Splunk Search

Ask a Question

Discussions

Thread Info

How to lookup two files with same column name and display only the difference?

This is my first question here! And I just started my journey with Splunk. I have two files test1.csv and test2.csv...

by Explorer in

How to search for newly established connection between members of the Splunk infrastructure?

Hello again community Today I received notice that on every Friday morning at a particular time there are a lot of...

by Builder in

Join a lookup to events in an index where the date is one day prior?

I have an index that snapshots an inventory system every day. The inventory is a list of all active circuits. There...

by Explorer in

How to use OR operator between subsearch and fields?

Hey Splunkers, I have the following search but it is not working as expected. What I am trying to achieve is ...

by Explorer in

Stats count as a percentage as the total?

I have a search which I am using stats to generate a data grid. Something to the affect of Choice1 10 Choice2 50 C...

by Path Finder in

Help with rex- Unbalanced quotes when there are \ and " in string

Hey community, Can someone help me out with a rex related question! Many many thanks! I am trying to rex the V1...

by Loves-to-Learn Everything in

Why does transaction command seems to be encoding characters?

Hello all, This is my first post here. I have been learning Splunk over the past few months and I am loving it. ...

by Explorer in

Why can't I see preliminary search results when using associate command?

In my SPL I use the associate command. However, I've noticed that when I use the command, any previous preliminary s...

by Engager in

How to produce a csv based on a complex business logic?

We have a Splunk UI that allows the users to export a certain set of the rows from a lookup. The caveat is that each ...

by Motivator in

How to extract key/value with dynamic key name?

I found this, but I am unable to replicate it. I am not understanding where I am messing up here. Problem: I...

by Path Finder in

How to extract 2 values from different events based on another 2 common fields?

Hello,I'm new here, tried to find the answer for my problem by failed. I'm looking for a method to extract values fro...

by Engager in

How to add severity to fetched errors messages?

Hi All, I am trying to add severity column to output of first command, could you please let me know how to do it. ...

by Engager in

How to search to track the OS migration on the host?

Hi folks, I need your support to build a search query to track the migration activity. We have a requirement to tr...

by New Member in

Event mismatch to different forwarding servers?

We re-routed data from Splunk SaaS cloud to On-perm but we see event mismatch between these two instances, if I route...

by Explorer in

How do I find the time difference for each change in the location of the city?

I have a query like this: | dbxquery connection=xxxxx query="select xxx FROM xxx WHERE xxx and to_char(LOG_DATE_TI...

by Explorer in

Help with stats building a wrong result on my table

Hello,I have a lots of records, some one has account_id field filled.. others has org_id field filled, and some ones ...

by Engager in

How to rename column and row labels after using transpose?

Hi All, I am having no luck renaming "column" and "row1, row2,..." successfully to "fields" and "event 1, event 2, ev...

by Contributor in

How can I customize color for cell value based on condition?

Hi All,Currently we have a table like below , Target values are fixed for each row but Columns will added dynamically...

by SplunkTrust in

Does a Heavy Forwarder have a limit for thruput ?

Hello Splunkers,Everything is in the title, I've read the limits.conf documentation, [thruput] maxKBps = <integer> ...

by Contributor in

Splunk Alert for Response Time- How to add the time condition value?

Hi Team, I want a splunk search query for alert creation. My requirement is service Response time is > 3 seconds and ...

by Loves-to-Learn Everything in

Create Alert if condition is met?

Hi , I have a scenario where the files needs to be transferred for both inbound and outbound at 2 am daily. I...

by Loves-to-Learn Lots in

Help with a simple search: How do I count how many days match a certain criteria? (example below)

I have this search which builds a table my_search | timechart span=1d sum(eval(b/1024/1024/1024)) AS volume_b it ...

by Path Finder in

Need help with a search where I am using streamstats and timechart?

I am trying to create a search where if there is a change of 30 percent within 5 mins of a few field values, I would ...

by Communicator in

How to get the count over exceptions for the past 3 days individually?

Exceptions Day1 Day2 Day3 Abc 5 4 3 Start 3 4 4 xyz ...

by Path Finder in

What is the difference between eventtype and macro?

Hi Even if i have read some documentations, i have difficulty to understand the difference between macro and event...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to lookup two files with same column name and display only the difference?

How to search for newly established connection between members of the Splunk infrastructure?

Join a lookup to events in an index where the date is one day prior?

How to use OR operator between subsearch and fields?

Stats count as a percentage as the total?

Help with rex- Unbalanced quotes when there are \ and " in string

Why does transaction command seems to be encoding characters?

Why can't I see preliminary search results when using associate command?

How to produce a csv based on a complex business logic?

How to extract key/value with dynamic key name?

How to extract 2 values from different events based on another 2 common fields?

How to add severity to fetched errors messages?

How to search to track the OS migration on the host?

Event mismatch to different forwarding servers?

How do I find the time difference for each change in the location of the city?

Help with stats building a wrong result on my table

How to rename column and row labels after using transpose?

How can I customize color for cell value based on condition?

Does a Heavy Forwarder have a limit for thruput ?

Splunk Alert for Response Time- How to add the time condition value?

Create Alert if condition is met?

Help with a simple search: How do I count how many days match a certain criteria? (example below)

Need help with a search where I am using streamstats and timechart?

How to get the count over exceptions for the past 3 days individually?

What is the difference between eventtype and macro?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!