Splunk Search

Discussions

Thread Info

How to calculate percentage by another field?

I would like to create a dashboard to show the percentage of each of my service meeting a certain performance require...

by Path Finder in

Why is one search head able to send out email alerts but not the other?

Hello Splunk Community, I have two search heads. 1 search head is able to send out email alerts and the other one can...

by Loves-to-Learn Lots in

How do I re-insert newlines into transaction raw message for dashboard?

Gurus I am working on a Studio Dash and I would like to add the output of a transaction the way it is usually show...

by Engager in

How do i search next log entry after the one I originally searched for?

I'm very new to splunk. What I'm trying to search for is the next log entry after the entry I search for. For examp...

by Explorer in

Is there an equivalent for Dedup distributable on search indexes

Background in a moment, but here's the question: Is there a way to have the equivalent of dedup running against ea...

by Legend in

How do I create a search that shows which Savedsearches were used in Dashboard?

Hi I'm new to Splunk and what to create a search that shows what savedsearches where used in a dashboard?This is how ...

by Explorer in

How to get first non-null values in the table based upon other field values?

I have a search that is generating the results like below. I need a search where if TAC, CellName and Date are same i...

by Communicator in

How do I trigger alert if there are extracts where TOTAL_PIECES >0 and RETRIEVAL_ATTEMPT= 10?

Hi, I want the alert to trigger if there are extracts where TOTAL_PIECES >0 and RETRIEVAL_ATTEMPT= 10 Is there ...

by Path Finder in

How do I create multiple null values for an existing field?

I have a search that counts the vulnerabilities for a given team and places them on a Bar chart on a dashboard based...

by Path Finder in

How to eliminate last few events in a Splunk search?

I have a scenario that i'm getting N number of results for last 60min splunk search like below (5:00Pm to 06:00PM). ...

by New Member in

How to get failure and success percentage based on a particular field?

Hi, I have many logs like this {"line":{"timestamp":"2022-07-27T20:35:32.756Z","level":"DEBUG","threa...

by Observer in

How to get results from last week's data but only if there is a new returned result from last 24h?

Hello everyone, I'm trying to schedule an alert looking like this: index=network host=device1 | stats count by sou...

by Path Finder in

How to optimize search SPL Subsearch/Append?

HI Splunkers, Requirement: I have to create table for COUNT OF ERRORS based on text search in _raw data. I...

by Contributor in

Can an IN clause in a SPL query have 277 values?

How many values are allowed in an IN clause which is part of where clause? I want to read 277 values to be precise. ...

by Explorer in

How to modify Time Zone in Splunk?

Hello, We have a few types of logs generated with different time zones. Are there any ways SPLUNK can modify the t...

by Motivator in

Splunk Search - How to change Days in Previous Week?

I have scheduled a Splunk report and set the search Time frame as Previous Week. The report I am getting is for Sun...

by Contributor in

How to make a report of details about all savedsearch that fire in a day?

I want to make a report about how many alerts fired in a day. I saw in the job inspection I want all of th...

by Communicator in

Need help in extracting branch numbers from event message

I have a field called RenderedMessage in event log which has the following text Task finished: TaskID 1 for branch...

by Explorer in

How to distribute a value form an event over a given time period?

Data Model (simplified): - numeric value "Hours" - numeric value "StartTime" (assumed to always have time be 00...

by Explorer in

Are successive joins expensive related to disk space quota?

Hi, a question from a high level of what goes on behind the scenes. I have an internal user who has written lots o...

by Path Finder in

How to resolve this error on search head: The metric> value=0.00003393234971117585 provided>

Got this error on the search head, Please help us to resolve this . > Search peer xxxxxx has the following> messag...

by Loves-to-Learn Everything in

How to generate an API key/auth token to use for testing dashboard creation with terraform?

We are trying to generate an API keys in order for Terraform to create dashboards. Anyone had idea on getting/have e...

by Explorer in

How do I extract key value pairs from json file using regex?

Hi all, I have a sample json file like this. { "Project Name" : "abc", "Project Group":"A", "Unit":...

by Communicator in

How to compare two search results and list difference and matches?

Hi guys im new to Splunk, Im trying to write a query to compare two search results and shows the differences and ...

by Explorer in

How to search number of total path in multivalue field?

Hi, I have a json coming from CI with this template : {"source":"1","sourcetype":"json","event":{"type":"build"...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate percentage by another field?

Why is one search head able to send out email alerts but not the other?

How do I re-insert newlines into transaction raw message for dashboard?

How do i search next log entry after the one I originally searched for?

Is there an equivalent for Dedup distributable on search indexes

How do I create a search that shows which Savedsearches were used in Dashboard?

How to get first non-null values in the table based upon other field values?

How do I trigger alert if there are extracts where TOTAL_PIECES >0 and RETRIEVAL_ATTEMPT= 10?

How do I create multiple null values for an existing field?

How to eliminate last few events in a Splunk search?

How to get failure and success percentage based on a particular field?

How to get results from last week's data but only if there is a new returned result from last 24h?

How to optimize search SPL Subsearch/Append?

Can an IN clause in a SPL query have 277 values?

How to modify Time Zone in Splunk?

Splunk Search - How to change Days in Previous Week?

How to make a report of details about all savedsearch that fire in a day?

Need help in extracting branch numbers from event message

How to distribute a value form an event over a given time period?

Are successive joins expensive related to disk space quota?

How to resolve this error on search head: The metric> value=0.00003393234971117585 provided>

How to generate an API key/auth token to use for testing dashboard creation with terraform?

How do I extract key value pairs from json file using regex?

How to compare two search results and list difference and matches?

How to search number of total path in multivalue field?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions