Splunk Search

Community Activity

Splunk Dashboard- Why is the edit dashboard mood screen appearing? One dashboard was made by me. I'm showing my colleagues my dashboard. Problem: When my coworkers or I access that Spl... by alakdam Path Finder in Splunk Search 10-06-2022 0 2	0	2
How to combine lookup file with splunk query, static data with live data Static data with one common field app Name as splunk query. by san112491 New Member in Splunk Search 10-06-2022 0 2	0	2
How to count total empty object? I have a data where I got empty object. I would like count in total how many empty object in one table data and also ... by alakdam Path Finder in Splunk Search 10-05-2022 0 10	0	10
How to check value of my search present in which lookup table HiI am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, wat... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 10-05-2022 0 1	0	1
Why does the split function fail for list_split_failure_1 and 2 but succeeds for list_split_success? \| makeresults count=1\| eval list_split_failure_1 = "fail:,searching old data:,searching new"\| eval list_split_failure... by rkoster Explorer in Splunk Search 10-05-2022 0 1	0	1
Need help with query performance improvement Hi guys,I need to evaluate a disruption. It can last multiple hours, so I need to use data which is at least 4h old.... by username13 Explorer in Splunk Search 10-05-2022 0 3	0	3
Specify time zone in static earliest and latest times? I would like to send a search with a specific time range to people in different time zones. I can use earliest and la... by reed_kelly Contributor in Splunk Search 10-05-2022 0 6	0	6
Help with Drilldown and token condition in Dashboard Hi everybody, I am creating a Dashboard using Splunk and I'm searching for a solution. I have a list machine accordin... by Julia1231 Communicator in Splunk Search 10-05-2022 0 2	0	2
Do not display certain elements of a search? Hello community, I am having a problem with a dashboard that I am setting up based on Splunk OnCall data, in order to... by Rajaion Path Finder in Splunk Search 10-05-2022 0 6	0	6
How can we convert milliseconds to seconds? Hi, How can we calculate milli seconds to seconds for this field -> transactionDuration=20058? by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Can I generate a table in which I list every event with the four variables? Hey Guys, I have the following data in Splunk. Each eventdata has 4 lines (which are seperated through newLines) and ... by leon12 Loves-to-Learn in Splunk Search 10-05-2022 0 1	0	1
How to use a multivalue field in a dropdown list? Hello as you can see "type" field as 3 values : stand, vd or xe if the "type" field is "vd" or "xe", I need to gather... by jip31 Motivator in Splunk Search 10-05-2022 0 6	0	6
Multisearch or union for this case- How to show for 5 user id's? i All There are query splunk like this : (index=Prod sourcetype=ProdApp (host=Prod01 OR Prod02) source="/prodlib/S... by untitledman27 Loves-to-Learn Everything in Splunk Search 10-05-2022 0 24	0	24
How to convert timestamp to date for below timestamp to just date 2022-10-04? How can i convert timestamp to date for below timestamp to just date 2022-10-04. timestamp: 2022-10-04 19:52:00.151 ... by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Is it possible to extract nested data make 2 keys? Hi Splunkers, I have data like this, Primary Key_1: subkey_1 : subvalue_1 subkey_2 : subvalue_2 Primary Ke... by batabay Path Finder in Splunk Search 10-05-2022 0 3	0	3
How to feed results of a query into another query of a different time and index? Hi all, I am trying to feed results of a query into another of a different time and index and I'm facing issues with ... by charlottelimcl Explorer in Splunk Search 10-05-2022 0 5	0	5
[Solution] Dashboard global_time token value not set For the search record: I edited an already functional dashboard in the studio, tweaking the layout. Part of that was ... by preview Engager in Splunk Search 10-04-2022 2 0	2	0
How can I extract data with delimiter? I have a log entry with the current format: field=A_B (delimited by underscore)How can I extract this data into two ... by yk010123 Path Finder in Splunk Search 10-04-2022 0 1	0	1
How to possibly use spath within a tstats query? Hello, I have an API call that is bringing in json data to my Splunk environment. When I do a basic query of the inde... by DBattisto Communicator in Splunk Search 10-04-2022 0 1	0	1
How can I parse a log containing multiple JSON records? I have the following log: Requests over Threshold found: {"kv":{"top_requests":[{"operation_name":"get","last_dispa... by yk010123 Path Finder in Splunk Search 10-04-2022 0 8	0	8
Dashboard for host,sourcetype, latest event received,Total Eventcount and sparkline for count of 1month? Hi, \| tstats earliest(_time) as Earliest latest(_time) as Latest where index=_internal by _time, index, sourcetype,... by Atchyuth_P Path Finder in Splunk Search 10-04-2022 0 1	0	1
How to regex the field = "URI path" values by "/" character where the values are varying length? Hi, I am b/t a rock and a wall, looking for any suggestion to solved this. I am using the URL ToolBox to dissect URI ... by Glasses2 Communicator in Splunk Search 10-04-2022 0 5	0	5
Default Table sort order not working as expected? host="*" index=main sourcetype=WwanSignal uid="3F77F61645E8323E205F832212" \| table _time deviceName user quality prev... by simpkins1958 Contributor in Splunk Search 10-04-2022 0 15	0	15
How to compare the values from same fields? I want to create the new_field when other values of field_1 is less than of first value.Here in below example as 23 g... by saurabh_ha Explorer in Splunk Search 10-04-2022 0 2	0	2
Help with Regex to extract values inside of the [] Good afternoon Splunk ninjas, i will require your assistance in designing regex that will help me take the values ins... by napoleon182 Explorer in Splunk Search 10-03-2022 0 2	0	2