Splunk Search

Discussions

Thread Info

i want to remove all the word starts with OBJ and till 1-3453221. the number will be dynamic and constant in length . we need to remove from string based on OBJ with length

this is word obj:1-324dfs32 hello world obj:1-3453221 as a god

by Builder in

Combine Status Results into one Row

source="Test" index=XYZ [search source="Test2" index=XYZ2 Address=.| dedup "attachments{}.uniqueid"|rename "attachmen...

by Explorer in

Calculate past stats and use them for comparison with current values

I have to generate a time chart wherein I have to compare the field named util and check if it is in the range betwee...

by Explorer in

splunk 6.6 installed just now, index=_internal sourcetype=splunkd says no results, is it a bug?

Hi, Just now installed splunk.6.6 on Windows10 and loggedin. Uninstalled it. installed again with new location for SP...

by Explorer in

How to regex information from two lines?

I am trying to create and add a regex stanza to Windows TA to parse out a username. This is for event code 516 from a...

by Contributor in

How to Break Json output script in multiple events

Greetings. I'm trying for several days to break a json array into multiple events. This Json is the output of a p...

by Path Finder in

How to edit my search to find duplicate events?

I want to be able to see all duplicate macs with their respective location and store. There are duplicate macs with d...

by Contributor in

If the system-wide real-time search limit is reached, can users still run regular searches, or will all searches be queued until a real-time search is closed?

If the system-wide real-time search limit is reached, can users still run regular searches, or will all searches at t...

by Engager in

Trying to run a search, why are we getting a "Queued" message?

Hello, The user has a role setting to run up to 100 concurrent job searches. However, at about 15-20 concurrent jo...

by Path Finder in

Show pie chart based on two search queries (append)

Hi, I have execution times in my index. I want to show statistics of long running queries (e.g. longer than 10 sec...

by Path Finder in

Use csv (input/outputlookup) to display label from csv in pie chart

Hi, I have a working search which returns me IDs for specifing meanings of the values. I also have a working input...

by Path Finder in

How can I list out values of the top 2 (latest 2)Time stamps

Date1 Host Path1 Date2 Host Path2 Date 3 Host Path3 I need to table out the latest Host, latest 2 dates, and the c...

by New Member in

Query to display data as per the DateTime column of Record

Hello Splunk Experts, sorry if i am not able to format the question properly as I am new to splunk. I have a csv f...

by Path Finder in

Count occurences of same ticket number in a multivalue field

Hello guys, I am trying to count the number of times the same ticket number appears in a multi-value field. The ti...

by Explorer in

Splunk displays incorrect location on using iplocation

On using iplocation, Splunk returns incorrect coordinates for an IP, and displays location incorrectly on map with ge...

by Explorer in

How do I normalize, flatten, or unpivot table data?

I am trying to take the results of a timechart table and normalize/flatten/un-pivot the data. For example, I have the...

by Engager in

How to write a simple search query to add another set of host name along with the current present host name?

Hi All, I have used the below query to capture the splunk service status (Up or Down) via splunkd.log. This query is ...

by Motivator in

Time-based Lookup Configuration not quite working?

Dear All, I have a set of error events that are generated when an issue happens in our environment. I run an alert...

by Communicator in

change the time format in timechart tooltip

How to change the time format in timechart tooltip? its in AM/PM format but i need to change to 24hr format.

by Explorer in

How to determine if the log is missing

there are many hosts in an indexer. How do I check if the log is missing? If a host does not have a log Within an ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

i want to remove all the word starts with OBJ and till 1-3453221. the number will be dynamic and constant in length . we need to remove from string based on OBJ with length

Combine Status Results into one Row

Calculate past stats and use them for comparison with current values

splunk 6.6 installed just now, index=_internal sourcetype=splunkd says no results, is it a bug?

How to regex information from two lines?

How to Break Json output script in multiple events

How to edit my search to find duplicate events?

If the system-wide real-time search limit is reached, can users still run regular searches, or will all searches be queued until a real-time search is closed?

Trying to run a search, why are we getting a "Queued" message?

Show pie chart based on two search queries (append)

Use csv (input/outputlookup) to display label from csv in pie chart

How can I list out values of the top 2 (latest 2)Time stamps

Query to display data as per the DateTime column of Record

Count occurences of same ticket number in a multivalue field

Splunk displays incorrect location on using iplocation

How do I normalize, flatten, or unpivot table data?

How to write a simple search query to add another set of host name along with the current present host name?

Time-based Lookup Configuration not quite working?

change the time format in timechart tooltip

How to determine if the log is missing

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Why are there Different results with "earliest" th...

Why is website monitoring app not pulling data?

How to achieve readable date format for scatter pl...

How to change the date format of the Date Picker i...

Maximun disk usage quota- Why are alerts not sendi...