Splunk Search

Ask a Question

Discussions

Thread Info

How can I send a notification when file is missing?

Hello dear community, I am new here and hope for warm support. The following problem I have to solve: I have se...

by Explorer in

How to return count of certain text using Splunk regular expression?

I have an input string which contains strings like code =test1 description=test1 description status = pending,code ...

by Path Finder in

How to search error messages in log file?

Hi, I am new to Splunk. How to search error messages in the log file using SPL.I am using the below formats to search...

by Engager in

Latest event filter on status- How to get the failed tasks?

I have a query that is giving the latest event of the task but I want to filter the query for a status <base ...

by Path Finder in

Help with If The Else Condition?

am writing an If Then Else Evaluation statement and could use some help. If (PRIORITY=02 AND Condition=Alarm...

by Explorer in

Change textbook to search on multiple values?

Hi, I have the following search that searches an index based on 2 textbook inputs: | inputlookup ABC | sear...

by Builder in

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

I am trying to understand how I can plot my multi-cloud subscription/service consumption data from different geo regi...

by Communicator in

How to list of events per host, with heading per host, emailed in a report?

Hi there, I'm a noob. I'm looking to generate a report containing a list of events per host for a specific timefra...

by Explorer in

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

If I have DataError field which has 10 different message text but I need to exclude two out 10 I need only 8 as stats...

by Loves-to-Learn Lots in

Matching index field value with lookup field value

If I am having 3 fields in lookup table as flow,InterfaceCode,DataError. I am having a common field interfaceCode o...

by Loves-to-Learn Lots in

How to create an alert that triggers when a certain number of failed logins are reported using transaction command?

I am trying to create an alert that triggers when a certain number of failed logins are reported in a 5 minute time p...

by Explorer in

How to delete last row in a table?

Counterror_manager1System2System3System4System5System6System How to delete last row in a table?

by Path Finder in

How would we match static content of error to interesting fields of splunk search by editing lookup table with regex?

If we have some error messages with some static and dynamic content. We want to match static content of error to inte...

by Loves-to-Learn Lots in

How to perform lookup on CSV file from search on index?

how to perform lookup on CSV file from search on index?For example below: I want to find out if "name" on employee...

by Motivator in

How would I write a Splunk search to build a table for PASS and FAIL?

Hello Everyone, I have below query with which I am trying to build a table showing data for SUCCESS for sum of st...

by Path Finder in

How to extract a word between two words?

stream=stdout 9 INFO [DataEnrichmentController] (default task-597) start : comm-uuid : rsvp-service : nljnj42343n43k ...

by New Member in

extract fields from json-wrapped postfix logs?

I have logs landing in Splunk Cloud that are normal `postfix_syslog` lines, but are wrapped in a `json` object. 3 Exa...

by New Member in

How to pass token in dashbaord

Below is my original xml code for dashboard. from the panel of EPP TimeZone , i have modified the query using tstat...

by Path Finder in

How to display source IP and destination IP mapping count by connection events?

Hi, I am trying to build a dashboard to show a mapping between source IP and destination IP based on different connec...

by Explorer in

How to find second maximum value

I have a search like this to fetch the maximum value. Now the case i wanted to add is, if the maximum value field is ...

by Explorer in

How to perform field extraction for key/value pairs with special character used as delimiter?

Hello, I have events with Key/Value pair assigned by "="Highlighted in Bold) and separated by special character "^...

by Motivator in

What is the difference between stats eventstats streamstats?

Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand?

by Engager in

How to compare assets from previous week and highlight the difference?

Hello I have created a dashboard that shows the previous 4 days and the equivalent days the week before for asset ...

by Path Finder in

Issues with Rollup Events

Hello, I have a Roll Up events. One file created every month and new events added up every day within that file. Ho...

by Motivator in

How to give space in dashboard query?

Have drop down vaules like below Extual vaul Index =abc source = abc source Drop down values like prod la...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I send a notification when file is missing?

How to return count of certain text using Splunk regular expression?

How to search error messages in log file?

Latest event filter on status- How to get the failed tasks?

Help with If The Else Condition?

Change textbook to search on multiple values?

How to plot choropleth data on maps? I have data from multi-cloud in respective index.

How to list of events per host, with heading per host, emailed in a report?

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

Matching index field value with lookup field value

How to create an alert that triggers when a certain number of failed logins are reported using transaction command?

How to delete last row in a table?

How would we match static content of error to interesting fields of splunk search by editing lookup table with regex?

How to perform lookup on CSV file from search on index?

How would I write a Splunk search to build a table for PASS and FAIL?

How to extract a word between two words?

extract fields from json-wrapped postfix logs?

How to pass token in dashbaord

How to display source IP and destination IP mapping count by connection events?

How to find second maximum value

How to perform field extraction for key/value pairs with special character used as delimiter?

What is the difference between stats eventstats streamstats?

How to compare assets from previous week and highlight the difference?

Issues with Rollup Events

How to give space in dashboard query?

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk App for Anomaly Detection End of Life Announcement

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions