Splunk Search

Discussions

Thread Info

How to remove duplicate events if all data is identical except the time and duration fields?

Hey, Fellow Splunkers I have multiple duplicated events, all data on the event is identical to the exception of th...

by Path Finder in

How to get top 10 values of a column and its raw data for each value

index=omi_Uat host=DEFRNCMP* sourcetype=all_events_attributes | eval {idx} = elt | fields ID,UMN,TicketID,node | top ...

by Loves-to-Learn Lots in

How to filter the values of 5 columns using checkbox?

Let's imagine that I have a table as the picture below displayed. Column 5 listed the column names who have the "YES"...

by Explorer in

predict function query

at time i find the predict function predicts values over 100% based on historical data. is there anything i can confi...

by Builder in

How to count unique events pr class

I need help with stats in Splunk Let's say you have these example data: | stats count | eval car="Opel" | eval ...

by Builder in

Using Where like but instead of text looping through a lookup

Hello! I've been looking around for an answer to this one, either it eludes me or I'm straight up asking the wrong...

by New Member in

Count Issues

I'm trying to count all my data by each day of the week each time a host is hit. EX: machine a has a script run once...

by New Member in

How to use multiple base searches in one search?

I have to base searches defined in my dashboard: <search id="num1"> <query>....</query> </search> <search id="...

by Engager in

How to pass token during check and uncheck of the checkbox?

How to pass token during check and uncheck of the checkbox in splunk? For ex- if I check the box then it will pass th...

by Explorer in

Timestamp Optimization Tools

All, Any cool tools out there for optimization and tuning of time stamps? Like a regex101.com style site but like...

by Builder in

How to apply anomaly command on timechart query?

I am trying to apply anomaly detection on count field. Base query: index=test sourcetype=web source="test.log" WE...

by New Member in

stats not pulling through after a certain date

I have a search that looks at 2 indexes so it can pull 3 lots of separate data back so i can show data over a period ...

by Communicator in

Custome Time picker

in below query its showing time picker data or time as per time picker. but i want if i select last 30 days in time p...

by Engager in

Error 'Could not find all of the specified lookup fields in the lookup table.'

I'm having problems when doing splunk searches, always returning the error [sp1p-splidx-sec-90] Error 'Could not f...

by Explorer in

Splunk HTTP event collector ingesting the data multiple times

I'm trying to ingest data using Http Event Collector, HEC. wired that, sometime the data is getting ingested multiple...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to remove duplicate events if all data is identical except the time and duration fields?

How to get top 10 values of a column and its raw data for each value

How to filter the values of 5 columns using checkbox?

predict function query

How to count unique events pr class

Using Where like but instead of text looping through a lookup

Count Issues

How to use multiple base searches in one search?

How to pass token during check and uncheck of the checkbox?

Timestamp Optimization Tools

How to apply anomaly command on timechart query?

stats not pulling through after a certain date

Custome Time picker

Error 'Could not find all of the specified lookup fields in the lookup table.'

Splunk HTTP event collector ingesting the data multiple times

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to return unique values with highest count, an...

Help with report creation please

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...