Splunk Search

Discussions

Thread Info

How to exclude events if results from entire day returns zero?

I need to exclude events from a timechart only if they fulfill 2 conditions:the field returns 0 for ALL events in the...

by Path Finder in

Why are historical events not showing up in searches?

I needed to restart my Splunk instance on our heavy forwarder the other day. After restarting, I am unable to search ...

by Explorer in

Throttling resetting suppresions

I'm getting a bit annoyed at throttling for each, as although it works - it has a habit of resetting itself if I need...

by Path Finder in

How to extract 50A720 or 816851using | rex field=name mode=sed "s/816851/"?

The data i have is 816851-567-7554080981706881 50A720 -123-8150015922249983 816851-567-1135131573613120816851-567-006...

by Path Finder in

How to get aggregate information from lookup table and return to outer dbxquery?

Hi, I have a table as the main search using dbxquery below:| dbxquery connection=my_connection query="SELECT id, star...

by Loves-to-Learn Lots in

How to calculate dates in splunk?

again i wanted to list difference in dates between two periods and i have this code | eval LPD = strptime(LastPick...

by Explorer in

How to measure the server down time based on host and server status?

Sample Event: sent=1 received=0 packet_loss=100 min_ping=NA avg_ping=NA max_ping=NA jitter=NA return_code=1 dest=SHTC...

by Loves-to-Learn Lots in

How to pass result of one query to input as filed for another query?

I'm trying to pass the result of one query to as input field for another query. Please see the below screen shots and...

by Explorer in

How to use predicate expression in search?

Hi everybody,My data is: A = 10, B= 20, C = 30.the fomular that I use is: result = A/(B+C) but I have to verify, the ...

by Communicator in

How to extract common values from a multi-value field for different event times.

Hi All, I have a multi-value field as shown below- _time field_test2022-05-13...

by Engager in

How to calculate dates in my search?

Sorry team to bother you again, i have a code that is giving me issues | eval InT = (strptime('LastPickupDate',"%m...

by Explorer in

How to write a search query for disk partition I/O (as a pie chart) from Unix TA, which is onboarding Linux data.

How to write a search query for disk partition I/O (as a pie chart) from Unix TA, which is onboarding Linux data. Any...

by Engager in

Extract all regex matches as a list in each log

Input:Message ID ... tt_1 ... tt_2 ... tt_9 ... tt_3 ...

by Loves-to-Learn Everything in

How to convert multiples data field using xyseries and sort data Month wise?

Hi, My data is in below format I am trying to add the total of all the columns and show it as below ...

by Builder in

Is it possible to leverage view used by other app that doesn't exist in splunkjs/mvc?

Hi, I am trying to create a splunk app that mimics as much of the Search and Report functionality as possible with...

by Engager in

Why is splunk not detecting All Files during search?

Hi, im currently facing problem where splunk can detect all my files in directory but when doing searching, splunk ca...

by New Member in

How to edit my regex to remove all text before ":" if there is more than one

Hello Team, Splunkers, I am working on a correlation search and need to use a regex expression to strip all te...

by Engager in

How to use an evaluated field in search command?

Could you please let me know how to use an evaluated field in search command index=main sourcetype="access_combine...

by Explorer in

How to create a kvpair from two automatically extracted JSON arrays?

I'm in a situation where by sourcetype, I'm already having a nested JSON array broken into 2 fields: DeviceProperties...

by Contributor in

Is it possible to get dropdown token display name and value?

Hi I have a dropdown in my dashboard studio which has some static values like TokenName: appName Display Na...

by Explorer in

How to sort based on column values?

I have some data that's coming in as follows: "data": { "a": 100, "b": 200 } "data": { "a": 50, "c": 75 }...

by Explorer in

Why is extracted field not showing up in the results page?

I have a search criteria with extraction, It seems to be extracting the value. But it's showing up in it's own column...

by Explorer in

Why is Automated lookup using kvstore collection not working?

I have created a collection in app/local/collections.conf a matching lookup in app/local/transforms.conf I have...

by Path Finder in

Why is iplocation command returning wrong countries?

Hi everyone I am currently getting logs from microsoft 365 and one of its panels shows the impossible simultaneous...

by Explorer in

How to create rex for multiple fields?

HelloGood Day!I have the events in the raw data where i want to extract the drive information into few field and con...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to exclude events if results from entire day returns zero?

Why are historical events not showing up in searches?

Throttling resetting suppresions

How to extract 50A720 or 816851using | rex field=name mode=sed "s/816851/"?

How to get aggregate information from lookup table and return to outer dbxquery?

How to calculate dates in splunk?

How to measure the server down time based on host and server status?

How to pass result of one query to input as filed for another query?

How to use predicate expression in search?

How to extract common values from a multi-value field for different event times.

How to calculate dates in my search?

How to write a search query for disk partition I/O (as a pie chart) from Unix TA, which is onboarding Linux data.

Extract all regex matches as a list in each log

How to convert multiples data field using xyseries and sort data Month wise?

Is it possible to leverage view used by other app that doesn't exist in splunkjs/mvc?

Why is splunk not detecting All Files during search?

How to edit my regex to remove all text before ":" if there is more than one

How to use an evaluated field in search command?

How to create a kvpair from two automatically extracted JSON arrays?

Is it possible to get dropdown token display name and value?

How to sort based on column values?

Why is extracted field not showing up in the results page?

Why is Automated lookup using kvstore collection not working?

Why is iplocation command returning wrong countries?

How to create rex for multiple fields?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions