Splunk Search

Discussions

Thread Info

How to return all results if field is not exist?

Hi, i use regex to extract fields My query is | rex field=_raw "(?P<Command>((?<=\bCommand>).*(?=<)))" | rex field=_r...

by Explorer in

Combining two different events with same values from different source types

index=a0_payservutil_generic_app_audit_prd sourcetype="npp:pom:stdout" eventCode="fundsReservationManualInterventionN...

by New Member in

How to make a query to search filed by taking output from the the 1st query

I have a requirement like, I have to create a dashboard and there will be a input filed called as account Id and afte...

by Engager in

splunk crashing on lookup command

We have simple csv lookup like: network,descr 192.168.0.0/24,network_name Lookup description in transforms.con...

by Path Finder in

Calculating Splunk License Usage Based on a condition

Hi Team, I am aware that we can able to pull the license usage stats in splunk for index, host and sourcetype for a...

by Path Finder in

How do I find the versions of all my UFs & HFs and dates of install on Splunk Enterprise?

by Communicator in

strptime using 2020-03-08T02:00:21is 1 hour off

The following query returns a result that is one hour off. | makeresults| eval timestr="2020-03-08T02:00:21"| eval ...

by Explorer in

Splunk sort class not working with subsearch

With the below query I'm trying to sort dateTime by descending order but the sorting is not working, could someone pl...

by New Member in

How to split stats command results into rows

I have proxy logs, in which I am interested in 4 fields: the ip address of the user's computer, the category of the s...

by Engager in

How to hide X axis scale in a bar chart

Hi, I am unable to hide the X-axis scale in the bar chart. See below screenshot, I am plotting the chart u...

by Engager in

How to extract multiple values from output to create new column in table with associated values

Hello, I have a search query that produces a value similar to below. What i am trying to accomplish is to extract ...

by New Member in

Query 1 week with time range from 0900 - 1700

How do I create a search with below table result? Date RangeTime RangeCount of UsersJan-40900-1700900Jan-50900-1700...

by Observer in

Search Query to trigger an email of the host is not reporting in Splunk for last 15 minutes

Hi Team I have set of 5 hosts which are coming from an index=xyz and with sourcetype=iis so for example if any of t...

by Path Finder in

combine where and eval

Hi Community, how do i combine where and eval?Available field are "Gear" and "Torque_Crankshaft" Discribed in my ...

by Path Finder in

Round _value by mstats metrics

Hello, we use mstats to visualize the _value. But for cpu perfmon values there is a number with 10 or more decimals...

by Path Finder in

how to exclude several patterns by IN function?

Hi team, I have below sample events in splunk. 2021-04-09 07:12:41,323 PLV=EVENT DT=MANUALEVENT CIP=0.0.0.1CM...

by Path Finder in

can i clone alerts from the UI

Thats all i need the method for cloning alerts as we migrate

by Engager in

Get the context of an error

Hi Splunk Community! I'm trying to get the context of an error. Here is a snippet of the logs: 2021...

by Observer in

Why are the iplocations not working at all?

Hi My iplocation is not working at all, what am i missing? index=_internal sourcetype=splunkd_ui_access | stats...

by Motivator in

Need one help to prepare Splunk query.

Hello Team, I would like to setup Splunk email alert when Log Statement 2 and Log Statement 3 doe...

by New Member in

Splunk Search

Discussions

How to return all results if field is not exist?

Combining two different events with same values from different source types

How to make a query to search filed by taking output from the the 1st query

splunk crashing on lookup command

Calculating Splunk License Usage Based on a condition

How do I find the versions of all my UFs & HFs and dates of install on Splunk Enterprise?

strptime using 2020-03-08T02:00:21is 1 hour off

Splunk sort class not working with subsearch

How to split stats command results into rows

How to hide X axis scale in a bar chart

How to extract multiple values from output to create new column in table with associated values

Query 1 week with time range from 0900 - 1700

Search Query to trigger an email of the host is not reporting in Splunk for last 15 minutes

combine where and eval

Round _value by mstats metrics

how to exclude several patterns by IN function?

can i clone alerts from the UI

Get the context of an error

Why are the iplocations not working at all?

Need one help to prepare Splunk query.

Predict command

Why is it called delete when it doesn't delete, bu...

Sankey being covered up by stats table?

Round _value by mstats metrics

Search for user additions to Active Directory priv...