Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Prevent " in Drilldown Onclick

I have Drilldown that show me some Test and this is Onclick: index=main |where Test="$click.value$" The p...

by Explorer in

coalesce values of Outsearch and Subsearch

Hi Splunk experts, I have below usecase and using below query index=Index1 app_name IN ("customer","c...

by Explorer in

dropdown and conditional field value based search

i have view that i want to use to filter hosts by development tier (QA, STAGE, PROD). The drop down is configured...

by New Member in

How to pull additional fields from a lookup that is using wildcards?

I'm trying to build a search that will return an event and the severity of that event. I have the events with wildcar...

by Explorer in

Cannot find the events sent with HTTP Collector

I'm using HTTP collector on my free trial cloud instance.URLs I tried: https://inputs.<MY_SPLUNK_INSTANCE_ID>.splu...

by New Member in

Join is not returning events if subsearch is empty. How to fix it

I have an Index called myindex: NAMEAGECITYCOUNTRYLEGAL AGEDenis17LondonUKNODenis18 YESMaria17RosarioArgentinaNOMa...

by Path Finder in

Splunk AVG Query

I am consuming some data using an API, I want to calculate avg time it took for all my customer, after each ingestion...

by Explorer in

Search an endpoint ending with numbers

I want to search for endpoints /api/work/12345678 i.e api/work/(8 digt number). My below query gives me all the thre...

by Explorer in

fetching data from lookup and index using join

Hi, we have one inputlookup file X1.csv and one index=x2, we want to fetch alarm details from index for device ...

by Engager in

how to extract a timestamp from beginning of splunk log statement

All my log statements are of below format. { "source": "stdout", "tag": "practice/myapplication:4444a76b917", "...

by Loves-to-Learn Lots in

How to get raw string as input in custom search ?

Hi, I have a custom search get input as raw string, but when I combine splunk don't understand that, it always return...

by Engager in

Splunk Count for last 30 days

Hi, I have written a script which runs for every after 1 hr, here the 24 hr window is from 07am to next day 06:00am...

by Loves-to-Learn Lots in

Flatten out several multivalue fields to a single value and just be like a row/line entry

Good day, As mentioned, I wanted to flatten a series of multivalue fields, and make it just like single row entries...

by Path Finder in

Compare logs between different host and match the value.

I have two different hosts . hostA-1, hostA-2, hostA-3, hostA-4, hostA-5 . hostB-5, hostB-6, hostB-7, hostB-8. I want...

by Explorer in

parse mv json into multiline chart

I have a field named Msg which contains json. That json contains some values and an array. I need to get each...

by Engager in

Accessing Splunk pre-calculated fields

Hello, is there a possibility to access these fields? Thanks, Ava

by Explorer in

Extract Nested JSON

I have events coming from an API that all have the same 10 fields. Viewing the RAW event one of the fields (detail) ...

by Loves-to-Learn in

Hosts event search by lookup table

Hi all, I have created a lookup table and imported it into SPLUNK. It has 2 columns, one called hosts the other cal...

by Engager in

Splunk Enterprise Security Content Management blank

Hello, I performed a "fresh" installation of ES 4.6.1 in a search head cluster through deployer. Splunk app version...

by Engager in

Quick Reference Guide Card

Hoping to find some physical copies of the Quick Reference Guide on card stock. I was hoping they would be available...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Prevent " in Drilldown Onclick

coalesce values of Outsearch and Subsearch

dropdown and conditional field value based search

How to pull additional fields from a lookup that is using wildcards?

Cannot find the events sent with HTTP Collector

Join is not returning events if subsearch is empty. How to fix it

Splunk AVG Query

Search an endpoint ending with numbers

fetching data from lookup and index using join

how to extract a timestamp from beginning of splunk log statement

How to get raw string as input in custom search ?

Splunk Count for last 30 days

Flatten out several multivalue fields to a single value and just be like a row/line entry

Compare logs between different host and match the value.

parse mv json into multiline chart

Accessing Splunk pre-calculated fields

Extract Nested JSON

Hosts event search by lookup table

Splunk Enterprise Security Content Management blank

Quick Reference Guide Card

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?