Splunk Search

Discussions

Thread Info

Excluding holidays and weekends for Alert and alert if there is 0 events

My search query:Index=xxx <xxxxxxx>|eval Date=strftime(_time,"%Y-%m-%d")| lookup holidays.csv HolidayDate as Date out...

by Communicator in

How to use "case" command with count?

I am looking to make a "pulse" dashboard for a host on my network, it will pulse green up when up and red when down. ...

by Explorer in

Set the index with a field when using collect command

Hello! I'm looking to set the index parameter of the collect command with the value of a field from each event. H...

by Contributor in

Search for events that have only specific multiple values in a field

Hey all - I have a need to search for events in Splunk that contain two specific values in one field. I want the resu...

by New Member in

Help with accessing the latest event

Hi, I have dataset in the following format Name,Status,Timestamp ABC,F, 04/24/2025 15:30:03 ABC, R, 04/24/202...

by Engager in

Need a rex to extract an ip address with a trailing port number

I would like to extract an ip address from a text field where the ip address has a trailing port number. The text i...

by Path Finder in

Why the same query returning different results on REST?

The following query return the expected result on Postman but return a different result on Javacsript fetch: se...

by New Member in

Replacing single backslash with double backslash and searching the result

Hi all,I'm trying to dynamically replace single backslashes with double backslashes in a search string and use the re...

by Engager in

How to add dark theme compatibility to custom app?

We use a custom app in our Splunk Cloud instance to segregate dashboards and searches from other teams. With the rece...

by Explorer in

Table a query with X and Y

Good afternoon Splunk Team, I have my search query: index=example_mine host=x.x.x.x [ | inputlookup myfiile.csv ...

by Engager in

Need to see data for the months with no events as zero

Hi all, I have a situation. Below is my search. Search needs to produce past 6 months of report. The goal is to pro...

by Builder in

splunk dashboard

So i have a dashboard and in drilldown i am showing severity in the servers now i want whenever the severity is solv...

by Path Finder in

Pulling back data from users login in using SAML.

Hello Splunk team, I need a search query that can pull data back of successful and unsuccessful login attempts of u...

by Engager in

Search for "index=*" in searches

Hello guys, I need a splunk query that list out all the alerts that have index=* in their query. Unfortunately,...

by Loves-to-Learn in

need to build an automation to import CSV from below mentioned github location into Splunk lookup file

anybody have experience for building an automation to import CSV from github location into Splunk lookup file, CSV f...

by New Member in

How to get data from raw array of json from sendgrid webhook events

I am currently working with data from SendGrid Event API that is being ingested into Splunk. The data includes multip...

by Explorer in

Why is a value appearing twice in a table but only occurs once in the event data?

I'm running a very simple search to draw a table. One of the values returned is appearing twice in the table, but onl...

by Path Finder in

Accuracy of metadata command in large environments?

The manual entry for the metadata command says "...in environments with large numbers of values per category, the dat...

by Legend in

How to specify the range of longitude and latitude

Use iplocation or geostats to display within a range of 100 kilometers (with longitude of 0.89 degrees and latitude o...

by New Member in

How to display JSON tree structure in a summary index without output_mode=hec?

Hello,How to display JSON tree structure in a summary index without output_mode=hec?I am not a Splunk admin. So, the ...

by Motivator in

Custom field from an event is not being parsed correctly

Hi, We are using the event field message in our alert, but in some cases, the field is not being parsed correctly. Fo...

by Engager in

How to check if a nested json object is present or not in the splunk record

I have a few records in the splunk like this {"timeStamp":"2025-04-21T08:21:40.000Z","eventId":"test_eventId_1"...

by Explorer in

Searching 2 indexes comparing 2 fields

I am trying to locate some data between two indexes, the common items are the src_interface and the network device na...

by Explorer in

Splunk time difference showing as null

I need to calculate time difference between start and end times. But I get the difference value as null. Not sure wha...

by Engager in

How to create sample JSON data and display it in a tree structure?

Hello,How to create sample JSON data and display it in tree structure?I used makeresults to create sample JSON data b...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Excluding holidays and weekends for Alert and alert if there is 0 events

How to use "case" command with count?

Set the index with a field when using collect command

Search for events that have only specific multiple values in a field

Help with accessing the latest event

Need a rex to extract an ip address with a trailing port number

Why the same query returning different results on REST?

Replacing single backslash with double backslash and searching the result

How to add dark theme compatibility to custom app?

Table a query with X and Y

Need to see data for the months with no events as zero

splunk dashboard

Pulling back data from users login in using SAML.

Search for "index=*" in searches

need to build an automation to import CSV from below mentioned github location into Splunk lookup file

How to get data from raw array of json from sendgrid webhook events

Why is a value appearing twice in a table but only occurs once in the event data?

Accuracy of metadata command in large environments?

How to specify the range of longitude and latitude

How to display JSON tree structure in a summary index without output_mode=hec?

Custom field from an event is not being parsed correctly

How to check if a nested json object is present or not in the splunk record

Searching 2 indexes comparing 2 fields

Splunk time difference showing as null

How to create sample JSON data and display it in a tree structure?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions