Splunk Search

Ask a Question

Discussions

Thread Info

How to use wildcard in search command where to compare values?

Hello guys I have lots of columns such as test1 ,test1_up ,test1_down ,test2 ,test2_up, test2_down ,tmp1, tmp1_up...

by Path Finder in

display results from map on inputlookup as events

I have a search like this: |inputlookup CSV-Generic-GenCus-GenLBL-SensitiveDataKeyWords.csv | map [search index="...

by Path Finder in

what does status=200 mean?

Hi, please explain, what is the function of 'status'? why we use status? what's its function?what does it do? what d...

by Engager in

Filter Multiple Event Results Into A Single Value

I would like to return the value of a string only once even if it shows up multiple times in splunk. For example: ...

by New Member in

Combine two record sets where a distinct value matches (without using join)

I have a search that generates two distinct types of record entries (searching for "for event"): 2015-05-05 for ev...

by New Member in

multi field in different rows

Hi at all, I'm ingesting many csv where there are a variable number of columns. some of this columns have name ...

by SplunkTrust in

Display data on single bar line in chart

I have some records in csv, each record has a column 'payment method'. I have to count by 'payment method' and the re...

by New Member in

How to use evaluate function across multiple multivalue fields

Hi, I am trying to create an anomaly detector for unusually high thruputs across all sourcetypes in my Splunk inte...

by Engager in

Convert JSON to table

I tried looking up for a solution and went through almost all suggestions. None worked for me. I have the following j...

by Explorer in

How to split event into multiple rows in a table?

Hello everyone, I'm trying to get an analysis of an process log file. The logfile contains an event for every ende...

by Path Finder in

Using regex to extract word after semicolons

Hi I am attempt to extra host names from logs they always appear after the 4th semicolon : E.g. I want the ext...

by New Member in

How to determine if logs are not being used?

Is there a way to determine which logs are not being used anymore, and therefore can be deleted? For example, maybe a...

by New Member in

Why does my summary search not produce any results?

Hi to all, I have a summary search that doesn't produce results, if I copy and paste the same search in "search & ...

by Explorer in

How to append search results multiple times based on change in particular field value

Hi, I want to something like - append [Query-2] by clause Situation is I have a result set from query-1 and que...

by Path Finder in

Is it possible to search Splunk for list of concurrent searches usage over time?

Hello, is it possible to search Splunk for list of concurrent searches usage over time by searching internal log? ...

by Path Finder in

SPlunk Searches slow

Hello, I am facing challenges to search query in SPlunk 6.4.1 environment But Splunk Performance is very slow. We ...

by New Member in

Manage alert threshold and rows returned all within the custom condition in the alert

This kind of spiraled as I was helping a coworker with an alert they had all the duration and times hardcoded in the ...

by Builder in

Search event format in Splunk

Suppose I have a log file having 11 lines like below having two line same as in G: A B C G D E F G H I J Now in Sp...

by Explorer in

How to use rex to extract the values?

I want to make a table that shows ACTION, DATABASE USER, PRIVILEGE, CLIENT USER and DBID; I want the value between ' ...

by New Member in

Replacing part of string when it's equal to a field value

Hi! I have fields myfield and name which contains text of an email going like this: Example1: myfield="From: Smith...

by Explorer in

Can I add events to a transaction?

I have a transaction based on a bunch of events from a common source with a common transaction ID, something like ...

by Builder in

How to edit my regex to replace a number 0-9?

Hi Team, I have requirement, where I need to replace a series of numbers with something like this a/b/c/123456 wit...

by Path Finder in

question on search query

Looking for a single result that includes both values of clicked link then added up in a total column search... | ...

by Explorer in

Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command?

I want to do something like the below command but it is giving me an error. sourcetype=SplunkKafka_messaging | spa...

by Path Finder in

How to create splunk search for common filed/value across the multiple servers?

Hello All, I am trying to build search for common value across multiple host. For example , i have a common field ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use wildcard in search command where to compare values?

display results from map on inputlookup as events

what does status=200 mean?

Filter Multiple Event Results Into A Single Value

Combine two record sets where a distinct value matches (without using join)

multi field in different rows

Display data on single bar line in chart

How to use evaluate function across multiple multivalue fields

Convert JSON to table

How to split event into multiple rows in a table?

Using regex to extract word after semicolons

How to determine if logs are not being used?

Why does my summary search not produce any results?

How to append search results multiple times based on change in particular field value

Is it possible to search Splunk for list of concurrent searches usage over time?

SPlunk Searches slow

Manage alert threshold and rows returned all within the custom condition in the alert

Search event format in Splunk

How to use rex to extract the values?

Replacing part of string when it's equal to a field value

Can I add events to a transaction?

How to edit my regex to replace a number 0-9?

question on search query

Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command?

How to create splunk search for common filed/value across the multiple servers?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions