Splunk Search

Ask a Question

Discussions

Thread Info

How to update KV Store with consecutive values from a search?

Hi, I'm trying to update a KV store so that the only entries in it will be for consecutive returns from a search. ...

by Engager in

Re: Help on removing the double quotes and reading a substring

Hi @gcusello Need one more help, from the below log, i am able to remove all the wild characters using below s...

by Path Finder in

How to split by comma and use values as field names?

I have the following fields, where some of them might be null, empty, whatnot values. I would like to split the Ser...

by Path Finder in

How to create a dashboard using graph from response time count of application logs?

Hi Team, I wanted to count response time for each hours from application logs, wanted to create dashboard usi...

by New Member in

How to compare close date with start date?

Hi there, I am new to this kind of analysis within Splunk but i've been asked to create a filter on events where t...

by Communicator in

Can someone help with my Splunk search to find new events in 2 week periods?

Hello Splunkers!! I have two weeks events week 1 & week 2. Here I need to compare event of Week 1 & Week 2. The hi...

by Motivator in

How to escape equal signs (=) in key value data?

Some of our data is logged in key value format separated by an equal sign (=), e.g.: field1=data1 field2=data2 ...

by Builder in

How to write a Splunk search for License Utilization for Particular events?

Hi , i want to find the license utilization of firewall logs based on severity level. can anyone help me wit...

by Path Finder in

How to extract status for monitoring with a log structure like this?

Hello, I have a log file that go like this 2022-09-30 09:43:41,038: INSTANCE=34-bankgw1, REF=2373...

by Communicator in

Trouble with date conversion

I need to create a field (30days) with a date 30 days from the date in a given field (pubdate). I believe I have that...

by Communicator in

Splunk query to Append/replace the specific fields in the lookup file (csv)

Hi, I have a lookup file with the fields - biz_department, biz_unit, biz_owner, data_usage I have a query to ge...

by Explorer in

How to add the field name via command in a lookup file?

Hi Community Support, I have a lookup file with IP addresses where all the values are IP Addresses including the v...

by Engager in

Event sampling and Count - accuracy?

I have a need for approximate statistics/metrics and am currently using Event Sampling, which drastically speeds up t...

by Path Finder in

Priority of a search error- How do find what searches are high priority and what are non-high priority search in splunk?

The splunkd health has the following message: The percentage of non-high priority searches skipped (97%) over the...

by Explorer in

Help on removing the double quotes and reading a substring

I have the below string in my error log {"@odata.context":"https://apistaging.payspace.com/odata/v1.1/11846/$meta...

by Path Finder in

How to display table with vertical title?

I'm sure this must be possible, but I can't find a way, unfortunately there are a couple of threads on this with no s...

by Explorer in

How to get ip objects from a Splunk list?

Hello, I have an output list like this one: { "10.10.10.15": { "High": [ { "name": "vu1", "...

by Loves-to-Learn Everything in

How to unite multiple columns into one column?

table A table B I know there are lots of ways to spread the table from table B to table A . Is...

by Explorer in

Is there any way to export my custom visualization in PDF format --- BoxPlot?

Hey Splunkers!! Is there any way to export my custom visualization in PDF format --- BoxPlot I check over the S...

by Explorer in

How to display comma separated in two column in Splunk under events or statistics or visualization?

case_S56_search_Get_T01_search,{"success":false "message":"Note not found: 52229548" "messageCode":"**" "localizedMes...

by Explorer in

Help with Search for sporadic servers in the past 14 days?

Trying to build a search looking for sporadic servers in the past 14 days, here is my search so far. | tstats ...

by Path Finder in

Retrieve all latest rows that share the same _time value?

I have an application that sends logs to Splunk every few seconds. These logs are "snapshots" which provide a static ...

by Engager in

Filter JSON search results based on another log message in the same search?

I have the below search results that will consist of 2 different types of log formats or strings. Log 1: "MESSAGE "(...

by Path Finder in

How to show the total size of events from a source?

Hi, I need to show a customer that Splunk is processing their entire file, and thought a good way of doing it was ...

by Champion in

Can I use macro but complete search if macro is broken or missing?

I am using two macros in a search however, I want to use them in a way that IF they are broken or not available the s...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to update KV Store with consecutive values from a search?

Re: Help on removing the double quotes and reading a substring

How to split by comma and use values as field names?

How to create a dashboard using graph from response time count of application logs?

How to compare close date with start date?

Can someone help with my Splunk search to find new events in 2 week periods?

How to escape equal signs (=) in key value data?

How to write a Splunk search for License Utilization for Particular events?

How to extract status for monitoring with a log structure like this?

Trouble with date conversion

Splunk query to Append/replace the specific fields in the lookup file (csv)

How to add the field name via command in a lookup file?

Event sampling and Count - accuracy?

Priority of a search error- How do find what searches are high priority and what are non-high priority search in splunk?

Help on removing the double quotes and reading a substring

How to display table with vertical title?

How to get ip objects from a Splunk list?

How to unite multiple columns into one column?

Is there any way to export my custom visualization in PDF format --- BoxPlot?

How to display comma separated in two column in Splunk under events or statistics or visualization?

Help with Search for sporadic servers in the past 14 days?

Retrieve all latest rows that share the same _time value?

Filter JSON search results based on another log message in the same search?

How to show the total size of events from a source?

Can I use macro but complete search if macro is broken or missing?

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions