Splunk Search

Discussions

Thread Info

How to remove json key value pairs from events log data

Splunk search events returns json format log data. I want to remove a particular key:value pair since the value of th...

by Observer in

How to rename search results obtained in stats?

I have the following query created: index=my_idx source=mySource | stats count by sourceTopic ...

by Path Finder in

Need a dropdown and when i select one option only that related panels should display rest all panels should not display?

Need a dropdown and when i select one option only that related panels should display rest all panels should not displ...

by Path Finder in

How to convert multiple date formats in same field?

I have some data coming in with multiple date formats in the same field, and I'm having trouble reporting on these da...

by Communicator in

How to regex a log error?

So I have an issue that I cant quite figure out the proper syntax for. Im parsing logs for an ERROR message. Using Se...

by Communicator in

Can anyone help with this error: Error in 'rex' command?

Hello, One of these works, One does not 1.] index="conmon" earliest>="01/01/2022:00:00:000" source="AwesomeClou...

by Explorer in

How to get time difference between the current event and another event of the same host

Hello Splunkers , I am trying to find the up time of hosts by calculating the difference between the latest event f...

by Communicator in

How to do a RCA on "The maximum number of concurrent running jobs ... on this cluster has been reached"?

Hi, When I inherited this deployment, there were a lot of skipped searches. The 3 node SHC was under resourced, b...

by Communicator in

How to combine values?

Hello I have a question because I'm in trouble. `EasyVistaGeneric` "Statut" = "En service" AND ("Identifi...

by Path Finder in

How to add more data about emails to search

index=mail | lookup email_domain_whitelist domain AS RecipientDomain output ...

by Engager in

Why am I receiving wrong number of events when running multiple lookups?

Hello. I'm having some problem and I can't for the life of me figure out what goes wrong. I am running a search like ...

by Explorer in

How to wrap results in Dashboard Studio?

Where do I set columns to wrap text? The old dashboards had a wrap results field.

by Explorer in

Help with alert search with join or append?

index=cat NamePlaceID jackdelhi1 jillmelbourne2 index=dog Countrynumber Australia2 India...

by Builder in

How to get the search report of a value?

In the log there are events like - {"submitterType":"Others","SubID":"App_4-45887-02232023"} {"submitterType":"...

by Path Finder in

How to achieve search to match the fields with current date?

Hi, Need a search query to find the either if first_find and last_find values matches with the current date shoul...

by Builder in

Indexers Cluster and Smartstore S3 buckets configuration

When one configures the indexer cluster for SmartStore, does each indexer get its own S3 bucket? Or is there just on...

by Communicator in

Can you search S3 buckets from the search head that were written from ingestion actions?

Using ingestion actions, one can write a copy of events to an S3 bucket prior to indexing. Can one search these S3 b...

by Communicator in

How to find host diff from two searches in the same index?

I ' ve been trying to solve this problem for days now with no success. Maybe I can find ultimate salvation he...

by Loves-to-Learn Everything in

How to filter Azure privileged identity management logs in Splunk?

Hi Team, We are trying to build a dashboard for the Azure PIM logs in splunk to visualize who all are elevating th...

by New Member in

How to use AND condition?

index=* "ORC from FCS completed" namespace="dk1371-b"index=* "ORC from ROUTER completed" namespace="dk1692-b"index=* ...

by Explorer in

How to parse data from JSON?

Hello, Help me please. I have a REST API datasource get data ( JSON ) in main index something like this: ["user...

by Explorer in

Dashboard Visual Entry Points

Is there a way in splunk that i can have a indicator or symbol that shows the different entry points something like a...

by Path Finder in

How to chart a line visual?

So I currently have a stats sum donuts for the last 90 days and i am getting the following results like below sum(...

by Path Finder in

How to get sum of GC time spend in last 4 hours?

Hi Splunkers, I have a GC log like below: [716920.165s][info][gc] GC(27612) Concurrent reset 24.0...

by Path Finder in

How to search with result string with "../"?

Try this request on Splunk : | makeresults | eval redir="../../app" My request is au...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to remove json key value pairs from events log data

How to rename search results obtained in stats?

Need a dropdown and when i select one option only that related panels should display rest all panels should not display?

How to convert multiple date formats in same field?

How to regex a log error?

Can anyone help with this error: Error in 'rex' command?

How to get time difference between the current event and another event of the same host

How to do a RCA on "The maximum number of concurrent running jobs ... on this cluster has been reached"?

How to combine values?

How to add more data about emails to search

Why am I receiving wrong number of events when running multiple lookups?

How to wrap results in Dashboard Studio?

Help with alert search with join or append?

How to get the search report of a value?

How to achieve search to match the fields with current date?

Indexers Cluster and Smartstore S3 buckets configuration

Can you search S3 buckets from the search head that were written from ingestion actions?

How to find host diff from two searches in the same index?

How to filter Azure privileged identity management logs in Splunk?

How to use AND condition?

How to parse data from JSON?

Dashboard Visual Entry Points

How to chart a line visual?

How to get sum of GC time spend in last 4 hours?

How to search with result string with "../"?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions