Splunk Search

Discussions

Thread Info

After setting up and defining a CSV lookup in Splunk, why is lookup returning a field with blank values in search results?

I have set up a lookup CSV which looks something like: product, meaningful_product product_1, "Meaningful Name 1" ...

by Communicator in

Why are some fields from XML data not displayed in search results?

When I conduct a generic search on one of our Splunk sources, I am looking for relevant data which will assist with c...

by Communicator in

How to send alerts to multiple emails based on lookup table match on host owners?

We currently have a lookup table with hosts and their respective owner email. host ; host owner email ABCD1234 ; A...

by Path Finder in

How do I move a string cat operation from the search and store it as an extracted field in events?

How do I move a string cat operation from the search and store it in an extracted field option that Splunk offers und...

by Motivator in

How to group alerts of same index with different sourcetypes into a single alert?

Hi Everyone, I do have couple of alerts from the same index but with different sourcetypes that should trigger on ...

by New Member in

Attempting to use sendemail from dashboard if Checkbox is checked, and e-mail textbox is not null

I have created a dashboard consisting of five panels, and I have updated a panel so that an e-mail can be sent when t...

by Path Finder in

How to edit my search for time-based correlation between two different sourcetypes (IP Attribution)?

The following search utilizes windows event security logs and produces a five column table that has the fields noted ...

by Path Finder in

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)?

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)? 12/19/2016 10:30:53 AM LogName=JHApplic...

by Explorer in

How to edit my search to return results from all countries but exclude a few states?

I created the following search query to cross search for users who successfully log in to a website and also received...

by Influencer in

how to display unique values only from one particular multi-value field

Hi i have a field like msg="this is from: 101,102,103,101,104,102,103,105,106" but i would like to display that fiel...

by Path Finder in

Joining data from 2 data sources in Splunk

I am trying to join data from 2 data sources. The first data source contains events; source=events. The second source...

by New Member in

How to extract these characters from fields in events to do an exact match against fields in my CSV lookup table?

I have set up a lookup table csv file and this has been uploaded to Splunk, and I have also set up an associated stan...

by Communicator in

How to split a multivalue field into single values?

I am working with a field < source_ip > containing three IP addresses and am wanting to split the values of that fiel...

by Communicator in

How to write a search to calculate the response time from my two sample events?

12/16/16 6:09:57.022 AM [2016-12-16 06:09:57,022][LOG ][WARN ] transid=xxx; Path=PQ; OperationName=UP; TransactionS...

by Builder in

how can I use a string value to compare number?

I have a field with values > = != etc., and another field that determines threshold Now I want to Compare the value o...

by Contributor in

Is their any other way to calculate the starttime and endtime for my data?

I have attached the screenshot of my data. I have transaction starttime as inbound message event time and endtime is ...

by Explorer in

How do I compare a count of events in a given date_month by foo, over the last X years?

I currently have a search that uses 3 join statements to get me the criteria I'm looking for over the last three year...

by Path Finder in

Constant Horizontal Line On Line Chart

I'm putting together a line chart measuring application response time in milliseconds. What I would like to is put a ...

by Path Finder in

How to edit my search to reflect stats related the current size of a disk volume (the volume changes as needed as space increases)?

I have a report on disk volumes that runs nightly. Recently I have started collecting data for a volume that changes ...

by Communicator in

How to run different timerange in subsearch versus outer search?

Hi, I've been stuck on this for a bit and need some advice. I have it partially working, but I'm trying to figure ou...

by Explorer in

How to define a search to find missing data?

I have an application that has predictable log entries when it starts a series of activities and when it finishes. I ...

by Path Finder in

How to edit my search to parse a JSON array and chart values for different components over time?

I have a periodic event with a JSON array that holds some values for different items. I would like to chart one of th...

by New Member in

Cron Schedule

I need a cron schedule for following: executes per every hour excluding from saturday 6pm to sunday 8am? Thanks...

by Explorer in

How to generate a search that will compare Log_Level events to the total number of events?

Hi I want to do a search of something i would think would be very simple but i cant get it to work. I want to ...

by New Member in

How to edit my search to display the percentage of tickets sold based on a conditional search string?

Splunk newbie here so please bear with me. Given the table/records below, how can I build a bar chart with the percen...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

After setting up and defining a CSV lookup in Splunk, why is lookup returning a field with blank values in search results?

Why are some fields from XML data not displayed in search results?

How to send alerts to multiple emails based on lookup table match on host owners?

How do I move a string cat operation from the search and store it as an extracted field in events?

How to group alerts of same index with different sourcetypes into a single alert?

Attempting to use sendemail from dashboard if Checkbox is checked, and e-mail textbox is not null

How to edit my search for time-based correlation between two different sourcetypes (IP Attribution)?

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)?

How to edit my search to return results from all countries but exclude a few states?

how to display unique values only from one particular multi-value field

Joining data from 2 data sources in Splunk

How to extract these characters from fields in events to do an exact match against fields in my CSV lookup table?

How to split a multivalue field into single values?

How to write a search to calculate the response time from my two sample events?

how can I use a string value to compare number?

Is their any other way to calculate the starttime and endtime for my data?

How do I compare a count of events in a given date_month by foo, over the last X years?

Constant Horizontal Line On Line Chart

How to edit my search to reflect stats related the current size of a disk volume (the volume changes as needed as space increases)?

How to run different timerange in subsearch versus outer search?

How to define a search to find missing data?

How to edit my search to parse a JSON array and chart values for different components over time?

Cron Schedule

How to generate a search that will compare Log_Level events to the total number of events?

How to edit my search to display the percentage of tickets sold based on a conditional search string?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions