Splunk Search

Ask a Question

Discussions

Thread Info

How can I parse a log containing multiple JSON records?

I have the following log: Requests over Threshold found: {"kv":{"top_requests":[{"operation_name":"get...

by Path Finder in

Dashboard for host,sourcetype, latest event received,Total Eventcount and sparkline for count of 1month?

Hi, | tstats earliest(_time) as Earliest latest(_time) as Latest where index=_internal by _time, index, s...

by Path Finder in

How to regex the field = "URI path" values by "/" character where the values are varying length?

Hi, I am b/t a rock and a wall, looking for any suggestion to solved this. I am using the URL ToolBox to dissec...

by Communicator in

Default Table sort order not working as expected?

host="*" index=main sourcetype=WwanSignal uid="3F77F61645E8323E205F832212" | table _time deviceName user quality prev...

by Contributor in

How to compare the values from same fields?

I want to create the new_field when other values of field_1 is less than of first value.Here in below example as 23 g...

by Explorer in

Help with Regex to extract values inside of the []

Good afternoon Splunk ninjas, i will require your assistance in designing regex that will help me take the values ins...

by Explorer in

How to create pie charts with column values?

Hi guys, I am quite new to the Splunk world, pls forgive me for asking a very basic question. So I have a tab...

by Explorer in

How to hide some values in field?

When i have query data result from search in field worker id it show >> domain\worker_id search result Example A...

by Explorer in

How would I extract number from text message?

Hello, I would like to extract the 10 milliseconds in the below snippet of text as a separate value in a field. Is...

by Path Finder in

What is the most accurate metric to track Windows login times?

Greetings fellow Splunkers, I was wondering if anyone has figured out what seems the most accurate metric to track...

by Explorer in

How to pass multiple values from inner search to outer search?

Hi Folks, I could use some help with this query. index=address_index earliest=-30m address [ search i...

by Explorer in

How to create a list of first X values based on another field's value?

I have a set of results for the search with id="base_metrics_search" which provide 3 panels with data. The events ea...

by Path Finder in

Why am I getting this concact msg from multiple event for after apply a regex?

Hello All , thanks for the help, my exemple: logStreamName: _timemessage09bfc06d1ff10cb79/config_Ec2_CEC...

by Path Finder in

How can I change the owner of the alert in alert manager action ?

Hello How can I change the owner of the alert in alert manager action ? I have only unassigned

by Explorer in

How to achieve grouping the results using field present inside a json array?

I have below format log messages. At the end I want to group the messages by BID. I tried using the below query but I...

by Path Finder in

How do I dedup duplicate values including that value itself?

Hi everyone, I am new to splunk. I am looking at windows event logs for the EventCode=4725 for all usernames within a...

by Explorer in

Could someone help me with parsing JSON to a table?

I have the following JSON object which contains certificates expreation date: { "certificate-one.crt": 2022...

by Engager in

Is there any function works like group by grouping sets in Mysql?

is there any function works like group by grouping sets in Mysql?So that I can get a value from each group and a tota...

by Explorer in

How to run an "if" argument in a search?

Hi. I'm trying to get only failed login attempts but while I could find the correct field, it's not as accurate as...

by Explorer in

How to specify time with rest command?

Hello,I have a rest query with a field that contain date and time Is it possible to limit the search by this field...

by Communicator in

How to convert date

How to convert Windows lastLogonTimestamp from this format 07:17.45 PM, Fri 09/30/2022 to 09/30/2022 19:17:45 Thank...

by Path Finder in

Help with spath aws:metadata sorucetype tag.key{} vs Tag.value{}.

index=aws sourcetype="aws:metadata" InstanceId=i-* | spath Tags{}.key.Name output=Hostname | ...

by Contributor in

Splunkd crash after some time with below errors- How do I fix?

ERROR HttpListener [97417 TcpChannelThread] - Exception while processing request from x.x.x.x:63596 for /en-US/splunk...

by Loves-to-Learn in

Help with Timechart command

I have an SPL which gives a result. I want to get a trend of the result. So I tried using timechart command, but i...

by Contributor in

Why are results from multisearch not combining?

The below search is intended to get status codes from two different sources and put them together in a table. It work...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I parse a log containing multiple JSON records?

Dashboard for host,sourcetype, latest event received,Total Eventcount and sparkline for count of 1month?

How to regex the field = "URI path" values by "/" character where the values are varying length?

Default Table sort order not working as expected?

How to compare the values from same fields?

Help with Regex to extract values inside of the []

How to create pie charts with column values?

How to hide some values in field?

How would I extract number from text message?

What is the most accurate metric to track Windows login times?

How to pass multiple values from inner search to outer search?

How to create a list of first X values based on another field's value?

Why am I getting this concact msg from multiple event for after apply a regex?

How can I change the owner of the alert in alert manager action ?

How to achieve grouping the results using field present inside a json array?

How do I dedup duplicate values including that value itself?

Could someone help me with parsing JSON to a table?

Is there any function works like group by grouping sets in Mysql?

How to run an "if" argument in a search?

How to specify time with rest command?

How to convert date

Help with spath aws:metadata sorucetype tag.key{} vs Tag.value{}.

Splunkd crash after some time with below errors- How do I fix?

Help with Timechart command

Why are results from multisearch not combining?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions