Splunk Search

Ask a Question

Discussions

Thread Info

Lookup and setting default values using a variable if an entry is not found in the lookup table

I have the following Query: index=obh_prod sourcetype=obh:edge:api proxy!="ow*" |lookup blink_six_providers Provide...

by Explorer in

How to index data from zigbee2mqtt?

can't figure out how to indexing my data from zigbee2mgtt. The logs are exported from Home assistance via syslog, as...

by Observer in

What's best way to count calls from main search excluding sub search results?

Greetings. I'm trying to count all calls in this:index="my_data" resourceId="sip*" "CONNECTED"Where not in this:in...

by Path Finder in

run different filter in an index search based on a condition in dropdown

Is it possible to run different filter in an index search based on a condition in dropdown below?The second filter wo...

by Motivator in

Need help with python script to log into Splunk Cloud

I have the following script, but it keeps erroring out. def connect_to_splunk ( username ...

by Communicator in

Using comparison function within mstats

Hello fellow Splunkthiasts! I need some insights to understand how comparison functions in mstats could be used. Co...

by Path Finder in

Capture multiple values of same pattern in an event

How do we capture multiple URLs in a single event? Log1: type=EXECVE msg=audit(1695798790.101:25214323): argc=17 ...

by Explorer in

Getting a count of the number of fields associated with a sourcetype

I've done a little looking and poking around but haven't seen an answer to this - hopefully I haven't overlooked some...

by Motivator in

what is the use of below query?

index=botsv1 sourcetype="stream:http" | timechart max(date_year)

by Observer in

How to combine two csv?

Hi All, I have two csv files. File1.csv -> id, operation_name, session_id File2.csv -> id, error, operation_name ...

by New Member in

Blocked auditqueue causing random skipped searches and scheduler slowness on SH/SHC. Slow UI.

Blocked auditqueue can cause random skipped searches, scheduler slowness on SH/SHC and slow UI.

by Splunk Employee in

How to parse grepable Nmap output?

I have several events with similar to this raw data field that I would like to break down into a new event for each I...

by Path Finder in

ingesting nmap xml output

I have been trying to get nmap output into Splunk. I thought the xml output would be nice and straightforward! Whil...

by Explorer in

How to create a search for matching two fields value to one new field?

Hello Splunker, I'm trying to join two fields values in stats command using Eval , looks like I'm doing it wrong,...

by Path Finder in

Missing settlement notification

Event and Report extract rules Use the payment business events to identify Transactions which have ACCP clearing st...

by Explorer in

How to filter results based on timeframe?

In my search results, I am getting IP and user details. I want to filter my search results if the same IP has been...

by Contributor in

how do i clean a lookup csv table over 90 days

I have a query below that looked for an index and output to a csv file however. the size of the csv keep growing and ...

by Explorer in

How to Create Multiple Tables in One Dashboard?

I am trying to create a Dashboard that hold multiple table of WebSphere App Server configuration data. The data I ha...

by Engager in

How do I calculate the percentage of one row against another in a stats?

I'm working with a table of conversation data, all conversations start out as a bot chat and can be escalated to a hu...

by Explorer in

Has anyone onboarded Oracle Cloud Add-on for Splunk recently?

Hello Splunkers, Has anyone on-boarded Oracle cloud recently, Please share your experience and help with the right...

by Path Finder in

How to union two time ranges

I'm trying to UNION two different tables containing info on foreign traffic - the first table is a log with time rang...

by Explorer in

How to flag users whose search engine queries contain certain words stored in a lookup table?

Hi everyone, I've seen a few posts on here and elsewhere that seem to detail the same issue I'm having, but ...

by Engager in

How can i create new fields with data from two different multi value fields?

I need to break out log data from two separate multi-value fields into single value fields. Here is what data looks l...

by Explorer in

Dynamic time creation based on time picker

Hi, I have a dashboard that shows service tickets count based on different parameters. Now I need to show a tren...

by Explorer in

splunk search statement using keyword from input box text string

the large size logs like as below it's not a regular json data, therefore need to using rex to get fields A logs ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Lookup and setting default values using a variable if an entry is not found in the lookup table

How to index data from zigbee2mqtt?

What's best way to count calls from main search excluding sub search results?

run different filter in an index search based on a condition in dropdown

Need help with python script to log into Splunk Cloud

Using comparison function within mstats

Capture multiple values of same pattern in an event

Getting a count of the number of fields associated with a sourcetype

what is the use of below query?

How to combine two csv?

Blocked auditqueue causing random skipped searches and scheduler slowness on SH/SHC. Slow UI.

How to parse grepable Nmap output?

ingesting nmap xml output

How to create a search for matching two fields value to one new field?

Missing settlement notification

How to filter results based on timeframe?

how do i clean a lookup csv table over 90 days

How to Create Multiple Tables in One Dashboard?

How do I calculate the percentage of one row against another in a stats?

Has anyone onboarded Oracle Cloud Add-on for Splunk recently?

How to union two time ranges

How to flag users whose search engine queries contain certain words stored in a lookup table?

How can i create new fields with data from two different multi value fields?

Dynamic time creation based on time picker

splunk search statement using keyword from input box text string

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Fields with multiple values duplicating in managed...

how to add a new column to the existing lookup usi...

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Search

Are you a member of the Splunk Community?

Discussions