Splunk Search

Ask a Question

Discussions

Thread Info

How do I combine my two alerts into a single search?

The use case involves two alerts: ALERT 1: raising the alert when more than 4 systems got affected with the same v...

by Engager in

How to create a search to display with traffic on Splunk source and destination ports?

help me with Splunk search to display the traffic on Splunk source and destination ports.

by Communicator in

How can I update tags and corresponding permissions from a lookup table via Search Processing Language?

Hi, I have a list of hosts which are maintained and updated via a lookup table. Is it possible in Search Processing L...

by Builder in

How to edit my search to find real-time scheduled searches?

Below is the search i am using to find the real time schedule searches .. but i would like to know which user is runn...

by Path Finder in

timestamp parsing issue for a specific time

my log is: 2016-12-22 00:01:11,076 [myid:123] - INFO [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] - Accepted ...

by Path Finder in

Received error warning "Failed to parse timestamp. Defaulting to timestamp of previous event". How can I find which event in the source log threw this error?

i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :- 02-...

by Path Finder in

changing the source type in splunk

Hi, what happens if we change the source type of already existing data . For example , i have a monitor stanza lik...

by Path Finder in

Why is setting a token from result not working?

Any ideas on why KER_RESULT would not be working? Tail end of base query... Updated code... <search id="even...

by Builder in

Return command giving error for stats c(eval...) in splunk

Hello Everyone, Am creating the dynamic query depending on condition and after that using return command to execut...

by Communicator in

REX issue, quite an interesting one, potential bug?

Just wondering if anyone has ever seen this before? This is the data I’m extracting from: "Classic,Audit Failur...

by Contributor in

How to form a search based on my data and my desired output?

Hi All, I have the below format of data Name Value 1-Jan A 2-Jan B 2-Jan B 3-Jan C 2-Feb A 1-Mar...

by Contributor in

Fields value correlation not working

Hello, I have a query regarding ordering of ElapsedTime field. It is not coming properly with associated ServiceLa...

by Contributor in

How to combine additional events to an existing Transaction?

Hello, I am trying to organize various types of events into single events. Currently I have a transaction set up to c...

by Explorer in

Is there a limitation in the length of a search?

Hello, I have a long Splunk search that I continue to add more conditions to each day so it keeps growing. Eventua...

by Explorer in

How to write a crontab running from Monday 6 AM through Saturday 2 AM

How to write a crontab from Monday 6 AM through Saturday 2 AM to run once in a hour.

by Engager in

help me with search command

-------| eval test=if(condition,"INFO","Error") | search test if condition is true the search must be behave as --...

by Communicator in

How to add 2 different fields with under the same function?

Hi guys, I need to do add enter 2 different fields under the same function. The first is with an ACResponse specif...

by Path Finder in

how to check the average queries time entered by the user

Hi, Is there any way to find out how much time queries were taking to complete the job when the users enter the qu...

by Path Finder in

Viewstates Error when trying to save/clone/edit search

So we have a number of searches that cannot be saved or cloned due to viewstate errors. Many of them are accelerated ...

by Builder in

How do I only show results using a token of a multivalue field?

Hi all, I am new to using SPLUNK so please bare with me.... I have created a dashboard to utilise tokens in drop d...

by New Member in

Help in Regex

I have the field message - Method: Execute | Class: GetUsersByVinActivity message- Method: Execute | Class: DecodeVi...

by Builder in

How to trigger search based on a dynamic dropdown input?

I am trying to create a dropdown box to allow the user to select a host category (Like backend or frontend) and then ...

by Engager in

Timecharting delta by multiple fields

My Sample event every minute looks like this: 03/06/2017 15:19:00 -0500, app01:JVM1=12, app01:JVM2=6, app01:JVM3=9...

by Path Finder in

How to graph sum of overlapping values given start time and duration?

I've searched here for quite a while and didn't find what I'm looking for, or maybe I'm not wording it correctly... ...

by Engager in

Maximum length of an Index name

We are planning on some long and detailed index names. I'd like to know if there is a maximum length an Index name ca...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I combine my two alerts into a single search?

How to create a search to display with traffic on Splunk source and destination ports?

How can I update tags and corresponding permissions from a lookup table via Search Processing Language?

How to edit my search to find real-time scheduled searches?

timestamp parsing issue for a specific time

Received error warning "Failed to parse timestamp. Defaulting to timestamp of previous event". How can I find which event in the source log threw this error?

changing the source type in splunk

Why is setting a token from result not working?

Return command giving error for stats c(eval...) in splunk

REX issue, quite an interesting one, potential bug?

How to form a search based on my data and my desired output?

Fields value correlation not working

How to combine additional events to an existing Transaction?

Is there a limitation in the length of a search?

How to write a crontab running from Monday 6 AM through Saturday 2 AM

help me with search command

How to add 2 different fields with under the same function?

how to check the average queries time entered by the user

Viewstates Error when trying to save/clone/edit search

How do I only show results using a token of a multivalue field?

Help in Regex

How to trigger search based on a dynamic dropdown input?

Timecharting delta by multiple fields

How to graph sum of overlapping values given start time and duration?

Maximum length of an Index name

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions