Splunk Search

Ask a Question

Discussions

Thread Info

How get a total count based on the substring value?

Below is the splunk query, (My.Message has many various types of messages but the below one is what I wanted)index="...

by Explorer in

How to get only search result to shows only for the match that has 18 alphanumeric character from the list?

Hi Ouput of my search result shows FieldA ========= abcdabcdabcd001234 abcdef-gef exyza-123 xx...

by Loves-to-Learn Lots in

How get a stats count and split a string to get a total count?

Please help me, below is my query index="myIndex" app_name="myappName" My.Message = "*failed to retrieve the workOrd...

by Explorer in

How to "Join" REST with metastats to get sourcetypes by index?

I have been wondering how to produce a table Of indexes and the sourcetypes used in them, something like: ...

by Explorer in

How to achieve conditional count for multivalue field?

Hi, I'm kind of new to Splunk and I was wondering if someone could help on this: What I'm trying to do is a timech...

by Engager in

How to get a list of websites from IIS servers with the Splunk IIS Addon?

Hello We currently have multiple IIS servers with multiple websites and our goal is to setup a dashboard “overview...

by Path Finder in

How to display a single error in multiple inputs?

Hi , I have a search query - | search Region = EMEA| eval Status=case(Statistic=0,"Green" ,Statistic=2,"Red",S...

by Engager in

How to write a query to use regex on the basis of if statement?

HI, I am looking for splunk query to use regex on the basis of if statement. Query: index=jfrog_index "org...

by Loves-to-Learn Everything in

How to optimize search query with join?

Hi All, i am using below query to get the common results on the basis of correlation_id but it is very slow,I need...

by Explorer in

How to compare difference in a field from two different events?

I am looking to compare two events in same index and sourcetype differentiated by snapshot id's, the main task is to ...

by Contributor in

Why does subsearch always have zero results?

Hello Everyone. I have a search with a subsearch that's correctly running on a test environment (Splunk 8.2.9). No...

by Observer in

Is there a way to input .csv lookups in a tstats Heartbeat query?

Hello! Rather than manually specifying the indexes I want to perform this heartbeat query on, I was wondering if ther...

by Explorer in

How to use field value from outer query in inputlookup?

Hi, I'm trying to find whether a lookup file is available or not. If yes, I want to use the same file, if not I wa...

by Contributor in

How to parse JSON like-data with extracted server name as a column?

Howdy We've got this data: Each log line is like: {"serverX.somedom.com" : {"key.value.pair1": "0"...

by Loves-to-Learn in

How to change background color based on string values in new Dashboard Studio?

Dear All I am new to dashboard studio in Splunk. I have a single value panel displaying a string. There are tw...

by Path Finder in

Can anyone confirm possible bug when using mvzip with xpath extracted fields?

Hello Splunk experts, I am encountering strange behaviour when using mvzip on fields extracted using xpath command...

by Explorer in

How to use mvfilter Function to search two field values?

Hello All, I wanted to search "field_A" data value from "field_B" data values into "field_C" but only if field_A v...

by Explorer in

How to extract multivalue data to dynamic fields?

I am trying to extract multi value fields and set dynamic fields with values based on the extracted data. I am able t...

by Path Finder in

How to create a dropdown filter with strings from a csv file?

Hello, I'm new on the splunk community, how do I create a dropdown with strings retrieved from a csv file separated...

by Explorer in

How to match append result?

index=os process=sshd name="session opened" action=success| eval user=upper(user)| lookup all_svc_samaccountname.csv ...

by Loves-to-Learn in

How to create custom results?

Dear Splunker, i need you help in creating custom results to include in a report and output it in a table for...

by Path Finder in

Proofpoint sending logs with missing information, there anything that I can change or edit?

Hi all, I have an issue with the logs I am receiving from Proofpoint. The issue is that I am receiving logs with eith...

by Explorer in

How to correlate across two lists in a stats

I want to correlate across two lists and display the results. Log data: 06/10/2023 05:04:12 ACMIUY-6500-2345...

by Path Finder in

How to arrange events into groups and count number of events in each group?

I have log lines like these: 2023/06/09 13:19:31.245 : AUDIT- INFO: Adding profile with id 00001 to TPT2023/06/09 ...

by Loves-to-Learn Lots in

Why are search results different when running a search in the Search app versus a dashboard panel?

Hi, I have a search as a dashboard panel. When I execute the search on the dashboard, the result is incorrect. ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How get a total count based on the substring value?

How to get only search result to shows only for the match that has 18 alphanumeric character from the list?

How get a stats count and split a string to get a total count?

How to "Join" REST with metastats to get sourcetypes by index?

How to achieve conditional count for multivalue field?

How to get a list of websites from IIS servers with the Splunk IIS Addon?

How to display a single error in multiple inputs?

How to write a query to use regex on the basis of if statement?

How to optimize search query with join?

How to compare difference in a field from two different events?

Why does subsearch always have zero results?

Is there a way to input .csv lookups in a tstats Heartbeat query?

How to use field value from outer query in inputlookup?

How to parse JSON like-data with extracted server name as a column?

How to change background color based on string values in new Dashboard Studio?

Can anyone confirm possible bug when using mvzip with xpath extracted fields?

How to use mvfilter Function to search two field values?

How to extract multivalue data to dynamic fields?

How to create a dropdown filter with strings from a csv file?

How to match append result?

How to create custom results?

Proofpoint sending logs with missing information, there anything that I can change or edit?

How to correlate across two lists in a stats

How to arrange events into groups and count number of events in each group?

Why are search results different when running a search in the Search app versus a dashboard panel?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions