Splunk Search

Ask a Question

Discussions

Thread Info

stats count when a given when A > some value AND B > some value

Hi Everyone, Hope everyone is alright. I have the below base search. I am trying to built an alert index=i...

by Communicator in

Obtain key with the largest number of objects from array in JSON

Good day everyone Someone here will have had experience obtaining values from a JSON.. Currently I have _raws in JS...

by Explorer in

Does Transaction work with append [ ... ] ?

I have a working query that uses Transaction to find the Starting / Ending log event. I am trying to make some cha...

by Contributor in

How to visualize data using the time field from the raw data, as opposed to the Timestamp?

Hello, I am a beginner with Splunk. I am experimenting with a csv dataset containing the daily average temperature fo...

by Explorer in

How to Remove Outliers - values greater than 90 percentile

Looking help to remove outliers (values greater than 90 percentile responses). For Ex: Response Time --------...

by Explorer in

how to reduce multiple results into one based on the earliest time

Hi there: I have the following query: source=accountCalc type=acct.change msg="consumed" event_id="*" process_id=...

by Path Finder in

Filter events in a time frame by a condition

I have the query to find the response code and count vs time (in 1 minute time interval) as below. index=sa...

by Explorer in

Classify into a group

Example logs 2022-08-19 08:10:53.0593|**Starting** 2022-08-19 08:10:53.5905|fff 2022-08-19 08:10:53.6061|dd 2...

by Path Finder in

How to create multiple events with different values using makeresults

Hi there: I have the following makeresults query: | makeresults count=3| eval source="abc"| eval msg="consumed"| ...

by Path Finder in

Calculate any Server network throughput from Cisco ASA logs.

I can see logs from Cisco ASA firewall to Splunk and we are getting logs when a connection close. It have the total d...

by New Member in

Lookup against an Array

I'm trying to run a lookup against a list of values in an array. I have a CSV which look as follows: idxy123DataDa...

by Explorer in

Calculating duration of several events in a row with the same field value

I'm having some trouble coming up with the SPL for the following situation: I have some series of events with a tim...

by Engager in

How do I extract multiple values for a field in the same event using field extractions?

Hello, I have the following event (all lines belong to the same event): A Tue Oct 30 13:54:12:863 2018 A ** RA...

by Builder in

Extract and count IDs from a table

Hi!  I have a fallowing table: SESSION_IDSUBMITTED_FROMSTAGE1 submit1startPagesomeStage12 submit2page1someStag...

by Explorer in

Search peers / Replication status / Initial

I'm trying to setup a distributed search. I have successfully added my search peers to the search head already. Th...

by Explorer in

Compare two timestamps

Hello, We are implenting splunk in our environment and right now i import every 7 days our vulnerability scan to ...

by Explorer in

extracting texts from a field

Hello there: I have the following two events: Event #1 source=foo1 eventid=abc message="some message dfsdf...

by Path Finder in

converting this search to hours instead of days

Hi im trying to convert this search to show totals in hours instead of days/dates can anyone help me please? index=...

by Explorer in

How can I find an event count of event that are less than a p95 duration?

I need to identify the count of events that have a duration that is less than the p95 value. Sample search index=...

by Path Finder in

Working with OpenTelemetry Cumulative Histogram Bucket with Calculations

Hi, I am new to Splunk and couldn't figure out how to work with OpenTelemetry's histogram bucket in Splunk. I have...

by Loves-to-Learn in

MLTK import error- Does anyone have suggestions?

initially MLTK was working fine but now I started getting this error "Error in 'fit' command: (ImportError) DLL load ...

by Path Finder in

how to join 2 lookup files to combine all the rows.

how to join 2 lookup files to combine all the rows. I used this query but not giving proper values and used join/appe...

by Path Finder in

Splunk Search results limit 4999

Hello, Currently, I am using the append command to combine two queries and tabulate the results, but I see only 49...

by Communicator in

search query

Hi there: I have two events shown below: Event #1 source=foo1 eventid=abcd Event #2 source=foo2 event_i...

by Path Finder in

Better PDF report visualization

Hello, i am reaching out to ask if there is any way to make the chart that was generated with the scheduled PDF repor...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

stats count when a given when A > some value AND B > some value

Obtain key with the largest number of objects from array in JSON

Does Transaction work with append [ ... ] ?

How to visualize data using the time field from the raw data, as opposed to the Timestamp?

How to Remove Outliers - values greater than 90 percentile

how to reduce multiple results into one based on the earliest time

Filter events in a time frame by a condition

Classify into a group

How to create multiple events with different values using makeresults

Calculate any Server network throughput from Cisco ASA logs.

Lookup against an Array

Calculating duration of several events in a row with the same field value

How do I extract multiple values for a field in the same event using field extractions?

Extract and count IDs from a table

Search peers / Replication status / Initial

Compare two timestamps

extracting texts from a field

converting this search to hours instead of days

How can I find an event count of event that are less than a p95 duration?

Working with OpenTelemetry Cumulative Histogram Bucket with Calculations

MLTK import error- Does anyone have suggestions?

how to join 2 lookup files to combine all the rows.

Splunk Search results limit 4999

search query

Better PDF report visualization

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions