Splunk Search

Thread Info

How to delete duplicate events?

I've been looking into some ways to remove duplicate events using a search. Finding them is not an issue. We can use ...

by Splunk Employee in

How to do splunk field extraction from a summary index?

I have an event log that looks like this search_name=x, search_now=3.000, info_min_time=1692741600.000, ...

by New Member in

Need help in creating graphs for a value extracted from log

Hello Team, I have log like this, File Records count is 2 File Records count is 5 File Records count is 45 ...

by Path Finder in

Generate values for IN search

How do I use a search to generate values to use inside of an IN search? For example: index=syslog src_i...

by Path Finder in

Events data processing / rename variables

Hi there, im pretty new in Splunk, so sorry if it is easy task. I have following example events in my index - I...

by Engager in

splunk

How to create empty.csv lookup in web

by Contributor in

data extraction from log without any links between them

Hello Team, I have logs with the below pattern 08/31/2023 8:00:00:476 am ........ count=0 08/31/2023 8:00:00:37...

by Path Finder in

Filtering o365 data with a search query

I have a question about filtering in data. We have a customer who is requesting a set of fields to be sent in from 03...

by Communicator in

All hosts without specific event

Hello Splunk Community, I'm trying to write a query to show me a chart (or table) for all hosts in my index in the ...

by Explorer in

Using Splunkbase Maps+

Hello All, I am hoping for some guidance here. I am using Maps+. It seems to be a decent application. There are t...

by Contributor in

Query to get volume of specific word

I want to get the volume for a specific word "ERROR" occurrence in a specific server in last 7 days. How to do that? ...

by New Member in

How to query a field in DBXQuery that contains colon?

Hello,How to query a field in DBXQuery that contains colon? I ran the following query and got an error. Thank you |...

by Builder in

List top 10 values for each fields of an index

Hello, I'm new to Splunk and despite searching extensively on this community site, I was not able to find a solutio...

by Explorer in

How to Compare two fields and exclude if the values are same?

Hi,I have two fields: field 1 and field 2field1 field 2 ABC AA\ABC DEF DD\DEF GHI...

by Path Finder in

Help with using lookups for combinations of values

I have a simple lookup file with two fields, user and host user host Bob ...

by Explorer in

[REX] : How to extract 2 words OR one if the line contains only one with rex

Hi, I need to extract with rex the two first words of one event but sometimes they are only one word. For exa...

by Explorer in

License usage

How to see daily licensing usage of 1 index in Splunk.

by Contributor in

How to combine multiple events from two indexes in Splunk

1st query: index="A" event_tag="event1" build_number=1 job_name=job1 type=completed 2nd query: index="B" event_...

by Engager in

How to add a new row to my table that add the counts of three fields and subtract from another field?

I want to add three fields insert ,update and error then subtract it from count_carmen and add new row .

by Path Finder in

string fields with numbers to be compared

I have another issue in comparing and want to compare should_be with server_installed_package . Sometime package inst...

by Explorer in

How to change text color based on Threshold in Dashboard table

Hello, I'm not sure how to achieve this, or if it's possible. I have a Column that I am using as a Status indicato...

by Path Finder in

How to use a sub-search result value as a search query in the main search

Hello, I've been attempting to use the results of a sub-search as input for the main search with no luck. I'm gett...

by Explorer in

Timechart with Failurepercentage and appendcols

I am using below query to get search result and calculate the failure percentage but not getting the expected result....

by Explorer in

Why are All indexes not showing up in the UI dropdown when sourcetype is set custom?

our app's addon's Inputs.config the sourcetype is set to custom name and the index is set to default. shown in below...

by Engager in

How to evaluate the following string as a fields

Hi , I have two servers with plugin details . I want to evaluate a column as Package_installed and Package_shouldbe b...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to delete duplicate events?

How to do splunk field extraction from a summary index?

Need help in creating graphs for a value extracted from log

Generate values for IN search

Events data processing / rename variables

splunk

data extraction from log without any links between them

Filtering o365 data with a search query

All hosts without specific event

Using Splunkbase Maps+

Query to get volume of specific word

How to query a field in DBXQuery that contains colon?

List top 10 values for each fields of an index

How to Compare two fields and exclude if the values are same?

Help with using lookups for combinations of values

[REX] : How to extract 2 words OR one if the line contains only one with rex

License usage

How to combine multiple events from two indexes in Splunk

How to add a new row to my table that add the counts of three fields and subtract from another field?

string fields with numbers to be compared

How to change text color based on Threshold in Dashboard table

How to use a sub-search result value as a search query in the main search

Timechart with Failurepercentage and appendcols

Why are All indexes not showing up in the UI dropdown when sourcetype is set custom?

How to evaluate the following string as a fields

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...