Splunk Search

Ask a Question

Discussions

Thread Info

Why unable to run certificate package version query for forwarders?

Unable to perform the following search provided by Splunk to check forwarder certificate package version: index=_i...

by Loves-to-Learn Everything in

Why do joined search returns a different results everytime I hit a search?

Hello, I am trying to join two searches for see, same hash exists on the other index as well. Below is my search, t...

by Path Finder in

How to transform nested json into separate rows?

Given json with hashes | makeresults | eval _raw="{\"yes\":true,\"no\":false,\"a\":{\"x\":0,\"y\":0,...

by New Member in

How to calculate statistical outliers over a 90d@h sliding window?

Scenario:We have a data source of interest that we wish to analyze.The data source is hourly host activity events.An ...

by Builder in

How to get eventstats count with dynamic parameter?

Hello! I would like to count from a field based on another field.I have a events with following 2 fields (Doors_O...

by Engager in

Search, use the same results for two different sub searches, then merge the results and chart them

I would like to narrow down my results and rename a few fields using an initial search, let's call these results A.Th...

by Explorer in

Application Logging: Select events that don't have certain values, not exclude- but never had those events

I have a .net core application that logs various events with properties (WorkItem, EventName, etc).I need to query Wo...

by Explorer in

How to chart the number of occurrences including its respective threshold for each host and each eventtype?

Hi everybody, I have the following problem and cannot seem to be able to wrap my head around it: I have a bunch...

by Path Finder in

Why is index not populating?

User of splunk attempted a search of index="os" It returns nothing after Dec 23. (Yes this went unnoticed for this...

by Loves-to-Learn in

How to set width for entire table?

Hello, i was actually hoping that would be rather straight forward. I can set width for panels, inputs, si...

by Path Finder in

How to display warning based on SPL?

Is there a way of showing a warning to the user based on their SPL. My use case is that users should not generally...

by Path Finder in

How can we use if else case condition in case of NaN, so that I can use now() in case of NaN?

while searching through all time in filter drop down, i am getting NaN value for "$tokLatest$", I don't know why it...

by Explorer in

How to break down multiple values into new columns dynamically?

I have column with Multiple Values separated by new line character Type is the column ID Type ...

by Engager in

How to mvfilter() the results of mvappend()?

I have several fields I want to lump into 1 multivalue field and remove blanks. At the start of an event, there ar...

by Explorer in

How to reference same field name from 2 different indexes when correlating ?

Hi All,I need to correlate data from 2 different Indexes wherein the field name is common. Index=idx1 ( This index ...

by Builder in

How to dynamically subtract two last column values?

Hi, have SPL that generates months of data. I want subtract just the last two columns. The fields will change month ...

by Contributor in

How to change the order of display of column in stats which is grouped by "count by"?

Hi all, My query has, .... | stats latest(time) as recent_event,latest(key) as recent_key, count by field1,fiel...

by Loves-to-Learn Everything in

Group events happened at the exact same time and search in the results

Hello Everyone, I'm trying to analyze data from a jboss server, http request and respons dumps. An "event" in t...

by Loves-to-Learn in

New to splunk, need help finding search.

Can not find main app search

by Engager in

With 10 blocks of lines, what is the Splunk command to get only 3 line where line starts from keyword ERROR?

Block: 2022-02-14 02:30:00,046 [Worker-3] DEBUG User job started2022-02-14 02:30:00,063 [Worker-3] DEBUG Calling i...

by Loves-to-Learn Lots in

I have a problem completing training

Hi this is what appears to me when I try to complete the training:Denied PersonDue to U.S. export compliance requi...

by Observer in

How to compare the values with the time and host?

Team,I am having a query which would result as below. _timeHostNameversion3/2/2022 15:22:04 PM3car2483/1/2022 15...

by Path Finder in

Could someone help on transpose command?

hello I transpose events like this | eval time=strftime(_time,"%H:%M") | sort time | fields - _ti...

by Motivator in

Why the field is shown by extraction of another field but not found by search?

Hi, as I create an extraction field with regex, the field match is shown correct. I can check the regex on https://re...

by New Member in

How to match a sequence of events in Splunk?

Hello, My SPL expertise are limited. I'm trying to write a search which matches a sequence of events. I'm working...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why unable to run certificate package version query for forwarders?

Why do joined search returns a different results everytime I hit a search?

How to transform nested json into separate rows?

How to calculate statistical outliers over a 90d@h sliding window?

How to get eventstats count with dynamic parameter?

Search, use the same results for two different sub searches, then merge the results and chart them

Application Logging: Select events that don't have certain values, not exclude- but never had those events

How to chart the number of occurrences including its respective threshold for each host and each eventtype?

Why is index not populating?

How to set width for entire table?

How to display warning based on SPL?

How can we use if else case condition in case of NaN, so that I can use now() in case of NaN?

How to break down multiple values into new columns dynamically?

How to mvfilter() the results of mvappend()?

How to reference same field name from 2 different indexes when correlating ?

How to dynamically subtract two last column values?

How to change the order of display of column in stats which is grouped by "count by"?

Group events happened at the exact same time and search in the results

New to splunk, need help finding search.

With 10 blocks of lines, what is the Splunk command to get only 3 line where line starts from keyword ERROR?

I have a problem completing training

How to compare the values with the time and host?

Could someone help on transpose command?

Why the field is shown by extraction of another field but not found by search?

How to match a sequence of events in Splunk?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6