Splunk Search

Community Activity

See the results of Splunk alerts in a search. I'm trying to optimize the alerts since I'm having issues. Where I work, it's somewhat slow to solve the problem (1 t... by Aresndiz Explorer in Splunk Search 01-30-2025 0 3	0	3
Need a help with Query Below was the question for me"I need a running report to be exported, with the number of errors on each of the servic... by SR Observer in Splunk Search 01-30-2025 0 4	0	4
Filtering logs for a string only based on date Hi All, I have a requirement where I need to filter the virtual machine outage occurrence from the kernel logs. I... by shenoyveer Path Finder in Splunk Search 01-30-2025 0 20	0	20
rename field with * Hi i have a field with name server__count. the is coming from an input dropdown ALL where value is * how can i ren... by secure Path Finder in Splunk Search 01-29-2025 0 4	0	4
breaking multiple mv fields into single events based on array index I have data that looks something like this, coming in as JSON:time, application, feature, username, hostnameThe probl... by pmdba Builder in Splunk Search 01-29-2025 0 2	0	2
writing a splunk query to isolate login event im trying to write a splunk search to extract the user id and time of a login. log sample below: trx# datetime ... by pc1234 Explorer in Splunk Search 01-29-2025 0 1	0	1
Need help to format result I'm trying to add up 2 values per minute to display the max total value per hour. This is my search result. As you c... by Splunked_Kid Explorer in Splunk Search 01-29-2025 0 3	0	3
How to get latest SID I am using splunk-sdk in my python code, I want to get latest sid of saved report each time it is refreshed.I tried u... by gk33 New Member in Splunk Search 01-29-2025 0 1	0	1
Search result evaluates to true when it is false Hello, trying to figure out why this eval statement testing for a null value always evaluates to "true", even when th... by shaunm001 Path Finder in Splunk Search 01-29-2025 0 4	0	4
Parsing Hello community,I need help with configuring Splunk to correctly process timestamp information in my UDP messages. Wh... by user3344 Engager in Splunk Search 01-29-2025 0 6	0	6
Rearrange the stats output. Team,I got stats output as below and I need to rearrangestats current output :-transaction_id source count12345 ... by onthakur Explorer in Splunk Search 01-29-2025 1 3	1	3
How do I keep the value of the minutes in a span=1h timechart if I want to keep only the max value of the hour. Hello, I'm trying to add up the MIPS of each of the partitions per minute and then keep only the maximum MIPS per day... by Splunked_Kid Explorer in Splunk Search 01-28-2025 0 5	0	5
Search same transaction_id in 2 different services. Team, I have a situation where user is calling service 1 and then service1 calls service2 using same transaction_idso... by onthakur Explorer in Splunk Search 01-28-2025 0 3	0	3
Filter field only if it exists Good day, I'm having an issue with an email dashboard I'm attempting to create in Splunk. This dashboard filters on t... by dtaylor Path Finder in Splunk Search 01-27-2025 0 8	0	8
How to search for serach with 746 lines I need help with the structure of this searchindex=indexnameI need help with the structure of this search I would lik... by bond77s Explorer in Splunk Search 01-27-2025 0 6	0	6
Help on a REX extract - and count So I have an IndexIndex= xxxxxx "Stopping iteration"I have the rex for getting the unique IdEvent Sample : Stopping i... by LizAndy123 Path Finder in Splunk Search 01-27-2025 0 6	0	6
Manual Search and Alert providing different number of events searched/output as result Hi Splunkers! The issue I am having is regarding different results from alerts when some condition is met, compared t... by CrossWordKnower Explorer in Splunk Search 01-27-2025 0 6	0	6
How to search a string Hi Community, please help me how to extract BOLD/underlines value from below string:[2025-01-22 13:33:33,899] INFO Se... by RGullur New Member in Splunk Search 01-26-2025 0 5	0	5
custom aggregation function for stats command Hello,I am building a splunk app , where I want to have my own custom aggregate function for stats command. Below is ... by welcomerrr Observer in Splunk Search 01-26-2025 0 6	0	6
How to get alert result through API? I'm calling the API from BTP IS and want to get the result of an alert that I created from before. My alert name is P... by BrianLam Engager in Splunk Search 01-26-2025 0 3	0	3
Map column from another table to my currently used table Hi all,I have the following issue. I have a table A col1col2AaaBbbCaa And a table BcolAcolBaaFYIbbLOL I need to add t... by Jimenez Explorer in Splunk Search 01-26-2025 0 6	0	6
How to Sort JSON Data by field value? I have a base query which yield the field result, result can be either "Pass" or "Fail"Sample query result is attache... by nkavouris Path Finder in Splunk Search 01-25-2025 0 1	0	1
isnum() vs. NaN Has anyone run into the interesting effect that isnum() thinks that "NaN" is a number? So isnum("NaN") is true "NaN" ... by bochmann Path Finder in Splunk Search 01-24-2025 0 7	0	7
Count # of sensors by host and dashboard Calculating metrics. I need to count the number of sensors that are created and monitored for each host. I have the i... by ksheikh786 Loves-to-Learn Lots in Splunk Search 01-24-2025 0 9	0	9
How to check MQ reconnects after a connection is dropped Hi All,I am rather hoping someone can assist me in creating a search that can be used for an alert to detect when a c... by bennch68 Engager in Splunk Search 01-24-2025 0 2	0	2