Splunk Search

Ask a Question

Discussions

Thread Info

Splunk data to Postgres database

Hello. I have Splunk Enterprise (https://splunk6.****.net run from a browser) and am running a query collecting res...

by Explorer in

I want to find the percentage of success rate over the total amount events need help

Hi, So, I got an issue where I have a log and the log has a field called ERROR_MESSAGES for each event that e...

by Explorer in

Using input lookup

Hello, If I want to use a external file that contains 2 columns C and D and use those mappings to a existing query ...

by Explorer in

Wants to compare last 4 hours data with last 2 days data over the same time

Hi Splunk experts, I want to compare the response code of our API for last 4 hours with last 2 days data over the s...

by Explorer in

Compare 2 calculated values in a chart

Hi All, I am trying to calculate 2 values by multiplication and then compare these 2 values on a column/bar chart. ...

by Explorer in

Help with self join

Hi, I have a single search that produces the following table where fieldA and fieldB are arbitrary strings that may b...

by Explorer in

Trying to create a new calculated field but the Eval expression is not evaluating correctly

Hi there, Splunk Community! First time poster! Whoo! Let me outline the situation, goal, and problem faced briefly...

by Engager in

What does empty macro do?

Is there any difference between a empty macro with () or "" I see search with ...

by Engager in

Is there a way to capture the last line/sentence of the log in a field?

There is no Pattern or punctuation so running Regex might not work in this situation since I cant know what kind of E...

by Path Finder in

How do I change the color of each individual bar in a visual chart from a single query?

The original query: host="MEIPC" source="WinEventLog:Application" OR source="WinEventLog:Security" OR source="WinEven...

by Engager in

How to get peak and average TPS for all the service call

Hi, We are looking for a splunk query using which we have to create a dashboard to show average and maximum TPS fo...

by New Member in

Splunk ES Threat Intelligence TAXII feed with API POST Argument

Did someone ever faced or implementing this on Splunk ES?. Im facing an issue when try add TAXII feed from OTX API co...

by Path Finder in

rex during search convert to transforms/props during indexing help

Hello. I have a data source that is "mostly" json formatted, except it uses single quotes instead of double, therefo...

by Explorer in

How to get events after error occured.

Hello everyone, I am trying to get the queue or event counts with status=“spooling” that happened after the very firs...

by Explorer in

Search query to combine data from 2 different index not working

Hi All,i need to consolidate / correlate data from 2 different indexes as explained below. I have gone thru multiple ...

by Builder in

Can we run parallel writes in lookup file?

Hello All, I have a lookup file which stores data of hosts across multiple indexes. I have reports which fetch...

by Contributor in

Triggering third-party authentication Verification

Hello! I'm trying to implement a mechanism to flag users who have not had a third-party authentication verification i...

by Explorer in

How do I fix this Search lag error?

Hi team, There is following errors with my Splunk healtch check. "The number of extremely lagged searches (1) over th...

by New Member in

YoY query for comparing two products together

I am working on a tax product and we have products per tax year. Now I want to compare the performance of the tax pro...

by Observer in

Why am I getting three different results running a search using different search modes (Fast, Smart, Verbose)?

Hi all, I found a very strange behavior related to Search Modes: - I have an index with many millions of events mi...

by SplunkTrust in

Why does search in fast mode return different results than verbose mode in Splunk Enterprise 7.0.2?

Problem: search: 1. Search: index=win* EventCode=4624 |userlookup(Account_Name)| table Account_Name name sam eid m...

by SplunkTrust in

How to set different charts' Y axis values to be dependent of the values of one chart ?

Hello. This is my third of fourth question in this page (I think) so I would like to beg you mercy if this issue/ques...

by Explorer in

Extract using pairdelim and kvdelim

I am trying to extract fields for this custom data but unable to parse the data| extract kv pairdelim=" " kvdelim=" ...

by Engager in

Httpevent collector logs in to splunk, not showing the host,source,sourcetype in splunk

Hi All, Httpevent collector logs in to splunk, not showing the host,source,sourcetype in splunk, please find th...

by Loves-to-Learn Everything in

This usually indicates problems with underlying storage performanc

[serversindex] Configuration initialization for /opt/splunk/var/run/searchpeers/serverhead-1721913866 took longer tha...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk data to Postgres database

I want to find the percentage of success rate over the total amount events need help

Using input lookup

Wants to compare last 4 hours data with last 2 days data over the same time

Compare 2 calculated values in a chart

Help with self join

Trying to create a new calculated field but the Eval expression is not evaluating correctly

What does empty macro do?

Is there a way to capture the last line/sentence of the log in a field?

How do I change the color of each individual bar in a visual chart from a single query?

How to get peak and average TPS for all the service call

Splunk ES Threat Intelligence TAXII feed with API POST Argument

rex during search convert to transforms/props during indexing help

How to get events after error occured.

Search query to combine data from 2 different index not working

Can we run parallel writes in lookup file?

Triggering third-party authentication Verification

How do I fix this Search lag error?

YoY query for comparing two products together

Why am I getting three different results running a search using different search modes (Fast, Smart, Verbose)?

Why does search in fast mode return different results than verbose mode in Splunk Enterprise 7.0.2?

How to set different charts' Y axis values to be dependent of the values of one chart ?

Extract using pairdelim and kvdelim

Httpevent collector logs in to splunk, not showing the host,source,sourcetype in splunk

This usually indicates problems with underlying storage performanc

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown