Splunk Search

Community Activity

Parsing Hello community,I need help with configuring Splunk to correctly process timestamp information in my UDP messages. Wh... by user3344 Engager in Splunk Search 01-29-2025 0 6	0	6
Rearrange the stats output. Team,I got stats output as below and I need to rearrangestats current output :-transaction_id source count12345 ... by onthakur Explorer in Splunk Search 01-29-2025 1 3	1	3
How do I keep the value of the minutes in a span=1h timechart if I want to keep only the max value of the hour. Hello, I'm trying to add up the MIPS of each of the partitions per minute and then keep only the maximum MIPS per day... by Splunked_Kid Explorer in Splunk Search 01-28-2025 0 5	0	5
Search same transaction_id in 2 different services. Team, I have a situation where user is calling service 1 and then service1 calls service2 using same transaction_idso... by onthakur Explorer in Splunk Search 01-28-2025 0 3	0	3
Filter field only if it exists Good day, I'm having an issue with an email dashboard I'm attempting to create in Splunk. This dashboard filters on t... by dtaylor Path Finder in Splunk Search 01-27-2025 0 8	0	8
How to search for serach with 746 lines I need help with the structure of this searchindex=indexnameI need help with the structure of this search I would lik... by bond77s Explorer in Splunk Search 01-27-2025 0 6	0	6
Help on a REX extract - and count So I have an IndexIndex= xxxxxx "Stopping iteration"I have the rex for getting the unique IdEvent Sample : Stopping i... by LizAndy123 Path Finder in Splunk Search 01-27-2025 0 6	0	6
Manual Search and Alert providing different number of events searched/output as result Hi Splunkers! The issue I am having is regarding different results from alerts when some condition is met, compared t... by CrossWordKnower Explorer in Splunk Search 01-27-2025 0 6	0	6
How to search a string Hi Community, please help me how to extract BOLD/underlines value from below string:[2025-01-22 13:33:33,899] INFO Se... by RGullur New Member in Splunk Search 01-26-2025 0 5	0	5
custom aggregation function for stats command Hello,I am building a splunk app , where I want to have my own custom aggregate function for stats command. Below is ... by welcomerrr Observer in Splunk Search 01-26-2025 0 6	0	6
How to get alert result through API? I'm calling the API from BTP IS and want to get the result of an alert that I created from before. My alert name is P... by BrianLam Engager in Splunk Search 01-26-2025 0 3	0	3
Map column from another table to my currently used table Hi all,I have the following issue. I have a table A col1col2AaaBbbCaa And a table BcolAcolBaaFYIbbLOL I need to add t... by Jimenez Explorer in Splunk Search 01-26-2025 0 6	0	6
How to Sort JSON Data by field value? I have a base query which yield the field result, result can be either "Pass" or "Fail"Sample query result is attache... by nkavouris Path Finder in Splunk Search 01-25-2025 0 1	0	1
isnum() vs. NaN Has anyone run into the interesting effect that isnum() thinks that "NaN" is a number? So isnum("NaN") is true "NaN" ... by bochmann Path Finder in Splunk Search 01-24-2025 0 7	0	7
Count # of sensors by host and dashboard Calculating metrics. I need to count the number of sensors that are created and monitored for each host. I have the i... by ksheikh786 Loves-to-Learn Lots in Splunk Search 01-24-2025 0 9	0	9
How to check MQ reconnects after a connection is dropped Hi All,I am rather hoping someone can assist me in creating a search that can be used for an alert to detect when a c... by bennch68 Engager in Splunk Search 01-24-2025 0 2	0	2
Lookup Table Modifying _time and timepicker ignoring Hi, Struggling trying to figure out what I'm doing wrong. I have the following SPL\| inputlookup append=t kvstore \| ev... by chrisboy68 Contributor in Splunk Search 01-24-2025 0 5	0	5
How to display zero for latest(values) The following is my query.index="xyz" host="*" \|fields host,messagevalue\| search "total payment count :"\|eval messag... by varsh_6_8_6 Explorer in Splunk Search 01-24-2025 0 4	0	4
How to get multiple values of earliest and latest in one search? Hi Splunkers, This is my first post as I am new to using splunk, but my issue arising when I am trying to pull specif... by CrossWordKnower Explorer in Splunk Search 01-23-2025 0 3	0	3
Regex to extract letters only Hi,Can any one please help in creating regex to extract 12 words(Words with characters/letters only) from beginning o... by poojak2579 Path Finder in Splunk Search 01-23-2025 0 8	0	8
ITSI thresholds: adaptive vs static Hello Splunkers,I was wondering if it's possible to combine adaptive and static thresholds in IT Service Intelligence... by djluke Path Finder in Splunk Search 01-23-2025 1 0	1	0
How to identify the login information from a lookup table users list Hello, I have lookup table which contain fields as below. user shortname email 1 ... by navan1 Explorer in Splunk Search 01-23-2025 0 1	0	1
How to stats count and still have all fields available afterwards? Dear expertsAccording to the documentation after stats, I have only the fields left used during stats. \| tabl... by Ste Path Finder in Splunk Search 01-23-2025 0 9	0	9
How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but sinc... by marycordova SplunkTrust in Splunk Search 01-22-2025 0 7	0	7
Add columns from lookup file Combing through firewall logs. I am extracting source, destination, dest_port. I have a csv lookup file with ports... by ronj_clark Explorer in Splunk Search 01-22-2025 0 2	0	2