Splunk Search

Ask a Question

Discussions

Thread Info

How to run two searches based on timestamp?

I have a dashboard showing website user journey data by reading various elements from a log message. Now the struct...

by Engager in

What is an alternative to timechart when needing aggregation on 2 by clauses?

I am struggling to figure out how to get the Visualization that I want, if even possible.... Timechart works great...

by Path Finder in

How do I concatenate two fields into a string?

I have two fields, application and servletName. I'd like to have them as column names in a chart. I'm currently tryin...

by Explorer in

How to use stats dc and get last time of occurrence?

Hi! im trying to detect multiple user access from the same source (same mobile device). Im feeding splunk with logs f...

by Path Finder in

Need help on Dashboard related issue?

Above is the title of my dashboard, need to add the present date along with the title For the above o...

by Loves-to-Learn Everything in

How to form query for nested field (Json array) searching?

Hi I have a field(event_details) that contains a JSON array.Record 1:{"event_details":[{"product_id":"P002","price":1...

by Engager in

Has anyone ran into Eventtype "xxxxxxxxx" does not exist or is disabled. Search results only for a certain period?

Hi, My client has encountered the following issue below and I was just wondering if anyone has encountered somethi...

by Explorer in

Okta Data - Appending to lookup table question

I have 5 separate endpoints for our Okta environment that I'm pulling into Splunk. The data is all event driven so if...

by Engager in

How do I refine this search to use 'my_report_date' instead of _time?

Hi all - I'm attempting to write a query using earliest/latest based off a date field in the event, not _time. I've t...

by Communicator in

How to combine field values into singular value?

I feel like there's a simple solution to this that I just can't remember. I have a field named Domain that has 13 val...

by Communicator in

How can I combine multiple fields with a common name results in to single column?

How can I combine multiple fields results in to single column with common name for example Test1, Test2, Test3 and so...

by Communicator in

How do I force a timestamp to be recognized as UTC in a query for strptime?

I have a datasource that passes the time as a string like the following: "2018-08-07T17:38:16.352" This string is...

by Contributor in

Network Toolkit: How to ping hosts from a search

I have a search that gives me a column with hostnames host A B C I am trying to use the network toolkit applica...

by Explorer in

How to reverse a real-time query to it's original alert/report/dashboard?

Hi guys. I'm currently working to fix all "real-time" jobs running on my company and I came across one job that I ...

by Explorer in

Is it possible to get user details from the _configtracker index?

Hello I've been looking at the new _configtracker index and I would like to know how I could get the User details ...

by Engager in

How to create raw field?

Hello everyone, I have next one task: I want to collect (with collect command) information which I got after stats...

by Contributor in

How to change status of the above message to success status?

I have a message in my events like below "Main function executed successfully." I need to change status of the ...

by Loves-to-Learn Everything in

Why is data summary not displaying?

When I am click on my data summary, it is not displaying anything just showing Any suggestions?Thanks.

by Path Finder in

How to group by multiple fields?

Hi everyone, I'm kinda new to splunk. I have two indizes: Stores events (relevant fields: ho...

by Engager in

How to inner join with field subtraction on two fields part of different searches?

Hi, I am using inner join to form a table between 2 search, search is working fine but i want to subtract 2 fields...

by Explorer in

Why error in parsing pass4SymmKey under shclustering stanza?

While pushing the application from deployment server to search head1 it gives me this error after entering the below ...

by New Member in

Error in 'eval' command: unexpected character at 86400

Hi All, On the internal logs i see this eval command error - ERROR EvalCommand - Error in 'eval' command: The express...

by SplunkTrust in

Combine 2 or more strings based on a comman field

Hi I am tracking service requests and responses and trying to create a table that contains both requests and response...

by Explorer in

How to filter IIS Logs with 80 and 443?

Hi Team, We have a requirement to filter out the events from the IIS logs if the event contains ""GET / - 80 -" OR...

by Contributor in

Adding SLA compliance percentage

Hi All, Need some guidance for calculating SLA Achieved percentage column. This is how my results look like after ru...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to run two searches based on timestamp?

What is an alternative to timechart when needing aggregation on 2 by clauses?

How do I concatenate two fields into a string?

How to use stats dc and get last time of occurrence?

Need help on Dashboard related issue?

How to form query for nested field (Json array) searching?

Has anyone ran into Eventtype "xxxxxxxxx" does not exist or is disabled. Search results only for a certain period?

Okta Data - Appending to lookup table question

How do I refine this search to use 'my_report_date' instead of _time?

How to combine field values into singular value?

How can I combine multiple fields with a common name results in to single column?

How do I force a timestamp to be recognized as UTC in a query for strptime?

Network Toolkit: How to ping hosts from a search

How to reverse a real-time query to it's original alert/report/dashboard?

Is it possible to get user details from the _configtracker index?

How to create raw field?

How to change status of the above message to success status?

Why is data summary not displaying?

How to group by multiple fields?

How to inner join with field subtraction on two fields part of different searches?

Why error in parsing pass4SymmKey under shclustering stanza?

Error in 'eval' command: unexpected character at 86400

Combine 2 or more strings based on a comman field

How to filter IIS Logs with 80 and 443?

Adding SLA compliance percentage

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions