Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Idle log

i need script in SPL to show when there is an idle forwarder or if a forwarder isn't forwarding

by Explorer in

How to get a comma separated List

Hello all, I am hoping for help creating a comma separated list. I have tried multiple different things and all ha...

by Explorer in

DB connect issue

Hi Team, I have created connection for oracle DB in db connect app. When i am trying to run the sql query in DB con...

by Explorer in

HTTP Event Collector multi-line merge for a container

Using splunk 8.0.2.1 I have a container (spring boot that uses tomcat underneath) that I'm running that I'm attempt...

by Observer in

Plot step function to display state change of machines based on timestamp?

We have a list of machines in our system with their state change as On or Off along with timestamp. 2017-07-11 12...

by Explorer in

Count values in array of objects based on other attributes in that object

I have an array of objects containing field componentType with value "Software" or "Licenses". In the same object t...

by Observer in

Extracting values from multivalued field and merging

For example : these are some part of my logs: sender= xyz(receiver=a, receiver =b) sender= abc(receiver=a,rece...

by Engager in

How to use join on fields with wildcards (hyphen "-", ampersand " &" doesn't work)

For one of our project , we are running the join on fields that contain hyphen or ampersand and it doesn't work. Let'...

by Builder in

Separate values from multi valued field

I have to write query for extracting out the values from multi valued field example field: Region=America, Afric...

by Engager in

splunk subsearch query help

Hi, I have a main query which returns below 4 columns: rule, result, name, department Now i have to add another...

by Communicator in

How to get duration between a start and stop event and trigger an alert if duration is greater than 1 week?

Here the logs I have 04/24/2017 02:42:08 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager E...

by Path Finder in

how can we limit the tstats record

I am using tstats command from a while, right now we want to make tstats command to limit record as we are using in k...

by Path Finder in

Monitoring disk space

Hi, I'm using the following search to monitor disk space. I have 2 partitions, drive D and E. I am only returning ...

by Engager in

Why do I have to use eval for this search?

Hi everyone, Why does this search return nothing | stats count(status=200) AS Success W...

by Explorer in

DBSCAN Cluster Visualization Interpretation, Machine Learning Toolkit

Hi! I used the "Cluster Behavior by App Usage" example in the Clustering Numeric Fields workflow within the Splunk...

by Engager in

searching the records of the table with empty field

Hi I have an interactive dashboard with form inputs, i have set default value as * for all the form inputs, depends o...

by Path Finder in

SPL For-Loop

Hi allI am using following SPL to loop through HTTP Request data in order to extract fields and values and I have 2 i...

by Explorer in

Transpose lines to Column

{ "DbMaintenanceDailyRoutineSummary": { "success": [ { "server-002": [ { "vacuum"...

by Path Finder in

Finding matches between 3 different indexes.

I have the following case: I have 3 different indexes (A, B and C). My goal is to find what percentage of the devices...

by Explorer in

How do you completely remove Saturdays and Sundays from displaying on a timechart?

Hello, was looking at this topic : https://answers.splunk.com/answers/112838/how-can-you-restrict-a-timechart-to-...

by Path Finder in

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Splunk Search

Discussions

Idle log

How to get a comma separated List

DB connect issue

HTTP Event Collector multi-line merge for a container

Plot step function to display state change of machines based on timestamp?

Count values in array of objects based on other attributes in that object

Extracting values from multivalued field and merging

How to use join on fields with wildcards (hyphen "-", ampersand " &" doesn't work)

Separate values from multi valued field

splunk subsearch query help

How to get duration between a start and stop event and trigger an alert if duration is greater than 1 week?

how can we limit the tstats record

Monitoring disk space

Why do I have to use eval for this search?

DBSCAN Cluster Visualization Interpretation, Machine Learning Toolkit

searching the records of the table with empty field

SPL For-Loop

Transpose lines to Column

Finding matches between 3 different indexes.

How do you completely remove Saturdays and Sundays from displaying on a timechart?

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Lookup table help

How to set span for 1day and 2 hours?

Event Spliting

DBSCAN Cluster Visualization Interpretation, Machi...

Retain special characters at the end of field valu...