Splunk Search

Ask a Question

Discussions

Thread Info

How to limit X of Java exception from single event

index=myIndex sourcetype=myIndexSource java.lang.Exception In my log i can see 3 or more java.lang.Exception at p...

by New Member in

Can I write a search that contains the source of an event to identify the client that originated a proxy request? (With a common field)

Hello, I have a report that shows me network events - most of the events will have "source ip" coming from a prox...

by Path Finder in

Could you please anyone help me to write the time_format for bellow logs.

Hi Folks, could you please anyone help me to write the TIME_FORMAT , TIME_PREFIX and MAX_TIMESTAMP_LOOKAHEAD for b...

by Explorer in

Table command versus stats command for this search (for efficiency)?

My Query is as follows index=x source=y COMPLETED | stats values(process_key) as "Process Key", values(process_star...

by Explorer in

JSON Field Extraction names with curly brackets

Hello I'm currently searching over a collection of events that contains some JSON structure, when applying SPATH over...

by Explorer in

Compare two fields tables

I have one saved search which returns list of successful job runs e.g jobname A B C D I also have a lookup tab...

by Path Finder in

Combine a search and subsearch to create a table with all values

Hi guys, Quick question here: I have the following queries: Q1: Sub-Search for userID Q2: Main search, which pr...

by Explorer in

After using a JOIN i now have multiple lines, however this has affected my maths as before i have sumed up maths, now i have maths per line

Hi I use a JOIN and now i have multiple lines and not unique ones. It returned one line per unique Context+Command...

by Influencer in

Calculating a sum with conditions

Hi all! The case is that I want to calculate sum of purchase price of the applications where the application statu...

by Explorer in

how to sum consecutive success of sequential order of events fileds comes?

My fields contains " search | eval status=if(value>10,Success,failure) | table Name message status Name Message Statu...

by New Member in

Dynamic Search based on previous search output and if condition

Hello Splunk Community, Business requirements pushing my knowledge on Splunk so far... just wondering if Splunk qu...

by Path Finder in

Help with search to create a table

Hello folks, I am new to Splunk and need to get a report in CSV file or table. I like to see only URL and values of ...

by New Member in

Is it possible to use id and base in the same search in Simple XML?

Hello, Is there an available post-processing method to use a base search and produce a secondary search id? I'm pu...

by Explorer in

What is the best way to format _time when values become unreadable after transpose?

So I have to queries... First one gives me a normal time/date format which is human-readable i.e. (2017-10-05 15:2...

by Contributor in

Kind of inner join

Hello, Hopefully, you will understand what I mean...It was not clear how I could formulate a search to find some d...

by Explorer in

Convert a string with percentage sign to a number so it can be evaluated?

Hello, I have this query to alert me when percentage_q_full reaches greater than certain number eval alert=case...

by New Member in

Grouping by two fields, want to get distinct count of values in second field

Hi, I wrote the following Splunk query which returns a list of distinct USER_AGENTs for each SESSION_ID: index=...

by Path Finder in

join and compare the values in 2 different field which values are same from different

in my search contcxtid and sourceSession has the same vales but indexing in to different places how could i compare t...

by Path Finder in

What can be done when an indexer doesn't join the cluster?

We have a cluster of four nodes and one of them just crashed. We brought it up, but it hasn't joined the cluster. Rol...

by Ultra Champion in

Regex to filter security events does'nt work, need help

Hi Guys, We have UFs on our DCs and 2 indexers and on both indexers, to drop the unwanted text from events I t...

by Communicator in

How to list my splunk admin users list and last login details.

I have a about 250 Admin users and I would like to to know when was the last time each of them have logged in. Is the...

by New Member in

What is best approach to implement kv store to replace using lookups?

HI! I have two search heads in cluster and multiple lookups in Splunk but currently started facing issues of repli...

by Contributor in

Data Summary is not showing all host.

When I am on the Search Head and I go to data summary under Search and Reporting, it only shows 2 host but they come ...

by Explorer in

Getting count per day for a specific splunk query

I run index=hydra bu=dmg env="prod-*" ERROR everyday and record the count. I lost the statistics I had kept and would...

by Engager in

How to quickly count total events in an index?

Besides running "index=foo *" is there a way to quickly check the total number of events indexed in an index?

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to limit X of Java exception from single event

Can I write a search that contains the source of an event to identify the client that originated a proxy request? (With a common field)

Could you please anyone help me to write the time_format for bellow logs.

Table command versus stats command for this search (for efficiency)?

JSON Field Extraction names with curly brackets

Compare two fields tables

Combine a search and subsearch to create a table with all values

After using a JOIN i now have multiple lines, however this has affected my maths as before i have sumed up maths, now i have maths per line

Calculating a sum with conditions

how to sum consecutive success of sequential order of events fileds comes?

Dynamic Search based on previous search output and if condition

Help with search to create a table

Is it possible to use id and base in the same search in Simple XML?

What is the best way to format _time when values become unreadable after transpose?

Kind of inner join

Convert a string with percentage sign to a number so it can be evaluated?

Grouping by two fields, want to get distinct count of values in second field

join and compare the values in 2 different field which values are same from different

What can be done when an indexer doesn't join the cluster?

Regex to filter security events does'nt work, need help

How to list my splunk admin users list and last login details.

What is best approach to implement kv store to replace using lookups?

Data Summary is not showing all host.

Getting count per day for a specific splunk query

How to quickly count total events in an index?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions