Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Advice - Splunk as a career

Hi all, I'm looking for feedback on reentering the technology field by learning Splunk and getting certified. I h...

by New Member in

splunk delims

I am getting my result table from my json log as shown below But i want result of my line number 10 should b...

by Engager in

Splunk query

Username status User1 login User2 login User3 login User1 logout User1 login ...

by Path Finder in

Error in 'eval' type check failed

I have a json data from file generated from the okla speedtest -f json command. I have tried to cast it or eval in di...

by Path Finder in

Predict command not working with eval count.

I have the following query that I am working to establish a prediction for. I am able to be the volume to predict but...

by Explorer in

I want to provide read permission only one app not to all apps to a particular role

I want to provide read permission for only one app not all apps to a particular role and in my environment under apps...

by Communicator in

Add a link to another dashboard in the NEW dashboard Studio that has teh same time period of the master dashboard

Hello Everyone I hope you are having a great day, This new dashboaard studio feature is GREAT 10/10 but I'm having ...

by Communicator in

Choropleth world map on.click drilldown to set token in dashboard studio missing

I'm trying to set a new dashboard token on click of a country in a choropleth that would populate with the iso2 value...

by Contributor in

Sumo Transaction States to Splunk Query

Good Day, I am trying to come up with ideas to translate a Sumo Trasactional search with (States) Conditions to a Spl...

by Path Finder in

Unable to parse macro name from map command

I have a lookup table with a field that contains a macro name. the rows returned from the lookup table dictate which ...

by Communicator in

Splunk query

I have One primary index which contains 30 days logs, but i want from one year for this purpose i created One more sp...

by Path Finder in

Extract erros from logs

Hi, I'm new to Splunk and I would like to get top errors on a table, but the external API returns a stack tracing m...

by Explorer in

rex on rex101 works fine...Splunk returns a blank

I have a rex built that when plugged into rex101 works fine, but when applied via a Splunk query, returns a blank res...

by Explorer in

How to remove everything after a specific character and any digit

I want remove everything after "-" and any digit for example -1,-2,-3...-9,-0 I'm using rex function but not getti...

by Engager in

How to make rest search on one search head able to get results from other search heads?

If you have a dashboard that has a panel with a search like the one below: | rest splunk_server=* /services/-/-/ad...

by Path Finder in

different format field extraction using rex

Hello @msu Please help me out here. I was trying to extract a field "faultDescription". but the logs have di...

by Path Finder in

search using terms from lookup in an (mv) string field.

I have an mvfield of type string in my results. I want to search and match all values of this field for words tha...

by Path Finder in

filter search results based on subsearch with regex

Hi dear community!I'm trying to build the dashboard using records in two states STATE1 and STATE2. I'm logging state ...

by Engager in

combine two result on a timechart for compare them

Hi I have two result like this REQ Name count Node1.Node2 100 Node3.Node4 ...

by Motivator in

compare record from yesterday to today if field equals

Say I have a batch job that pushes JSON records that look like this on Monday: { Department: Engineering Employee...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Advice - Splunk as a career

splunk delims

Splunk query

Error in 'eval' type check failed

Predict command not working with eval count.

I want to provide read permission only one app not to all apps to a particular role

Add a link to another dashboard in the NEW dashboard Studio that has teh same time period of the master dashboard

Choropleth world map on.click drilldown to set token in dashboard studio missing

Sumo Transaction States to Splunk Query

Unable to parse macro name from map command

Splunk query

Extract erros from logs

rex on rex101 works fine...Splunk returns a blank

How to remove everything after a specific character and any digit

How to make rest search on one search head able to get results from other search heads?

different format field extraction using rex

search using terms from lookup in an (mv) string field.

filter search results based on subsearch with regex

combine two result on a timechart for compare them

compare record from yesterday to today if field equals

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

New install- why doesn't search work?

How to achieve search to match the fields with cur...

How to join two table with aggrouped date value?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...