and group them by a different field?

How to calculate response time from logs?

How to create Splunk Regex to search for a field after n occurrences of comma?

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...