Splunk Search

Community Activity

How SPL queries work in a distributed environment? Hello Splunkers, I was wondering if there is a Splunk documentation or an article about how certain search commands b... by NightShark Path Finder in Splunk Search 08-03-2022 0 3	0	3
Why is Sankey chart showing inconsistency in values? I have a Sankey chart that shows comparison of SLA vs TurnAround for each priority of ticket.While values are correct... by architkhanna Path Finder in Splunk Search 08-03-2022 0 0	0	0
How do I create a table from day (_time) to show the period when a status happens? Hi everyone, I have a table like below: _timestatus01/10/2021inactive02/10/2021active03/10/2021active04/10/2021active... by Julia1231 Communicator in Splunk Search 08-02-2022 0 1	0	1
How do I compare two tables based on a logic? Hi, I have two search queries which results in table as follow: \| search query1 \| table type1 platform1 target1 type1... by ikenahim7 Explorer in Splunk Search 08-02-2022 0 3	0	3
Splunk c#sdk export Hi ,For analytical purpose we are downloading splunk data , daily we process large amount of data ( 3-4 millions of r... by dwarakap New Member in Splunk Search 08-02-2022 0 0	0	0
How to calculate percentage by another field? I would like to create a dashboard to show the percentage of each of my service meeting a certain performance require... by Hung_Nguyen Path Finder in Splunk Search 08-02-2022 0 1	0	1
Why is one search head able to send out email alerts but not the other? Hello Splunk Community, I have two search heads. 1 search head is able to send out email alerts and the other one can... by Golgie Loves-to-Learn Lots in Splunk Search 08-02-2022 0 1	0	1
How do I re-insert newlines into transaction raw message for dashboard? Gurus I am working on a Studio Dash and I would like to add the output of a transaction the way it is usually shown i... by stucky101 Engager in Splunk Search 08-02-2022 0 2	0	2
How do i search next log entry after the one I originally searched for? I'm very new to splunk. What I'm trying to search for is the next log entry after the entry I search for. For examp... by David_M Explorer in Splunk Search 08-02-2022 0 2	0	2
Is there an equivalent for Dedup distributable on search indexes Background in a moment, but here's the question: Is there a way to have the equivalent of dedup running against each... by DalJeanis Legend in Splunk Search 08-02-2022 1 4	1	4
How do I create a search that shows which Savedsearches were used in Dashboard? Hi I'm new to Splunk and what to create a search that shows what savedsearches where used in a dashboard?This is how ... by Sanz Explorer in Splunk Search 08-02-2022 0 3	0	3
How to get first non-null values in the table based upon other field values? I have a search that is generating the results like below. I need a search where if TAC, CellName and Date are same i... by phularah Communicator in Splunk Search 08-02-2022 0 6	0	6
How do I trigger alert if there are extracts where TOTAL_PIECES >0 and RETRIEVAL_ATTEMPT= 10? Hi, I want the alert to trigger if there are extracts where TOTAL_PIECES >0 and RETRIEVAL_ATTEMPT= 10 Is there anybod... by majilan1 Path Finder in Splunk Search 08-02-2022 0 6	0	6
How do I create multiple null values for an existing field? I have a search that counts the vulnerabilities for a given team and places them on a Bar chart on a dashboard based... by capilarity Path Finder in Splunk Search 08-02-2022 0 7	0	7
How to eliminate last few events in a Splunk search? I have a scenario that i'm getting N number of results for last 60min splunk search like below (5:00Pm to 06:00PM). 2... by Ananthu New Member in Splunk Search 08-02-2022 0 1	0	1
How to get failure and success percentage based on a particular field? Hi, I have many logs like this {"line":{"timestamp":"2022-07-27T20:35:32.756Z","level":"DEBUG","thread":"http-nio-... by krishnamurthyj Observer in Splunk Search 08-02-2022 0 1	0	1
How to get results from last week's data but only if there is a new returned result from last 24h? Hello everyone, I'm trying to schedule an alert looking like this: index=network host=device1 \| stats count by source... by evallja Path Finder in Splunk Search 08-01-2022 0 2	0	2
How to optimize search SPL Subsearch/Append? HI Splunkers, Requirement: I have to create table for COUNT OF ERRORS based on text search in _raw data. I have cre... by dhirendra761 Contributor in Splunk Search 08-01-2022 0 5	0	5
Can an IN clause in a SPL query have 277 values? How many values are allowed in an IN clause which is part of where clause? I want to read 277 values to be precise. i... by mihir_hardas Explorer in Splunk Search 08-01-2022 0 5	0	5
How to modify Time Zone in Splunk? Hello, We have a few types of logs generated with different time zones. Are there any ways SPLUNK can modify the time... by SplunkDash Motivator in Splunk Search 08-01-2022 0 13	0	13
Splunk Search - How to change Days in Previous Week? I have scheduled a Splunk report and set the search Time frame as Previous Week.The report I am getting is for Sunday... by alexspunkshell Contributor in Splunk Search 08-01-2022 0 1	0	1
How to make a report of details about all savedsearch that fire in a day? I want to make a report about how many alerts fired in a day. I saw in the job inspection I want all of these info, ... by phamxuantung Communicator in Splunk Search 08-01-2022 0 1	0	1
Need help in extracting branch numbers from event message I have a field called RenderedMessage in event log which has the following textTask finished: TaskID 1 for branch 60... by labaningombam Explorer in Splunk Search 08-01-2022 0 3	0	3
How to distribute a value form an event over a given time period? Data Model (simplified): - numeric value "Hours" - numeric value "StartTime" (assumed to always have time be 00:00:00... by Finn Explorer in Splunk Search 08-01-2022 0 4	0	4
Are successive joins expensive related to disk space quota? Hi, a question from a high level of what goes on behind the scenes. I have an internal user who has written lots of h... by lmonahan Path Finder in Splunk Search 08-01-2022 0 1	0	1