Splunk Search

Discussions

Thread Info

How to calculate the number of days from a create date to the current date?

index=servicenow assignment_group_name="security" status=* | stats count by number,status,group_name,cr...

by Explorer in

How to search count of multiple logs?

How can I write a query like following? index=my_app| eval userError="Error while fetching User"| eval addressError =...

by Explorer in

Matching fields from 3 different sources?

Hi all, Could some please help me with this query. I have 3 different sources from which i want to match the field...

by Explorer in

How can I search to filter?

hai All, i have events like below from how can i filter events if for ex: 6th character in C*E**M IS M want t...

by Path Finder in

Why are we getting different results from "count eval if" and "count eval"?

Seeing different results when performing similiar searches and not sure on the reason. base search is the same fo...

by Engager in

How to replace a specific character?

Hi, I have the below output : 1/16/2023 7:51:43 AM 1EE8 PACKET 000001D9C25E6180 UDP Rcv 10.8.64.132 646b Q [0001 ...

by Explorer in

Optimizing metrics based searches?

Hello, I have the following query in one of the panels in my dashboard. | mstats p95(prometh...

by Explorer in

How to imbed dbxquery in a splunk macro?

I have a significant number of dashboards that use dbxquery to pull data from a significant number of servers running...

by Observer in

Retrieve discarded values from the dedup command or other commands?

I want to use the dedup command and see which values it removes from a field. Is this possible?

by Splunk Employee in

remove all text before certain words in events

I have events like below -a3bcd: Info1234x:NullValue -a3bcd: Info1234x:NullValue -b3bcd: Info1234x:NullValue2 ...

by Loves-to-Learn in

How to extract the value from the field using rex sed cmd?

Hi, I looking for rex sed cmd to extract the value from the field.eg: input field1 = d:\AppDynamics\machineag...

by Engager in

How to match an ip address to cidr in lookup table?

Hey there Splunk hero's, Story/Background: So, there is this variable called "src_ip" in my correlation search....

by Explorer in

How to concatenate a string with a variable?

I want to run this search but i have to concatenate the string with a variable and it doesn't work | r...

by Path Finder in

How to search between two lines?

Hello All, I have following lines in the log file - Server8 runiyal 2023-01-12 09:48:41,880 INFO Plugi...

by Path Finder in

How to create a pie chart after applying math on column values extracted?

Hey people, my requirement is as such I have extracted these columns from my data using the query my ...

by Path Finder in

How to search user concurrent logins on unique hosts?

I'm hoping to get some help or direction. I have seen a few different forum posts where the search pulled how many co...

by Engager in

How to calculate days between 2 dates?

Hi, Not sure what the issue is. I got the solution from the other answers, but it's not working for me. I am gettin...

by Path Finder in

How to create an alert if index have no data in the last 24 hours?

I want to create alert to check on all indexes event count and alert the list of all indexes that have no events in t...

by Explorer in

How to create new field with values from a search that uses values of current field?

I have a search that outputs a table like below user | host | app---------------------------------...

by Path Finder in

Help with Regex extraction

2023-01-09T16:46:00.780076351Z app_name=default-java environment=e3 ns=one pod_container=default-java pod_name=defaul...

by Path Finder in

How to append the result of a search to values of a multivalued field?

I have a SPL search that returns a field with multiple values (names of lookups). I want to concat the lookup nam...

by Path Finder in

How to use fit command together with foreach?

I would like to fit an ARIMA model to my data with a search something like this: <base search>| timechart span=5m ...

by Observer in

Can I resolve this splunk dashboard index auto refresh / resync issue?

hi all, we are creating one dashboard having two tables , in that we have set different folder locations for moni...

by Explorer in

Using 'like' to find lookup fields which contain the current day of the week (%A)

Hey all, I'm attempting to compare a variable (we'll call it cDOW), which is set to (strftime(now(), "%A")), to a DO...

by Explorer in

How to organize search substrings into LookUp tables?

HelloI have a Splunk query that looks like following: index=something "*abc*" OR "*def*" OR "*hig*" ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate the number of days from a create date to the current date?

How to search count of multiple logs?

Matching fields from 3 different sources?

How can I search to filter?

Why are we getting different results from "count eval if" and "count eval"?

How to replace a specific character?

Optimizing metrics based searches?

How to imbed dbxquery in a splunk macro?

Retrieve discarded values from the dedup command or other commands?

remove all text before certain words in events

How to extract the value from the field using rex sed cmd?

How to match an ip address to cidr in lookup table?

How to concatenate a string with a variable?

How to search between two lines?

How to create a pie chart after applying math on column values extracted?

How to search user concurrent logins on unique hosts?

How to calculate days between 2 dates?

How to create an alert if index have no data in the last 24 hours?

How to create new field with values from a search that uses values of current field?

Help with Regex extraction

How to append the result of a search to values of a multivalued field?

How to use fit command together with foreach?

Can I resolve this splunk dashboard index auto refresh / resync issue?

Using 'like' to find lookup fields which contain the current day of the week (%A)

How to organize search substrings into LookUp tables?

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Fields with multiple values duplicating in managed...

how to add a new column to the existing lookup usi...

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Search

Are you a member of the Splunk Community?

Discussions