Splunk Search

Ask a Question

Discussions

Thread Info

Multiline field search: How to print multiple events?

In logs there are multiple lines printed like below and I want to print all of them in a table but my search query o...

by Explorer in

How to filter out one field events base on other field with two events?

Hi All,I have this report My requirement is only show in table those event that do not have the Plug...

by Path Finder in

Can I index into array in my search to pull two specific displayName and result values out and use stats command?

Hello folks, I'm trying to write a drill-down search for a correlation search in Enterprise Security, and I'm havi...

by Loves-to-Learn Lots in

How do I convert Duration field in sec to day Hr Min Sec?

Base query: index=jenkins* teamcenter |search event_tag=job_event |search build_url=*TC_Active* |where isnotnu...

by Loves-to-Learn Everything in

How to filler a Field base on other two field?

host="SPL-SH-DC" sourcetype="ABCSW"......| search "Plugin Name" != "TLS Version 1.1 Protocol Deprecated" AND Port != ...

by Path Finder in

Make sure Value from one specific event is not in any other events

I can't wrap my head around how to do this search. It's like I need an array or variable. Example Data: Hostname...

by Path Finder in

How can I use * in eval if statement?

| eval RouteLatency = if (Name="ABC" AND HTTP="*https://.net.*.com*" , bckLatency ,RouteLatency )

by Path Finder in

How to convert the time in raw data to different timezone?

I have the raw data where i need to convert the time in raw data to particular time zoneexample:if the time contains ...

by Path Finder in

Why am I unable to extract cookie field?

So I'm trying to extract a field called "secureToken=tokenvalue" from our akamai logs. However when I try to extract ...

by Path Finder in

How do I list machines that do not match my search?

How do I list machines that do not match my search?"if" my script runs, a message is sent to splunk. The script runs ...

by Explorer in

SplunkPhantom: Could not load JSON from CEF parameter: Error Code: Error code unavailable. Error Message: Expecting ','

Could not load JSON from CEF parameter: Error Code: Error code unavailable. Error Message: Expecting ',' delimiter: l...

by New Member in

Case-insensitve sort

Is there a way that I can sort some data alphabetically where the values are case insensitive? Currently, it sorts al...

by Path Finder in

How to Combine Multiple Data Sources in Pie Chart Visualization?

I have a data sources that shows if an order was resolved as fraudulent (data="resolutions") and in a different d...

by Explorer in

Why is the Splunk app not displaying?

Hi Team, The below screen shot in prod environment Splunlk App displaying app when ever select , but dev environm...

by New Member in

How to compare Sum of event counts per day until bow()?

Hello, I want to compare event counts for indexes to evaluate if there is unexpected changes in logging. In o...

by Explorer in

Help with data enrichment

Hi everyone! I would appreciate your help with the following search, I can't find how to do that, I need to ad...

by Explorer in

Recursive macro invocation fails- Is there a different solution besides defining all possible list values?

Hi everyone, I have the following issue: within a search and a data field I find values like this: db2_stat = "...

by Explorer in

Compare Different Fields in Different Events

New to Splunk and banging my head against the wall with this problem for over a day now. Please help... Need to com...

by Explorer in

How to get dynamic inputs through a query in Dashboard studio?

Hi, I am trying to implement a dynamic input dropdown using a query in the dashboard studio.The code I am using is...

by Contributor in

Stats Count Field To Include 0 For each Bin period

I’m trying to get a count for activity on around 10 different APIs. The search is: index=api_logs | bin span=5min...

by Engager in

Splunk DBConnect use the SQL WITH statement

Can Splunk DBConnect use the SQL WITH statement? WITH TABLE_BASE AS (-- this section is the base query and matc...

by Path Finder in

Remove field values from one multi-valued field which values are present in another multi-valued field

Remove field values from one multi-valued field which values are present in another multi-valued field Looking for ...

by SplunkTrust in

What is the "correlate" function doing behind the scenes

I am trying to use the correlate command in Splunk but keep receiving "1.0" or other numbers as the correlation value...

by Explorer in

Why are multiple Lookups showing no results instead of Zero?

Hi everyone: I have a lookup I am using to filter against another lookup and I'm having trouble getting the output to...

by Communicator in

Calculate NPS (Net Promotor Score)

Data is events with a date, username, company, score. I want to calculate an NPS score by company. detractors = ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multiline field search: How to print multiple events?

How to filter out one field events base on other field with two events?

Can I index into array in my search to pull two specific displayName and result values out and use stats command?

How do I convert Duration field in sec to day Hr Min Sec?

How to filler a Field base on other two field?

Make sure Value from one specific event is not in any other events

How can I use * in eval if statement?

How to convert the time in raw data to different timezone?

Why am I unable to extract cookie field?

How do I list machines that do not match my search?

SplunkPhantom: Could not load JSON from CEF parameter: Error Code: Error code unavailable. Error Message: Expecting ','

Case-insensitve sort

How to Combine Multiple Data Sources in Pie Chart Visualization?

Why is the Splunk app not displaying?

How to compare Sum of event counts per day until bow()?

Help with data enrichment

Recursive macro invocation fails- Is there a different solution besides defining all possible list values?

Compare Different Fields in Different Events

How to get dynamic inputs through a query in Dashboard studio?

Stats Count Field To Include 0 For each Bin period

Splunk DBConnect use the SQL WITH statement

Remove field values from one multi-valued field which values are present in another multi-valued field

What is the "correlate" function doing behind the scenes

Why are multiple Lookups showing no results instead of Zero?

Calculate NPS (Net Promotor Score)

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions