Splunk Search

Discussions

Thread Info

MV field split by comma and not line break

I have a group of multivalue fields that are listed with linebreaks . I'm looking to remove the line breaks from one ...

by SplunkTrust in

Evaluate multiple events with same data.

I would like to count the number of times a Server went down based on up/down status field. How can i evaluate multip...

by Explorer in

Cannot sort dynamic column in date format

Hi, I tried to summary data in each assignment_group_name by month here is my code: index="snow" sourcetype="snow:in...

by Explorer in

Stats Distinct Count (X) + X[Values]

Hi Splunkers, I have a query that gives me the following fields I want to work with. username Country (after ...

by Explorer in

Relative Time search (e.g. today 4AM)

Hi, I have a report (scheduled to be run every 5 minutes) that I have built, it list the number of specific event...

by New Member in

Why are some searches only rarely executed without any warning or error?

Hey everyone i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. ...

by New Member in

how does the attribute "maxHotIdleSecs" work?

In my indexes.conf file (C:\Program Files\Splunk\etc\system\local) I have the attribute "maxHotIdleSecs = 86400" S...

by Path Finder in

SPL: extract logfile name from source field

Hi, I am trying to setup a dropdown bar for a dashboard and would like to setup dynamic inputs based on the source lo...

by Path Finder in

How edit my search to get a chart of bin counts over time?

I'd like to create a chart of bin counts over time (with a span defined). Right now, I can get the result over the wh...

by New Member in

Why I have "Duplicate values causing conflict" with eval ?

Hi, Can you tell me why i can't update my dynamic list on my dashboard ? I have this message : "Duplicate values c...

by Path Finder in

Group multiple Keys and count the values by status and table the results

Good day, i have the follwing key values: CMD=LOOK ITEM1=APPLE ITEM2=APPLE ITEM3=ORANGE STAT=0 CMD=LOOK ITEM1=APPL...

by Explorer in

HELP! Extracting JSON rex not working...

Hello all, I am trying new things and expanding my palate but having a problem extracting JSON. My Search: i...

by Explorer in

How to use a list of whitelist mac addresses to find "bad" mac addresses?

Hello, for control dhcp server, need to search "bad" mac addresses, but use whitelist . And need modify search string...

by Engager in

Is there a search that can be used to determine if Linux logs have been cleared or deleted?

Greetings, In Windows, there's a nice EventID you can query to see when system, application, or security event log...

by Path Finder in

How to use join to combine my two search?

i have to two different sourcetypes with two different key but values are same for both keys Please help me with sea...

by Communicator in

How to find duplicate values in a multivalue field?

Hi I have logs in Splunk containing lines like this: UserPolicies=13=5|0=81540803|7=137|9=76|13=3|1=11|21=10 UserPoli...

by New Member in

Combining separate columns based on x-axis value

I initially created a chart that will show log count for a number of hosts: ... | chart count by host source | ... wh...

by Path Finder in

How to edit my search to split statistics results per day?

HI Guys. I have a search that shows our HTTP code errors and do a error percentage of that based on total value of re...

by New Member in

Grouping (Range?) HTTP Status codes

Hi, I have queries that I'd like to group HTTP Status codes together... (i.e. anything 200-299, or 300-399, or 400...

by Motivator in

how to write rex for my use case

i want to retrive BLOCKED_PARENT (This item is blocked because its parent cannot syndicate.) message from the bel...

by Communicator in

Timechart with multiple fields

Hi , I need to add one more field "row_num" in the same timechart Search query is index=abc | timechart span=1hr...

by Path Finder in

How filter with join ?

hi guys, I want to filter my request where when logs{}.newStateId!=5 i recover the projects{}.id but this join isn't ...

by Path Finder in

Large lookup files in a distributed environment: how can we force the .tsidx indexes to build on all search heads?

Splunk automagically builds .tsidx indexes on Lookup files which are large. This is triggered the 1st time someone pe...

by Engager in

Adding a WHERE clause to chart so only NON-matching results are shown on visualization

I'm currently generating a chart with ... | chart count by host source | ... so it counts the number of lines output ...

by Path Finder in

makemv delims not working

Hi, don't seem to see the problem but makemv doesn't work on the search below. sourcetype=st1 < some search >|rena...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

MV field split by comma and not line break

Evaluate multiple events with same data.

Cannot sort dynamic column in date format

Stats Distinct Count (X) + X[Values]

Relative Time search (e.g. today 4AM)

Why are some searches only rarely executed without any warning or error?

how does the attribute "maxHotIdleSecs" work?

SPL: extract logfile name from source field

How edit my search to get a chart of bin counts over time?

Why I have "Duplicate values causing conflict" with eval ?

Group multiple Keys and count the values by status and table the results

HELP! Extracting JSON rex not working...

How to use a list of whitelist mac addresses to find "bad" mac addresses?

Is there a search that can be used to determine if Linux logs have been cleared or deleted?

How to use join to combine my two search?

How to find duplicate values in a multivalue field?

Combining separate columns based on x-axis value

How to edit my search to split statistics results per day?

Grouping (Range?) HTTP Status codes

how to write rex for my use case

Timechart with multiple fields

How filter with join ?

Large lookup files in a distributed environment: how can we force the .tsidx indexes to build on all search heads?

Adding a WHERE clause to chart so only NON-matching results are shown on visualization

makemv delims not working

What’s New & Next in Splunk SOAR

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions