Splunk Search

Discussions

Thread Info

Is it possible to find the storage (logs) used by application/services in a particular index for particular time range?

Is it possible to find the storage (logs) used by application/services in a particular index for particular time rang...

by Engager in

How to have multiple conditions for each searchmatch case?

Hello, I am currently trying to figure out how to combine the below three searches with different conditions into ...

by Observer in

Looking for matching events with "where" and calculating them

I'm creating a query where I want to get an id from a log in one side (first search) andin the second search I just w...

by Observer in

How to get count of successful events after failure?

Hi, I have a use case where in i want to find out how many download api failed for a given document and how many o...

by Engager in

How to manually save a saved search which contains backslashes \ in the query to savedsearches.conf?

I have a splunk query as below which contains a lot of backslashes index="ABC" os="Win" FileName="*\\Programs\...

by Builder in

What time should be when searching old logs?

I am using Splunk searching old log files and the _time is different from log time, would this make sense or do I hav...

by Explorer in

Is there a way in Splunk to determine how a user arrived at a destination IP?

Is there a way in Splunk to determine how a user arrived at a destination IP? Did they click a link from a certain we...

by Engager in

How to extract 2 fields in same "rex"?

Hi, I have a search where I am attempting to extracting 2 different fields from one string response using "rex": ...

by Explorer in

How to find duplicate field name within event?

My splunk entry is firstName="Tom" lastName="Jerry" middleName="TJ" dob="1/1/2023" dept="mice" status="202" dept="...

by Engager in

How to see the forwarder management list of clients search?

On Splunk 9.0.0 on windows on one of our dedicated Deployment servers when we go to Settings \ Forwarder Management i...

by Contributor in

Splunk bug: string replace function fails if the string to be replaced starts with "+" character

replace() function produce an empty string if the string to be replaced starts with a "+" character. this search wi...

by Communicator in

How to create a correlation search based on data provided by SANS Threat Intelligence?

Hello, I would like to request guidance on how to create a correlation search based on data provided by SANS ...

by Explorer in

How do I compare for todays and yesterdays stats/ report?

How do i compare for todays let say 9a-10a with yesterdays 9a-10a stats side by side? Is it possible on 1 qeury?index...

by Communicator in

Is there a way to use a span that is equal to the time range picker?

source=PR1 sourcetype="sap:abap" EVENT_TYPE=STAD EVENT_SUBTYPE=MAIN TCODE="ZORF_BOX_CLOSING" SYUCOMM="SICH_T" ACCOUNT...

by Loves-to-Learn in

How to monitor three users?

Hi My system is Linux. Am trying to monitor 3 users in an index. The last time they login, IP address etc. Ther...

by Path Finder in

How to extract badly formatted JSON?

Hi I'm trying to extract some json values into tables for a dashboard. The log line that i'm using is something li...

by Engager in

How to write rex to remove?

Hi, I have the bellow event: {"log":"2023-02-16t14:14:25.827471424z stderr F I0216 14:14:25.827359 ...

by Communicator in

How to achieve field with a value containing commas?

Unfortunately I have no control over the log data formatting... it is in format: Field1=Value1|Field2=Value2| ......

by Engager in

How to timechart the time differences between (ITNM) events / phases?

I have the following data that I'm trying to timechart the differences between: 2023-02-16T16:14:04: Data Processi...

by Explorer in

How to merge two counts into one search

Hello Splunkers, I have the following raw data 2023-02-15T12:43:06.774603-08:00 abc OpenSM[727419]: osm_spst_...

by Communicator in

How to to dynamically change earliest & latest in subsearch to fill summary data gaps with live data?

Hi all,I'm working on a dashboard in which I populate a panel with summary data. The summary data runs once per hour ...

by Path Finder in

How to get a count difference when I add index=* to tstats?

I'm logged into my system as an admin, so I have access to all the indexes. I've also verified this by looking at the...

by Builder in

How to create a search using data from csv and grabbing the latest timestamps for multiple queries?

I've a couple of queries - index="main"app="student-api" "tags.studentId"=3B70E5 message="Id and pwd entered correctl...

by Engager in

How to fix being unable to print few fields from Dynatrace usersession resultset?

Following query is printing 'pp_user_action_name','Total_Calls','Avg_User_Action_Response' not getting 'pp_user_actio...

by Explorer in

How to increase transaction command output limit and always fetch latest transactions?

Hi Team, I have events being pushed to HTTP event collector 24/7. In my dashboard I query and format the events usi...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to find the storage (logs) used by application/services in a particular index for particular time range?

How to have multiple conditions for each searchmatch case?

Looking for matching events with "where" and calculating them

How to get count of successful events after failure?

How to manually save a saved search which contains backslashes \ in the query to savedsearches.conf?

What time should be when searching old logs?

Is there a way in Splunk to determine how a user arrived at a destination IP?

How to extract 2 fields in same "rex"?

How to find duplicate field name within event?

How to see the forwarder management list of clients search?

Splunk bug: string replace function fails if the string to be replaced starts with "+" character

How to create a correlation search based on data provided by SANS Threat Intelligence?

How do I compare for todays and yesterdays stats/ report?

Is there a way to use a span that is equal to the time range picker?

How to monitor three users?

How to extract badly formatted JSON?

How to write rex to remove?

How to achieve field with a value containing commas?

How to timechart the time differences between (ITNM) events / phases?

How to merge two counts into one search

How to to dynamically change earliest & latest in subsearch to fill summary data gaps with live data?

How to get a count difference when I add index=* to tstats?

How to create a search using data from csv and grabbing the latest timestamps for multiple queries?

How to fix being unable to print few fields from Dynatrace usersession resultset?

How to increase transaction command output limit and always fetch latest transactions?

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions