Splunk Search

Community Activity

	Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud? Hello everyone,I'm trying to collect data in JSON format from Splunk Cloud, and I understand that one of the options ... by franraf180 Engager in Splunk Search 01-15-2025 0 1	0	1
	Help with conditional event count. Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } I'm trying t... by AFKunc Explorer in Splunk Search 01-15-2025 0 6	0	6
	How to write a search to get the week number of the month from the given _time? We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So... by prachisaxena Explorer in Splunk Search 01-14-2025 0 6	0	6
	How to join multiple condition In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER2)Updating DB... by Swati Engager in Splunk Search 01-14-2025 0 15	0	15
	How to use conditional search Hi All,I have a main search where name1 filed will have multiple valuesI need to run sub search based on the value of... by nelaturivijay Observer in Splunk Search 01-14-2025 0 3	0	3
	mvmap command after migrate from 9.0.5 to 9.3.1 Mvmap has different results on different versionsleft screen is 9.3.1 version right is 9.0.5 if field will have more ... by pavellr Loves-to-Learn in Splunk Search 01-13-2025 0 4	0	4
	Apply a trendline to a chart of Unique User Sessions span 30 I've got to be close. But having issues trying to figure out how to get a distinct count of user sessions to show up ... by JeffV Explorer in Splunk Search 01-13-2025 0 4	0	4
	AWS Config data in Splunk I am trying to query AWS config data in Splunk to identify the names of all S3 buckets in AWS. Is there a way to writ... by amitshrigoel Explorer in Splunk Search 01-13-2025 0 3	0	3
	Two syslogs usually together but need to report when only one is seen I have two log messages "%ROUTING-LDP-5-NSR_SYNC_START" and "%ROUTING-LDP-5-NBR_CHANGE" which usually accompany each ... by rish_raw New Member in Splunk Search 01-11-2025 0 2	0	2
	Correlating values in different index Hi,I have two indexes - "cart" and "purchased" . In "cart" index there is a field "cart_id" and in "purchased" there ... by Souradip11 Explorer in Splunk Search 01-11-2025 0 2	0	2
	Export Logs from Zabbix to Splunk Dashboard via API on Button Click Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix ... by rohithvr19 Loves-to-Learn Everything in Splunk Search 01-11-2025 0 5	0	5
	How Do I Exclude Data Based On An Event? Hello Everyone, I am hoping someone can help me out as I have exhausted everything I can think of and cannot seem to ... by Wagzillion Observer in Splunk Search 01-10-2025 0 6	0	6
	expiry notification use case Hi All, I have designed a splunk query: \| inputlookup Expiry_details_list.csv \| lookup SupportTeamEmails.csv Applicat... by avi123 Explorer in Splunk Search 01-10-2025 0 1	0	1
	Results from Collect command not writing to index? Hi everyone, I recently took over a project by someone who is no longer with my employer. He made several scheduled s... by Aroot002 Path Finder in Splunk Search 01-10-2025 0 7	0	7
	how to find difference of two field value(string) and assign it to new field HI allI have a scenario where i have to find the difference of two field value (string) for examplefileda="raj", "rah... by rajsplunk Explorer in Splunk Search 01-10-2025 0 8	0	8
	Can a search string dynamically build commands, and then run them? My use case: I want to create a timechart of the number (count) of requests to a system, split by "connection type": ... by Graham_Hanningt Builder in Splunk Search 01-10-2025 0 15	0	15
	calculate percentage in a chart over day Hi,I am using a search Mysearch \|eval Guest=if(sid=22,BOT,Others) \| convert timeformat="%Y-%m-%d" ctime(_time) AS dat... by Souradip11 Explorer in Splunk Search 01-10-2025 0 4	0	4
	Trying to check and set values conditionally but below query is giving error Trying to check and set values conditionally but below query is giving errorError :-Error in 'eval' command: Fields c... by r_s01 Explorer in Splunk Search 01-10-2025 0 4	0	4
	Convert duration time to number integer I have this search, where I get the duration and I need to convert it to integer:Example: Min:Sec to Whole 00:02 ... by Miguel3393 Path Finder in Splunk Search 01-09-2025 0 5	0	5
	SPL OPTIMZATION Hey guys, so I was wondering if anyone had any idea how to optimize this query to minimize the sub searches. My brai... by Kenny_splunk Path Finder in Splunk Search 01-09-2025 0 1	0	1
	Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in result index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" ... by r_s01 Explorer in Splunk Search 01-09-2025 0 6	0	6
	Time after stats command Hey, I want to add _time column after stats command but I couldn't select the best command. Forexample; index=* \|... by hcelep Engager in Splunk Search 01-09-2025 0 5	0	5
	splunk query issues Hey team,I have one requirement i.e have to Create a splunk dashboard to report the # of Logins , # of LogoutsThe inp... by anu1 New Member in Splunk Search 01-09-2025 0 4	0	4
	How to rename fields when using 2 queries with OR Hello,I have 2 queries where indices are different and have a common field dest_ip which is my focus(same field name ... by sdcig Explorer in Splunk Search 01-08-2025 0 9	0	9
	where with empty subsearch result raises an error message Dear expertsBased on the following search: <search id="subsearch_results"> <query> search index="iii" sea... by Ste Path Finder in Splunk Search 01-08-2025 0 2	0	2