Splunk Search

Ask a Question

Discussions

Thread Info

Splunk query

Suppose there are 5 events in raw text in Splunk as below: "host":"111.123.23.34","level":1,"msg":"cricket score : ...

by Explorer in

IF NOT condition is not working in eval token in my the search query

Hi, I am trying to create 2 fields based on if condition. If in the logs, 200 Emv error or NoAcquirerFoundConfigure...

by Communicator in

How to set earliest and latest time based on current time in savedSearch

Hi Splunk Experts,I've a scheduled savedSearch where it runs every 5 mins, with the Schedule window of 2 minutes. Ins...

by Contributor in

Splunk Query - how to get sum of count for a specific field

I am having a below query and the sample output shown: index=<search_string> earliest=-30d@d| timechart span=1m al...

by Communicator in

Need help in displaying results in column

Hi Legends, Need help in displaying start time, when error occurred and end time when it got resolved , in separate...

by Explorer in

Help with splunk search for unix timestamp?

I want to create an alert for which I am writing a search query but I am unable to filter using the time range picker...

by Path Finder in

Why do I keep getting outliers in network?

Hi Team, I'm trying to find outliers in the network kpi for a project but every time I run this query I get 0 out...

by New Member in

How to find the average, min, and max values per minute for a 7 day search?

I'm trying to find the avg, min, and max values of a 7 day search over 1 minute spans. For example: index=apihi...

by Builder in

How to add a row with statistics for the last week?

Hey guys! I need the statistics of a bunch of data by month. And this is done already. search|eval Month=...

by Explorer in

Excluding logs with specific keywords from dashboards

Hello, I have application which ends specific kind of log. Every log have a jobId field and additional information" r...

by Loves-to-Learn Lots in

Using lookup table to circumvent search time constraints

I just want a sanity check to see if this is possible before I go through the effort. I am currently restricted to se...

by Communicator in

How to work out average

Hi all i have a search running with the following results date_year count 2022 ...

by Path Finder in

need time fields extracted as start and end time

1q) i have my search starting with earliest=-1mon latest=now() i want to get the dates as startdate = earliest and ...

by Builder in

How to identify '\n' in Splunk rex?

SPL as below: | makeresults| eval TEST="\n User-Agent: iOS/16.4.1 iPhone\n P-Access-Network-Info: 3GPP-NR-TDD;utr...

by Explorer in

Splunk Enterprise free - user preferences

Hi all, I use splunk enterprise with the free license at home. This week I upgraded to version 9.1.0.1 and I was ha...

by Explorer in

How to extract string before specific character

by Explorer in

Httpstatuscode success/failure

Hi All, I have 3 API's 1. in first API the status are code 200 & 403 as a success reaming all status codes are f...

by Explorer in

Unable to get 4 weeks average of same day by each store

Hi all , I am trying to get the average of sum of last 5 weeks data by each store . As in if today's monday I want...

by New Member in

Not able to add forward-server on splunk universal forwarder

This is what happening, /opt/splunkforwarder/bin # ./splunk add forward-server <splunk-server-ip>:9997 it asks f...

by New Member in

How to extract random numbers

There are over 10000 events and I want to extract events of 100 random Users.Is there any simple way to extract this?...

by Explorer in

identify and generate alerts for specific policies

Hi all,When I run this query it is not giving any alerts from the policies marked in red color what changes do we nee...

by Builder in

How to use rex to extract from logs.

I want to extract that BID@ from the log. and for other logs the external ID will be different so what will be the ...

by Path Finder in

How to delete events which has timestamp order decreasing?

I have the following table Timestamp 2021-08-09 12:26:55.78522021-08-09 12:26:56.22782021-08-09 12:26:56.2278202...

by Path Finder in

How can I display yesterday data when today's report did not run yet?

Hey! I have a dashboard that is updated everyday by a report that runs at 12:30 UTC. All the visualizations are di...

by Engager in

How to collect data from a scheduled run by single base search followed by two different search?

Hi Splunk Experts,I've a dashboard, where I have a base search and use the base search results in two different Panel...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk query

IF NOT condition is not working in eval token in my the search query

How to set earliest and latest time based on current time in savedSearch

Splunk Query - how to get sum of count for a specific field

Need help in displaying results in column

Help with splunk search for unix timestamp?

Why do I keep getting outliers in network?

How to find the average, min, and max values per minute for a 7 day search?

How to add a row with statistics for the last week?

Excluding logs with specific keywords from dashboards

Using lookup table to circumvent search time constraints

How to work out average

need time fields extracted as start and end time

How to identify '\n' in Splunk rex?

Splunk Enterprise free - user preferences

How to extract string before specific character

Httpstatuscode success/failure

Unable to get 4 weeks average of same day by each store

Not able to add forward-server on splunk universal forwarder

How to extract random numbers

identify and generate alerts for specific policies

How to use rex to extract from logs.

How to delete events which has timestamp order decreasing?

How can I display yesterday data when today's report did not run yet?

How to collect data from a scheduled run by single base search followed by two different search?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6