Splunk Search

Discussions

Thread Info

stats min(count) not 0 if value never occurs

If I have the following query foo | timechart span=60s count | stats min(count) as minCntFoo but foo never ...

by Path Finder in

How do I do a stats count for 2 diffrent interesting fields?

am in a situation, I have 2 Interesting Fields Field1 has A,B values and Field2 has again A,B values I just want to g...

by Path Finder in

How do I place two time values from two seperate logs as distinct variables per field name that they share?

Let's say I have a search query that pulls up multiple logs and there are two logs for each JOBNAME. one that contain...

by Explorer in

Regex to match string followed by varying formats (multi-line event)

I am working with data from a database which produces information on transactions. The problem is that transaction...

by Communicator in

Splunk search help: formatting a field

Can somebody help me with a Splunk query to format the below MESSAGE field value MESSAGE=ABC-STATUS-COUNT={\"fals...

by New Member in

Are the job id and search id the same thing? What are the differences?

please expalin clearly, as per my understanding both are different. if both are same then expalin.

by New Member in

How to index geolocation data from MaxMind?

I am new to Splunk and I have been asked to bring IP info in for geolocation from MAXMIND. How is this accomplished? ...

by Path Finder in

How can I get the job id from Splunk?

I need job id from Splunk. How to get the job id from Splunk? I execute the curl command but I didn't get the Job id ...

by New Member in

How to include a duration that started out of time range of the search into stats/timechart command?

I have a dataset like below: Ticket#| StartDate | EndDate In my search, I am more into EndDate of the tickets as ...

by Contributor in

Get a time range from subsearch to adjust main search time range

Hi I captured an event, I want to do a search which the time range is based on the previous captured event time. For...

by Communicator in

Merge Data from two indexes without using Join

Hello, I know there are many answers on this topic, but I can't seem to find any answer that is working for me. I ...

by Path Finder in

Duplicate values causing conflict

Hi Splunkers, below form (dynamic dropdown) creates "Duplicate values causing conflict" Any ideas? <form> <l...

by Explorer in

Calculate time difference between events for distinct users in transaction log

Hi We are hitting a wall here... we would like to show events where a user does more than x actions within a smal...

by Splunk Employee in

How can I set a 5-minute +/- range for a list of timestamps without doing each search manually?

Hi Guys I have a list of timestamp that some events happened, I want to search in each time is there any related e...

by Communicator in

What is a splunk search in "zombie" state? What does this mean?

Sometimes when I review splunk logs or job inspector I see that I have searches in zombie state. What does this mean?

by Splunk Employee in

How can I combine 2 search strings onto 1 dashboard?

I have 2 search strings that I am trying to combine to put on one dashboard. sourcetype=snmp_ta host=* | eval fuel...

by New Member in

Can I use Eval to correlate two serial logs that have specific fields?

Not sure if that titled made sense but hopefully I can explain it better here: I am receiving sFTP logs from a hos...

by Engager in

Joining two sets of data by common field (numeric userID)

We have two data sets in the same index returned by an AppMon tool that we are looking to stitch together in Splunk a...

by Engager in

How to write a search to exclude the top 10 or 15 error messages, but return the following top 10?

Currently, about 80 to 90 percent of errors logged within a specific index I'm monitoring is made up of the top 10 to...

by Explorer in

Graph out an fields daily activity in relation to average usage and stdev

I've been stuck on this for quite some time and I'm hoping someone here can help me. I'm re-purposing a stdev query f...

by Explorer in

How to write a field aliases using the EVAL command for a firewall device.

Hi All, I need to write a field aliases using EVAL command for the below mentioned fields. Field Name : V...

by Motivator in

Can you search for two strings in chronological order (in different log statements)?

In every log statement, we write the user's session ID delimited by hyphens as follows: -S:ybiSmNiQxF- I wan...

by Path Finder in

Unable to blacklist multiple patterns using "|" in inputs.conf ?

I have used the below configuration as part of my inputs.conf but am unable to blacklist the logs that end with clien...

by Observer in

Java SDK: how do you return lookup fields in search results?

How do I receive lookup values in results from the Java SDK? When I run this query in the GUI, I see my lookup fields...

by Explorer in

Search head not fetching data properly from search peers

Hi Folks, We are facing some issue in our environment is search head(6.2) is not fetching data properly from searc...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

stats min(count) not 0 if value never occurs

How do I do a stats count for 2 diffrent interesting fields?

How do I place two time values from two seperate logs as distinct variables per field name that they share?

Regex to match string followed by varying formats (multi-line event)

Splunk search help: formatting a field

Are the job id and search id the same thing? What are the differences?

How to index geolocation data from MaxMind?

How can I get the job id from Splunk?

How to include a duration that started out of time range of the search into stats/timechart command?

Get a time range from subsearch to adjust main search time range

Merge Data from two indexes without using Join

Duplicate values causing conflict

Calculate time difference between events for distinct users in transaction log

How can I set a 5-minute +/- range for a list of timestamps without doing each search manually?

What is a splunk search in "zombie" state? What does this mean?

How can I combine 2 search strings onto 1 dashboard?

Can I use Eval to correlate two serial logs that have specific fields?

Joining two sets of data by common field (numeric userID)

How to write a search to exclude the top 10 or 15 error messages, but return the following top 10?

Graph out an fields daily activity in relation to average usage and stdev

How to write a field aliases using the EVAL command for a firewall device.

Can you search for two strings in chronological order (in different log statements)?

Unable to blacklist multiple patterns using "|" in inputs.conf ?

Java SDK: how do you return lookup fields in search results?

Search head not fetching data properly from search peers

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!