Splunk Search

Ask a Question

Discussions

Thread Info

Geostats zoom-in on dashboard panel click

G'day, So I have a pretty standard geostats search populating a dashboard map index="locations" (incident_type_...

by Explorer in

how do I table common nested json keys that have uncommon parent json keys?

I have the following JSON event that I'm indexing in splunk: { "plugins": { "Redirection": { ...

by Path Finder in

How can I combine stats count by host into a single string to be used in an alert actions token?

I have a search that looks like index=foo value=bar | stats count by host Imagine you might get results like ...

by SplunkTrust in

Why can I not search in Smart Mode or Verbose Mode in a specific sourcetype?

Hi! I am trying to perform a very basic search to bring back results but the search appears to never finish when I...

by Path Finder in

Is there a way to remove the min outlier from the graph?

I have the following chart: now I can use outliers to remove the max outliers: ... | outlier action=remov...

by Motivator in

Why does the query only work in eval and not fieldformat?

Hi, I have this query. If I change fieldformat to eval the query works but if it is left as fieldformat the query ...

by Motivator in

Adding 2 searches together sounds easy

index=ABC source="ABC" ServiceName=ABC | stats distinct_count(CorrelationId) as TotalA | appendcols [search "T...

by Explorer in

How can I find an IP address that only requested a specific URL?

Trying to search web access logs to find instances where a specific IP only called a single URL, and no other URLs. T...

by Engager in

How can I count the number of field values not present?

I have a set of field values 101,102,103,104,105 Here are sample log events datetime, val=101 datetime, val=105...

by Explorer in

How do I split one event on my Splunk instance into multiple events?

I have several indexes in my Splunk Instance. One of these instances is merging some of my log events into a single e...

by New Member in

Why is my column chart not displaying any data even though it is setup correctly?

Here is my search query: index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/...

by Explorer in

How do I return all events whether they're in Lookup table or not?

I have the following search: index="foo" EventCode=* | lookup windows_signatures.csv signature_id AS EventCode OUT...

by Influencer in

How do I have a single Total column without adding it to the stacked chart?

I have created a nice stacked timechart that I would like to see the Totals of in the table under the chart. The addt...

by Engager in

How to search multiple virtual indexes with Splunk Analytics for Hadoop?

Hello, we currently have two virtual indexes with data in them retrieving data from Hadoop Distributed File System. W...

by Builder in

How can I join 2 tables to create a new table with the given conditions?

So this is what I want to do, and I don't know if Splunk can do this. This is the result for Table A Table A h...

by New Member in

how can i exclude the results of table B from table A ?

Here is my query: index="backup_script" conf_brand=ios OR conf_brand=nxos | rex field=conf_hostname "(?P^[^.]+)" ...

by New Member in

How to update the lookup table before the scheduled search runs so it gives all lookup entries?

I have scheduled search that periodically updates lookup table CSV file every 15 minutes. I updated this lookup with ...

by Explorer in

help with regex

I have the below sample data, and I want to extract everything after the service URL till maxd=60&mind=60 into a new ...

by Builder in

How to group the data by date and type, so each entry would count as 1, from SQL Datasource?

I have a date in my SQL database that I want to group the data by that date and Type. The Year/Month/Week/Day each en...

by New Member in

How to only display the top 3 hits from a values(field) command?

I have web logs for my website and am trying to construct a table that shows the top visitors based on country and re...

by Builder in

How to get statistics from few rows with the same task id?

Hi, I have few rows in 1 log: 2018-01-25 13:49:40,107 INFO [com.wss.service.agent.AgentServlet] (default task-...

by New Member in

Merge Lines Query based on ID

Hello, I would like to merge 2 lines which an ID is the unique Key. Ex Username Date ID ...

by Engager in

How do you add dummy events to a search result?

I'm currently producing a table from a search. There is some static data that needs to be added which is not in the i...

by Communicator in

i am unable to search the data with sourcetype name but i can search data by index name.

i am unable to search the data with sourcetype name but i can search data by index name.Please tell what can i do to ...

by New Member in

How to make a bar chart from stats and divide it according to a field?

I have counts of aging tickets which we have divided into different ranges .But I want to show it as chart which will...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Geostats zoom-in on dashboard panel click

how do I table common nested json keys that have uncommon parent json keys?

How can I combine stats count by host into a single string to be used in an alert actions token?

Why can I not search in Smart Mode or Verbose Mode in a specific sourcetype?

Is there a way to remove the min outlier from the graph?

Why does the query only work in eval and not fieldformat?

Adding 2 searches together sounds easy

How can I find an IP address that only requested a specific URL?

How can I count the number of field values not present?

How do I split one event on my Splunk instance into multiple events?

Why is my column chart not displaying any data even though it is setup correctly?

How do I return all events whether they're in Lookup table or not?

How do I have a single Total column without adding it to the stacked chart?

How to search multiple virtual indexes with Splunk Analytics for Hadoop?

How can I join 2 tables to create a new table with the given conditions?

how can i exclude the results of table B from table A ?

How to update the lookup table before the scheduled search runs so it gives all lookup entries?

help with regex

How to group the data by date and type, so each entry would count as 1, from SQL Datasource?

How to only display the top 3 hits from a values(field) command?

How to get statistics from few rows with the same task id?

Merge Lines Query based on ID

How do you add dummy events to a search result?

i am unable to search the data with sourcetype name but i can search data by index name.

How to make a bar chart from stats and divide it according to a field?

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions