Splunk Search

Discussions

Thread Info

Is there a way to use a span that is equal to the time range picker?

source=PR1 sourcetype="sap:abap" EVENT_TYPE=STAD EVENT_SUBTYPE=MAIN TCODE="ZORF_BOX_CLOSING" SYUCOMM="SICH_T" ACCOUNT...

by Loves-to-Learn in

How to monitor three users?

Hi My system is Linux. Am trying to monitor 3 users in an index. The last time they login, IP address etc. Ther...

by Path Finder in

How to extract badly formatted JSON?

Hi I'm trying to extract some json values into tables for a dashboard. The log line that i'm using is something li...

by Engager in

How to write rex to remove?

Hi, I have the bellow event: {"log":"2023-02-16t14:14:25.827471424z stderr F I0216 14:14:25.827359 ...

by Communicator in

How to achieve field with a value containing commas?

Unfortunately I have no control over the log data formatting... it is in format: Field1=Value1|Field2=Value2| ......

by Engager in

How to timechart the time differences between (ITNM) events / phases?

I have the following data that I'm trying to timechart the differences between: 2023-02-16T16:14:04: Data Processi...

by Explorer in

How to merge two counts into one search

Hello Splunkers, I have the following raw data 2023-02-15T12:43:06.774603-08:00 abc OpenSM[727419]: osm_spst_...

by Communicator in

How to to dynamically change earliest & latest in subsearch to fill summary data gaps with live data?

Hi all,I'm working on a dashboard in which I populate a panel with summary data. The summary data runs once per hour ...

by Path Finder in

How to get a count difference when I add index=* to tstats?

I'm logged into my system as an admin, so I have access to all the indexes. I've also verified this by looking at the...

by Builder in

How to create a search using data from csv and grabbing the latest timestamps for multiple queries?

I've a couple of queries - index="main"app="student-api" "tags.studentId"=3B70E5 message="Id and pwd entered correctl...

by Engager in

How to fix being unable to print few fields from Dynatrace usersession resultset?

Following query is printing 'pp_user_action_name','Total_Calls','Avg_User_Action_Response' not getting 'pp_user_actio...

by Explorer in

How to increase transaction command output limit and always fetch latest transactions?

Hi Team, I have events being pushed to HTTP event collector 24/7. In my dashboard I query and format the events usi...

by Explorer in

How to fetch report from different timestamp(asynchoronus journey)from unique id?

Hello Everyone, I have a requirement where I have to generate a query. event 1 : <l:event dateTime="2023-02-10...

by New Member in

Why can't I compare if RESPTI is bigger than the UCL (since it does not want to load in the value)?

source=PR1 sourcetype="sap:abap" EVENT_TYPE=STAD EVENT_SUBTYPE=MAIN (TCODE="ZORF_BOX_CLOSING") SYUCOMM="SICH_T" ACCOU...

by Loves-to-Learn in

メインサーチのイベントの時間をサブサーチに渡したい

メインサーチのイベントの_timeをサブサーチに渡したいのですが、上手くいきません。何か方法はありますでしょうか。 index=event_data |eval earlytime=_time-60 latest...

by Engager in

How to create an interesting field "statusCode" and have it sorted by different statusCode values?

Hi, I am using a regex to search for a field "statusCode" which could have multiple values, i.e. "200", "400", "50...

by Explorer in

How to extend a dataset to add a column that represents a numerical column as text?

I have a dataset which has a column "Port" that contains (limited) numerical values. I want to make these values dis...

by Path Finder in

How to compare search results with lookup for duplicates?

I have a lookup which I want to compare search results against and find duplicate values. How do I ignore duplicate...

by Explorer in

Why is XML file not re-ingested?

Hi, I have a problem finding answers about the failure of a universal forwarder to re-ingest an XML file. 02-08...

by New Member in

Groups in stats command: How to get the sum of multiple fields by a field?

I am trying to create a query to get the sum of multiple fields by a field. index="*****"|stats sum(field_A)...

by Path Finder in

Ranking Data From Search Results into Deciles

I have a table of data with values like this: String NumericClient 1 99.9 Client 2 99.2 Clien...

by Explorer in

How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup

Hi,I have search which has S_host name values of different DB instances say MSSQL and Oracle in a single field.eg: S_...

by Path Finder in

How to filter out events to make a search out of it?

Hi,I want to create a search out of the below event, to raise an alert if the particular system having the label lost...

by Builder in

How to extract JSON arrays in Splunk?

Here is the query i have and need to extract the "sts:ExternalId" requestParameters: { [-]policyDocument: {"V...

by Engager in

How to chart job ending time - Time on Y Axis / Day on X Axis ?

If I am starting with this query: index=anIndex sourcetype=aSourcetype ( aJobName AND "COMPLETED OK" ) The job im...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to use a span that is equal to the time range picker?

How to monitor three users?

How to extract badly formatted JSON?

How to write rex to remove?

How to achieve field with a value containing commas?

How to timechart the time differences between (ITNM) events / phases?

How to merge two counts into one search

How to to dynamically change earliest & latest in subsearch to fill summary data gaps with live data?

How to get a count difference when I add index=* to tstats?

How to create a search using data from csv and grabbing the latest timestamps for multiple queries?

How to fix being unable to print few fields from Dynatrace usersession resultset?

How to increase transaction command output limit and always fetch latest transactions?

How to fetch report from different timestamp(asynchoronus journey)from unique id?

Why can't I compare if RESPTI is bigger than the UCL (since it does not want to load in the value)?

メインサーチのイベントの時間をサブサーチに渡したい

How to create an interesting field "statusCode" and have it sorted by different statusCode values?

How to extend a dataset to add a column that represents a numerical column as text?

How to compare search results with lookup for duplicates?

Why is XML file not re-ingested?

Groups in stats command: How to get the sum of multiple fields by a field?

Ranking Data From Search Results into Deciles

How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup

How to filter out events to make a search out of it?

How to extract JSON arrays in Splunk?

How to chart job ending time - Time on Y Axis / Day on X Axis ?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...