Splunk Search

Discussions

Thread Info

Removing duplicates from 2 multivalue field (leaving distinct values only)

I have 2 multivalue fields (old and new) containing group lists for 1 or more users. The new values is the list of gr...

by Engager in

Using wildcard in mvfind

Hi All,I am facing error using wildcard in multivalue field. I am using mvfind to find a string. eval t...

by Communicator in

tuning the query

Hi Team,I am using a query which has same index and source but fetch two results based on the search and combine to a...

by Communicator in

Expand json string into searchable fields

HiKinda a new to splunk . Sending data to splunk via HEC. Its a DTO which contains various fields, one of them being ...

by Observer in

Monthly AV compliance report expert query

Dear All, Scenario--> 1AV server is having multiple endpoint reporting to it. This AV server integrated with Splunk...

by Path Finder in

How to get fields into a bar chart?

I have a search as follows: index=*|search sourcetype=*|spath logs{} output=logs|spath serial_number output=serial_...

by Path Finder in

HF multiple UDP port listening | Best practices

Hello Splunkers,I have a Splunk HF that will receive multiple logs coming from different machines, all sending via UD...

by Contributor in

merge rows to one row if matches the result value by VM ( little complex situation)

I have a Splunk result like below. VMcol1col2vm1carsedanvm2carsedanvm3planePrivvm4bikeFazervm5bikethunder I w...

by Path Finder in

Adding two indexes to one search again

index=jedi domain="jedi.lightside.com" (master!="yoda" AND master!="mace" AND master="Jinn") | table saber_color, Jna...

by Engager in

Query - How to check failed % > X

Hi, I need help in a splunk search. My requirement is get the stats for failed and successful count along with the pe...

by Path Finder in

transform XML with same node name and add field names

Hi, I have Windows Event for specific application that have payload in Windows Event Log, when using Splunk_TA_win...

by Communicator in

comparing two searches and calculate the differences

Hi There! I would like to find the values of host that were in macro 1 but not in macro 2search 1 `mac...

by Contributor in

How To Write a Search query for the Timestamp field which is different from _time value

Hi All, Need a help to write a query based on the field "Timestamp" which is different from "_time" value. Sample...

by Contributor in

How to remove empty fields?

by Contributor in

How to parse a path request string in json format?

Hi all, For this sort of json string, how can I extract KeyA, KeyB, KeyC? { "KeyA": [ { "path": "/attibuteA", "o...

by Explorer in

Expand multivalue field into individual fields WITHOUT mvexpand

I have a multivalue field, which I would like to expand to individual fields, like so: | makeresults count=...

by Path Finder in

Seeking Advice: Crafting a Splunk Query for Identifying Dormant Systems from Windows Event Logs (EventCode=4624)

I'm currently working on crafting a Splunk Query to identify systems that have been inactive for a specified duration...

by Loves-to-Learn Lots in

How to find events between time ranges for a service now integrated with Splunk

Hi I am trying to see for a ticket that is not assigned to an analyst for the last 15 mins from the time of arrival...

by Explorer in

Searching Nested JSON Data

Hello Splunkers, I am New to Splunk and am trying to figure out how to parse nested JSON data spit out by an end-of...

by Path Finder in

How to extract json with filter

I have a data like this. { env: prod host: prod01 name: appName info: { data: [ ... ] indicat...

by Explorer in

OR function

Hi guys, I started today with Splunk and have one question. I want to use an or function that if the seco...

by Engager in

How to extract particular matching string value in Splunk

I want to extract only the process name value from the logs and store in a table: Input Log:-------------<30>1 2023...

by Engager in

Multi source with one index

Hi All, I need some help in searching, I have 1 index but it has multiple sources, Index = Index1 Source = sour...

by Communicator in

How do I limit a search to everything except the top 1

How do I grab all of the versions of Splunk EXCEPT the top 1, basically the opposite of index=winconfig sourcetype=...

by Engager in

Field extraction from one multivalued event

Hi experts, I want to extract below fields in separate separate event to further work on it . INFO 2023-12-11 17:...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Removing duplicates from 2 multivalue field (leaving distinct values only)

Using wildcard in mvfind

tuning the query

Expand json string into searchable fields

Monthly AV compliance report expert query

How to get fields into a bar chart?

HF multiple UDP port listening | Best practices

merge rows to one row if matches the result value by VM ( little complex situation)

Adding two indexes to one search again

Query - How to check failed % > X

transform XML with same node name and add field names

comparing two searches and calculate the differences

How To Write a Search query for the Timestamp field which is different from _time value

How to remove empty fields?

How to parse a path request string in json format?

Expand multivalue field into individual fields WITHOUT mvexpand

Seeking Advice: Crafting a Splunk Query for Identifying Dormant Systems from Windows Event Logs (EventCode=4624)

How to find events between time ranges for a service now integrated with Splunk

Searching Nested JSON Data

How to extract json with filter

OR function

How to extract particular matching string value in Splunk

Multi source with one index

How do I limit a search to everything except the top 1

Field extraction from one multivalued event

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions