Splunk Search

Ask a Question

Discussions

Thread Info

How to compare search results with lookup for duplicates?

I have a lookup which I want to compare search results against and find duplicate values. How do I ignore duplicate...

by Explorer in

Why is XML file not re-ingested?

Hi, I have a problem finding answers about the failure of a universal forwarder to re-ingest an XML file. 02-08...

by New Member in

Groups in stats command: How to get the sum of multiple fields by a field?

I am trying to create a query to get the sum of multiple fields by a field. index="*****"|stats sum(field_A)...

by Path Finder in

Ranking Data From Search Results into Deciles

I have a table of data with values like this: String NumericClient 1 99.9 Client 2 99.2 Clien...

by Explorer in

How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup

Hi,I have search which has S_host name values of different DB instances say MSSQL and Oracle in a single field.eg: S_...

by Path Finder in

How to filter out events to make a search out of it?

Hi,I want to create a search out of the below event, to raise an alert if the particular system having the label lost...

by Builder in

How to extract JSON arrays in Splunk?

Here is the query i have and need to extract the "sts:ExternalId" requestParameters: { [-]policyDocument: {"V...

by Engager in

How to chart job ending time - Time on Y Axis / Day on X Axis ?

If I am starting with this query: index=anIndex sourcetype=aSourcetype ( aJobName AND "COMPLETED OK" ) The job im...

by Contributor in

How to filter small table results by large table results?

I have two searches that will return orderNumbers 1.index=main "Failed insert" | table orderNumber//returns small ...

by Engager in

How to categorize a particular values and do a percentage of it?

Hello Splunkers, I have a field called state_sinfo which have values like (up,up*,up$,up^,continue,continue$,contin...

by Communicator in

How to search for Entries Between DateTime field value?

I am trying to find entries between a date-time range based on a field in the event 'Date'. It date-time value of the...

by Engager in

Charting completion time on daily basis

Hi, I'm trying to build a line graph that would show me the completion time of an event on a daily basis. The comp...

by Explorer in

Which type of host is talking to which type of host on which port

Hey everyone, I want to create a search that gives me the following information in a structured way: Which type of ...

by Engager in

Any ideas on Auditing Content Library?

I need to provide audit details on our ES Content Library. Using rest, I can identify searches that have been updated...

by Path Finder in

Is there a way to choose the smaller subnet that contains the src_ip?

Hi, I have a lookup definition that look like that: When I'm running this search with looking up in thi...

by Explorer in

How to write a rex to extract values in a field that are delimited by comma?

I want to write a rex to extract values in a field that are delimited by comma. index=group sourcetype="ext:us...

by Contributor in

How to filter out value based from another another column?

HiGreatly appreciate your help, would like to know if there is any way i could filter out a value based from another ...

by Explorer in

How can I apply split and regex TSV at the same time?

Hi,I have logs separated by a tab. I have defined FIELD_DELIMITER=tab, INDEXED_EXTRACTIONS=tsv FIELD_NAMES etc in pro...

by Explorer in

How to Extract Event Logs from SignalFX via API?

Hi, I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 | API Reference | Splun...

by Loves-to-Learn in

How to select only one event?

My query is this. index=log AND 1378 There are two event 20230112, 1378, error A/B/C, duratio...

by Explorer in

How to track impossible travel events for users who are logging in to applications using Duo 2fa?

Good afternoon, I'm looking for a way to track impossible travel events for users who are logging in to applicatio...

by New Member in

Is it possible to use map search twice?

Not sure if this is possible through Splunk query but what i am trying to do is basically retrieve field value from o...

by Path Finder in

Extract any character when dot is present?

Hi, I have different mails in my logs and I need to filter them in order to distinguish real users from technical ...

by Communicator in

How to create over lapping dashboard?

I am new to slunk, I have to create one dashboard and compare current day with same day of last week based on request...

by Loves-to-Learn Lots in

Why is dashboard report search unable to read from time picker?

Hi All, My Dashboard panel which calls a report search is showing "Search did not return any events." When i click on...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare search results with lookup for duplicates?

Why is XML file not re-ingested?

Groups in stats command: How to get the sum of multiple fields by a field?

Ranking Data From Search Results into Deciles

How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup

How to filter out events to make a search out of it?

How to extract JSON arrays in Splunk?

How to chart job ending time - Time on Y Axis / Day on X Axis ?

How to filter small table results by large table results?

How to categorize a particular values and do a percentage of it?

How to search for Entries Between DateTime field value?

Charting completion time on daily basis

Which type of host is talking to which type of host on which port

Any ideas on Auditing Content Library?

Is there a way to choose the smaller subnet that contains the src_ip?

How to write a rex to extract values in a field that are delimited by comma?

How to filter out value based from another another column?

How can I apply split and regex TSV at the same time?

How to Extract Event Logs from SignalFX via API?

How to select only one event?

How to track impossible travel events for users who are logging in to applications using Duo 2fa?

Is it possible to use map search twice?

Extract any character when dot is present?

How to create over lapping dashboard?

Why is dashboard report search unable to read from time picker?

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions