Splunk Search

Discussions

Thread Info

How to filter on 'count' without losing original results?

I am trying to build an Alert which will trigger whenever one of our AWS-hosted Active Directory domains get replacem...

by Path Finder in

How to remove duplicates from the table?

Hi community, I have table like below - ClientError_codeError Resultsabc10032abc10033abc10131abc10273abc10275abc1...

by Path Finder in

Can a lookup be recreated and use the existing lookup definition?

The scenario is, A lookup csv has become unreadable. A lookup definition exists for it. The lookup was deleted...

by Explorer in

Does Rex in splunk support variable in regular expression?

Does Rex in splunk support variable in regular expression ? For example, user could input a text from UI, usually I...

by Explorer in

How to remove duplicates?

Client Error Error Results Error ResultsPrevious week Percent of Total PercentDifference abc 1003 2 0 12.5 ...

by Path Finder in

How to pull latest values for every 4 hours time interval?

Hello, I'm trying to pull the latest values for every 4 hours in a day ie., latest values between the time00:00:0...

by Explorer in

How to do a multi line field extraction?

I want to extract package line as individual results, tried rex "Linux\ssystem\s\:\s+(?<packages>.+)", but that is ...

by Communicator in

How do I show in table, when a field is greater than 1, to exclude it?

Hi guys, I have a query that works and gives me table such as below. What I wanted to do was when count of value...

by Explorer in

How to achieve complex filtering on MVFields?

I am attempting to build a search that pulls back all logs that have a value in a multi-value field but do not have o...

by Engager in

How do I merge two rows coming from different macros?

Hi All,I am appending two macros to generate the following result set using append command. The 1st row comes from o...

by Builder in

How to dynamically pass as parameters all host matching a specific query: index=* host=myserver?

Hi all,I have just downloaded the app "SSL Certificate lookup" from splunk base and it's working fine. with following...

by Explorer in

Extract a field from a field in splunk?

I have a field names "code_value" which has the values as follows code_value ABC-123 JHLIK ABC-456 LKJF AB...

by Builder in

How to extract string after particular word?

Hi, I have a line in the event like "/v1/locations/7b-cec6-4820-b699-ec" I need to extract 7b-cec6-4820-b6...

by Explorer in

Is it possible to merge searches with same index but different host names?

Hello, I have two searches with same index but different host names. Is it possible to have the results of both th...

by Explorer in

How would I calculate time difference between different events of a table?

Hi All, i am using 2 searches combined via an append to get me data in the following format. Each row is a distinct ...

by Builder in

Maximun disk usage quota- Why are alerts not sending?

Hello, I have a Splunk Cloud deployment and the alerts are not firing. I have searched for information and using t...

by Explorer in

How to club data from an index and a file to club?

I am trying to club data from one source type with a search input from a formatted CSV file, however I can send only ...

by New Member in

Problem with quota for splunk-system-user- Why does size of dispatch folder not correspond to searches in Jobs menu?

Hi Splunkers, we had copied many searches to the search head node from indexer and now we have many errors like th...

by Contributor in

Combine separate fields to a single MV field?

As far as I know using mvcommand only creates an MV field out of values from a single field. In a column for example....

by Path Finder in

Why is eval failing on joined data?

I have the following search: index=sandbox document_type=test-collat-record-json_v2 | where ((isnotn...

by Explorer in

How to find results present in lookup table and not in custom index?

Hi All, I have enquired about this problem earlier as well in Splunk community, thus, apologies for duplicate query...

by Contributor in

How to Search to show any new logs/indexes added to the environment within a period of time?

I am creating a dashboard to show any new logs that are added to our environment within a period of time.For example ...

by Engager in

Help with Field Extraction - How draft the if condition to achieve following logic?

I want to do a field extraction for my sourcetype under the Fields-> Calculated Fields section. Confused how to draft...

by Contributor in

How to concatenate events from multiple hosts as single host?

Hai All, we have events from different hosts with same name. any search query to add them in single host field ...

by Path Finder in

How to to take a specific 'cell' result and assign it as a token?

I have a query that returns multi-row and multi-column results. I want to be able to take a specific 'cell' result an...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter on 'count' without losing original results?

How to remove duplicates from the table?

Can a lookup be recreated and use the existing lookup definition?

Does Rex in splunk support variable in regular expression?

How to remove duplicates?

How to pull latest values for every 4 hours time interval?

How to do a multi line field extraction?

How do I show in table, when a field is greater than 1, to exclude it?

How to achieve complex filtering on MVFields?

How do I merge two rows coming from different macros?

How to dynamically pass as parameters all host matching a specific query: index=* host=myserver?

Extract a field from a field in splunk?

How to extract string after particular word?

Is it possible to merge searches with same index but different host names?

How would I calculate time difference between different events of a table?

Maximun disk usage quota- Why are alerts not sending?

How to club data from an index and a file to club?

Problem with quota for splunk-system-user- Why does size of dispatch folder not correspond to searches in Jobs menu?

Combine separate fields to a single MV field?

Why is eval failing on joined data?

How to find results present in lookup table and not in custom index?

How to Search to show any new logs/indexes added to the environment within a period of time?

Help with Field Extraction - How draft the if condition to achieve following logic?

How to concatenate events from multiple hosts as single host?

How to to take a specific 'cell' result and assign it as a token?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions