Splunk Search

Discussions

Thread Info

Internal index data and performance data is missing

To investigate the issue of missing data in Splunk for a period of 3-4 hours, where gaps were observed in the _intern...

by Motivator in

Append a lookup value from csv to a chart table

I am looking to append a value in a lookup csv to an existing search index=* |fields _time,x |chart count(_raw...

by Observer in

please excuse... as it is very basic... AND in search or WHERE..what is diff

Hi All, Thanks for your time. I am sorry in advance as this is very basic question. just started exploring the sea...

by Explorer in

How do you get a Saved Search to ignore a specific automatic lookup?

How do you get a Saved Search to ignore a specific automatic lookup? The reason for wanting to do this is because t...

by Path Finder in

URLs by host

I need a query that lists URLs a particular host has reached out in a particular time e.g in the last 24 hours. Pleas...

by Path Finder in

Printer Log search to list all printers from lookup and give record count and page printed count

Looking for help running a stats count and stats count sum referencing a lookup using print logs. Looking to output ...

by Path Finder in

Getting a .json file into Splunk at the backend

Am having trouble getting a .json file into splunk through the backend to help support a customized dashboard. Is the...

by Explorer in

percent of results per bin

Hi all, New to splunk, running out of ideas, please help! I have created a search to show: | bin span=10...

by Engager in

Finding a way to include creator name and creation date in Indexes

Hi, I'm exploring a way to get the search results for the name of Indexes, who created those indexes and creation ...

by Explorer in

To count the filed with different time range

Hi I have events that having multiple countries... I want to count the country field and with different time range...

by Path Finder in

How to use search results in a table in a new search also using row count?

I'm still learning Splunk and would like to learn how to combine some searches.Goal: Use the VPN search results to pe...

by Engager in

How to combain two rex

I have two rex queries and want know how to combine Query : 1 index=test1 sourcetype=teams | search "osvers...

by Engager in

Run macro commands from lookup

Hi I'm wondering if it's possible to define and execute a macro from a lookup. I have an index with several (about...

by Explorer in

To compare the value of particular day with the same day of the last week and last to last week.

Hi Can someone please tell me how we can compare the value of a particular day with the value of the same day of last...

by Path Finder in

I want to group similar urls as one and get the count and average times

My query is index=stuff | search "kubernetes.labels.app"="some_stuff" "log.msg"="Response" "log.level"=30 ...

by Explorer in

Lookup question

Hi, I'm pretty new to Splunk and I have a simple question that maybe one of you guys could help me figure out...

by Explorer in

Remote connectivity (Using someone else's Splunk instance credentials to log in)

I am trying to use the credentials of my friend to log into Splunk Enterprise, and I am unable to do that. Also, I...

by Engager in

Splunk DB connect add-on InfluxDB 2.6

I have ingested data form influx DB to Splunk Enterprise using influxDB add from splunk db connect. Performing Infl...

by New Member in

Transaction starting and ending 'event' are not always showing the correct overview

Hi,I am trying to create a Transaction where my starting and ending 'event' are not always showing the correct overvi...

by Explorer in

Match or Substring for nested object not working

I am running query -> index=* source="/somesource/*" message "403"| search level IN (ERROR) And Response is --> {...

by Engager in

how to install splunk AI assistance

Can anyone help me to provide the URL to download or steps of how to use Splunk AI.

by Path Finder in

TIme difference between first and last

My query returns these events, i need to compute the total time A was in this state and total time B was in this stat...

by Engager in

need assistance with splunk tojson

I have a splunk query which generates output in csv/table format. I wanted to convert this to a json format before wr...

by Communicator in

Grouping logs by tranId, date and time

Hello, I'm attempting to display a group of logs by the tranId. We log multiple user actions under a single tranId...

by Explorer in

How to use the field extraction expression directly using a Rex command ?

Hi Team Can you please let me know how can i use the below Field extraction formula directly using the rex command...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Internal index data and performance data is missing

Append a lookup value from csv to a chart table

please excuse... as it is very basic... AND in search or WHERE..what is diff

How do you get a Saved Search to ignore a specific automatic lookup?

URLs by host

Printer Log search to list all printers from lookup and give record count and page printed count

Getting a .json file into Splunk at the backend

percent of results per bin

Finding a way to include creator name and creation date in Indexes

To count the filed with different time range

How to use search results in a table in a new search also using row count?

How to combain two rex

Run macro commands from lookup

To compare the value of particular day with the same day of the last week and last to last week.

I want to group similar urls as one and get the count and average times

Lookup question

Remote connectivity (Using someone else's Splunk instance credentials to log in)

Splunk DB connect add-on InfluxDB 2.6

Transaction starting and ending 'event' are not always showing the correct overview

Match or Substring for nested object not working

how to install splunk AI assistance

TIme difference between first and last

need assistance with splunk tojson

Grouping logs by tranId, date and time

How to use the field extraction expression directly using a Rex command ?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...