Splunk Search

Ask a Question

Discussions

Thread Info

How to extract job Id values from raw text in events and add the job id into a separate field?

Hi User, Thanks for the reply. Below is the raw text that has been received on splunk user interface. {"...

by Loves-to-Learn Everything in

Add automatic lookup for kvstore?

I have kvstore which generate the data by API. when I use | lookup mylookup id output data - its working I wa...

by Explorer in

Combining results in metric index?

I have a metric index with a hierarchical structure (maybe all metric indexes are like this). SuperCategory.Category...

by Path Finder in

How to convert a timestamp from one format to a different one?

convert 2023-03-15T17:25:18.832-0400 to YYYY-MM-DD HH:MM:SS.Millisec . 2023-03-15T17:25:18.832-0400 --------------...

by Explorer in

Average of current time window over last week?

Still working on this. I want to create a single pane dashboard panel with trend indicator. This value is going to d...

by Path Finder in

Chart average event occurrence per hour of the day for the last 30 day

I'm trying to get the chart that shows per hour of the day, the average amount of a specific event that occurs per ho...

by Path Finder in

Difference between chart command with specified aggregated fields and without?

I have two different queries that return the absolute same result: value | chart count(status) by r...

by Engager in

How to join with search from 2 sources?

Hi, I am trying to figure out how to use join to table the results from 2 searches. sourcetype=AAD_MSGraph_User...

by Explorer in

How to generate a output bases on a common value from two different events?

we have two separate events which have a common field x-provider-api-correlation-id .In 1st event it is coming as par...

by Explorer in

What stats/eval to use to find results of email recipients who clicked a link?

Hello, I'm building a report to list all phishing and malware threat detections by sender, classification, and thr...

by Explorer in

How to resolve error "This XML file does not appear to have any style information associated with it."

Getting the error "This XML file does not appear to have any style information associated with it." while trying to e...

by Communicator in

How to split data in a single cell?

I have the following data in a Cell that reads 1.01.01 Example App AL11111 Is there a way I can split the data...

by Explorer in

Suggestions needed! How to combine data from different sensors

I'm new to Splunk so I apologize if this is very obvious, but I haven't seen anything that seems like it fits my need...

by Engager in

Why does mvappend fail in my alert?

I've been trying to write an alert that notifies our SOC when someone tries to obfuscate their command with base64 en...

by Builder in

How to find events for only host names listed in my lookup file?

I have a lookup file of HostNames HostNameHost1Host2Host3Host4Host5 I would like to create a search to inc...

by Explorer in

How to extract job Id values from raw text in events and add the job id into a separate field?

The above snippet consists of the raw data in the events in our splunk environment. Need Help in extracting the jo...

by Loves-to-Learn Everything in

How to get percentage of 200 responses?

I have current search index="intau_workfusion" host=* sourcetype="services_status.out.log" service="HTTP/1.1" status=...

by Contributor in

Why is it showing more data after dc count with the right order?

Hi! im working on an alert for access from different countries for certain users in a short time period. The alert an...

by Path Finder in

Why are tstats search not filtering out local IP ranges?

Hi, I am using tstats to search the Network Datamodel for outbound SMB traffic (port 445) to external IP address r...

by Explorer in

How to properly use inputlookup csv file to perform extended searches?

Hello, I am stuck on a query and need someone's help please. The goal of the query is to perform a lookup on column ...

by Explorer in

How to pass time token to the custom field based on search

Hi, I have onboarded data via DBConnect through Rising Column for which we have configured the Risinig Column valu...

by Loves-to-Learn Lots in

Summary Index from | collect ... addtime=f : When searched _time is not equal to time from _raw and date_* fields

I created a summary index with a custom _raw from a tstats search from 03/14/2023 16:30:00 to 03/14/2023 16:35:00:| t...

by Loves-to-Learn Lots in

Average event count using only business days (M-F)?

I have a specific event that I'm looking to do an average count for the past 5 business days. Right now, I'm able ...

by Explorer in

Splunk Search Language - Is there another command for Looping besides Map?

Is there any command in Splunk for Looping other than Map command ? Requirement is described as below: ...

by Path Finder in

Help with a qlick view search?

Hello Splunkers!! I have qlick view search. And I want to use same kind of search in Splunk. Please help me how ca...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract job Id values from raw text in events and add the job id into a separate field?

Add automatic lookup for kvstore?

Combining results in metric index?

How to convert a timestamp from one format to a different one?

Average of current time window over last week?

Chart average event occurrence per hour of the day for the last 30 day

Difference between chart command with specified aggregated fields and without?

How to join with search from 2 sources?

How to generate a output bases on a common value from two different events?

What stats/eval to use to find results of email recipients who clicked a link?

How to resolve error "This XML file does not appear to have any style information associated with it."

How to split data in a single cell?

Suggestions needed! How to combine data from different sensors

Why does mvappend fail in my alert?

How to find events for only host names listed in my lookup file?

How to extract job Id values from raw text in events and add the job id into a separate field?

How to get percentage of 200 responses?

Why is it showing more data after dc count with the right order?

Why are tstats search not filtering out local IP ranges?

How to properly use inputlookup csv file to perform extended searches?

How to pass time token to the custom field based on search

Summary Index from | collect ... addtime=f : When searched _time is not equal to time from _raw and date_* fields

Average event count using only business days (M-F)?

Splunk Search Language - Is there another command for Looping besides Map?

Help with a qlick view search?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions