Splunk Search

Discussions

Thread Info

How to create a single table with results from two different queries

Hi everyone.I'm sorry if this seems like a questions that's already been asked, but none of the answers I could find ...

by Path Finder in

Splunk Visualization displaying the same color for both columns

I am using the following query to display a result on a dashboard (query with sample data which resembles the data I ...

by Engager in

Saved Searches

Hello all,Actually i have been using rest command | rest /servicesNS/-/MYAPP/saved/searches | table titleto call m...

by Explorer in

How to create a field on the fly using CASE

I have the following values that will go in a field titled StatusMsg: "Task threw an uncaught and unrecoverable exc...

by Communicator in

Could not determine $SPLUNK_HOME, perhaps it should be set in environment.

I keep getting the message Couldn't determine $SPLUNK_HOME, perhaps it should be set in environment when I tr...

by Splunk Employee in

Using regex to extract data

I am looking to extract this section of an event and have it as a field that I am able to manipulate with. I am unfam...

by Path Finder in

Using the map command with a subsearch not working

Hello all, new poster here. I have a csv file with a column full of Splunk queries. I am trying to enrich my Splunk i...

by Observer in

REGEX problem

Please help me in extracting only compression values from this raw event - "response_time_last_byte":5,"compressio...

by Communicator in

Search For max value in Stats within Multiple Search outputs

Hello, I have this search query index=app iNumber IN (72061271737983, 72061271737983, 72061274477906...

by Engager in

JSON extraction needed

Hi. I have below raw event/s.Highlighted Syntax:{ [-] body: {"isolation": "isolation","device_classification": "Net...

by Builder in

Remove specific string from event at index time

I am trying to remove specific strings and their values from Splunk events at index time as they are not needed in th...

by New Member in

Not seeing anything returned when using Sum with an eval IF statement

Hello, Thanks in advance for any help and Karma will be on the way :). So I'm trying to create a Table that uses ...

by Path Finder in

Get first value of a field after filtering its row out

Hi everyone.I'm really new to Splunk, so I'm confused with what seems to be a simple problem. I'm using "where row_nu...

by Path Finder in

How to "chain" filters and count and optimize query

Hi everyoneI just started working with Splunk and I have a query in which one of the steps is to count the number of ...

by Path Finder in

How to show only events that are not Closed

Hello, I really appreciate any help on this one, I can't figure it out. I am using the following to show only the ...

by Path Finder in

How can I graph the string/human-readable value of duration?

I am able to graph the duration calculation while it is in seconds, but I want to display the human-readable string v...

by Splunk Employee in

Alert is triggered while condition "if number of events is greater than 0" not met

I made a savedsearch with a simple search in it. As a condition I selected "if number of events" "is greater ...

by Contributor in

Match a column from a main query with a column in a subquery

Hi Experts, The file ACF2DS_Data.csv contains columns including TIMESTAMP, DS_NAME, and JOBNAME. I need to match ...

by Engager in

Filter MV field for specified value

I've been smashing my head against this issue for the past few hours. I need to check a multivalue field to see if it...

by Path Finder in

Can not search by sourcetype while events are there

Hello Team, 9.4.0, thsooting prod, replicated the issue in staging, i have 1 indexer only. Performing all searches ...

by Path Finder in

LDAP Search with REGEX to table out members of specific groups

Trying to build a search that will leverage ldapsearch to pull a current list of users that are members of a specific...

by Loves-to-Learn in

Apply the same query to multiple days given day interval

Hi everyone.I have a query that calculates a number of metrics, such as average, max value, etc, for a specific date,...

by Path Finder in

How to filter out first instance of a query

Hi everyone.I'm doing a query in which I sort it by time according to a variable and then calculate some metrics over...

by Path Finder in

Splunk lookup failing, even on itself

Running a lookup where I have verified the fields exist and match and its not returning an output field. So, I verifi...

by Explorer in

Need help with SPL for windows logins

Hello, I have the below SPL where I am looking to fetch the user accounts that have not logged in for 30 days or mo...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a single table with results from two different queries

Splunk Visualization displaying the same color for both columns

Saved Searches

How to create a field on the fly using CASE

Could not determine $SPLUNK_HOME, perhaps it should be set in environment.

Using regex to extract data

Using the map command with a subsearch not working

REGEX problem

Search For max value in Stats within Multiple Search outputs

JSON extraction needed

Remove specific string from event at index time

Not seeing anything returned when using Sum with an eval IF statement

Get first value of a field after filtering its row out

How to "chain" filters and count and optimize query

How to show only events that are not Closed

How can I graph the string/human-readable value of duration?

Alert is triggered while condition "if number of events is greater than 0" not met

Match a column from a main query with a column in a subquery

Filter MV field for specified value

Can not search by sourcetype while events are there

LDAP Search with REGEX to table out members of specific groups

Apply the same query to multiple days given day interval

How to filter out first instance of a query

Splunk lookup failing, even on itself

Need help with SPL for windows logins

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions