Splunk Search

Discussions

Thread Info

In three related events, how do you avoid the one without a field value?

Hello, I have a tricky question. I'm trying to count tickets by providers we have. I am using the parent and su...

by Explorer in

How to improve efficiency of a Splunk search?

Hi All,One of my scheduled report is quite expensive.It runs everyday from Monday to Friday and results in 30 days wo...

by Explorer in

How to check the odd once out ( field < 1) field with 2 or more values?

how to check the odd once out ( field < 1) field with 2 or more values Ex field = true ...

by Explorer in

How to capture multiple lines in rex

HI all, I am trying to capture multiple lines between two strings in my log data. But so far have not been able to...

by Loves-to-Learn in

How to merge two Splunk queries ?

Hi All, I need help with Splunk Query for below scenario: Query 1:index =abc | table src, dest_name, severity,...

by Explorer in

Enterprise Search: Can we delete or clone correlation searches in the Content Management section?

Under the Content Management section, we only see the Enable and Disable options for the correlation searches. Is the...

by Motivator in

After installing license and restart , splunk is still reflecting the trial license of 500MB

Hello Experts, I have splink enterprise up with trial version installed. The license group was trail license grou...

by New Member in

How to write search with CASE and MATCH function?

Hi peeps, I need help to fine tune this query; index=network sourcetype=ping| eval pingsuccess=case(match(ping...

by Path Finder in

Why does search with subsearch fail if earliest and latest is used?

The following search does not produce any results: index=* earliest="04/19/2022:15:00:00" latest="04/19/2022:17:00...

by Path Finder in

How to build a correlation search for direct web traffic without proxy?

Hi Splunkers, I'm facing the following task: I have to build a correlation search that check users that go on a w...

by Path Finder in

How to write a Query to identify Splunk notable rule triggers with change in urgency?

Hello, I am trying write a query to identify if any Splunk notable rule triggers with change in Urgency (i.e...

by Engager in

Why does Splunk values() return swapped counts?

I want to use the values() function because I want to group by fields. If I just use count by I get the correct resul...

by Engager in

Why am I receiving this Error while using the |rest in the splunk rest API?

Hi Team, I am trying to run a search and get the searchId, I will use this searchId later to fetch the results. ...

by Path Finder in

Need Help with Splunk Query- Titles in chart

Hi, Can any one please help me with the query currently iam using " | rename * AS \|*\| " but i don't want \...

by Path Finder in

How to Color all my dynamic column to min max scale color?

I would like to perform coloring in mindmidmax based on each column value. However, the column is dynamic, it is quit...

by Loves-to-Learn Everything in

Using timechart to get count, why is returning null values as 0?

Already using a query with below to get total number: | timechart span=1d count What can I add to return, show ...

by Engager in

How to connect consumers and providers based on ID between logs and display their server names too?

I am hoping you could help me out with this query, as I am quite stuck. I want to be able to retrieve the name of t...

by Engager in

How to join the indexes to show the changed information and the status of the PIR?

I have 3 indexes that I need to join. One index is the changes that we have in created in our Service Management...

by Engager in

How to extract new field IP with regex?

This is a log example: 2022-04-19 11:33:41 Local1.Info 10.0.6.1 Apr 19 12:34:20 FireboxM470_HA2 801002AA8CC3A Fir...

by Engager in

How to extract a field from my raw data using rex?

Below is my raw logs. I want to extract "analystVerdict" & its corresponding result from raw logs. can someone ple...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

In three related events, how do you avoid the one without a field value?

How to improve efficiency of a Splunk search?

How to check the odd once out ( field < 1) field with 2 or more values?

How to capture multiple lines in rex

How to merge two Splunk queries ?

Enterprise Search: Can we delete or clone correlation searches in the Content Management section?

After installing license and restart , splunk is still reflecting the trial license of 500MB

How to write search with CASE and MATCH function?

Why does search with subsearch fail if earliest and latest is used?

How to build a correlation search for direct web traffic without proxy?

How to write a Query to identify Splunk notable rule triggers with change in urgency?

Why does Splunk values() return swapped counts?

Why am I receiving this Error while using the |rest in the splunk rest API?

Need Help with Splunk Query- Titles in chart

How to Color all my dynamic column to min max scale color?

Using timechart to get count, why is returning null values as 0?

How to connect consumers and providers based on ID between logs and display their server names too?

How to join the indexes to show the changed information and the status of the PIR?

How to extract new field IP with regex?

How to extract a field from my raw data using rex?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

How to union two time ranges

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?