Splunk Search

Discussions

Thread Info

How to convert multiple individual json objects into a nested json object ?

I want to convert some of the below individual json objects in the event into nested single json object like the seco...

by Explorer in

How to search or extract specific key/value pair from array?

Using the Splunk addon for AWS to collect ec2 instance metadata I get an array called tags with key/value pairs such ...

by Loves-to-Learn in

How to setup an alert but omit certain time of day?

Hello All, I'm trying to do a search "found ANC VITC in source 01:00:00;00" which works just fine, but I would lik...

by New Member in

How to correlate similar field values together and adding totals?

I am trying to use a lookup we use to track usage of exceptions in one of our platforms so that we can remove unneede...

by New Member in

How to create multiple values in time chart based on dropdown menu token?

I am looking to have a time chart table that has a dropdown menu based on a token, be able to show all of the values...

by Explorer in

How to get that file to be replicated to the other search heads?

I have a cron job that creates a lookup file under $splunkhome$/etc/apps/search/lookups on one of the search heads. H...

by Engager in

How to extract field names from an object or nested JSON field?

For these following two events: { "people": { "bob": 172, "maria": 161 } } { "people": { "bob": 172, "g...

by Engager in

How to combine two lookups?

On Splunk, I have the following 2 searches: 1) `ABC_logs(traffic)` user != "unknown" src_ip IN (*) dest_ip I...

by Builder in

How to compare two inputlook kv columns?

Hi There, we have two inputlook kv (File1 and File2) files and I want to compare 3 columns (AvsA, BvsB, CvsC) betwee...

by Observer in

Creating a SPL using tstats for Multiple Failed Logins Followed by Success?

Hello Splunk Community, I'm currently working on creating a search using the tstats command to identify user behav...

by Loves-to-Learn Everything in

How to make timechart with ratio failed/total ?

This is my search: message_data_type=gd*| timechart count by message_data_type limit=10 These are my results: ...

by Engager in

How to apply regex to a field?

Hello Splunkers, i want to to extract a 10-digit path from a url but unfortunately i always get this error: ...

by Engager in

How to update table only with the values filtered on dropdown selection?

I have a table with 3 different csv files that I have to show, with different values. When I select the value that ...

by Observer in

How to return count column in the existing search?

Hello, I have below search query index=my_index openshift_cluster="cluster009" sourcetype=opensh...

by Path Finder in

Federated Search Questions- Authentication option and Indexers?

Regarding Federated search: Is the only authentication option username and password? We use SSO on the remote sear...

by Path Finder in

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

Hi Splunkers!Any one able to assist me with a search that I am trying to create below. I want to extract some data fr...

by Explorer in

How do I evaluate on column in space and tab delimited logs?

Hello all. I have a log file that looks like this; PROCESS UP STATUS RESTARTS AGEPROCESS1 2/2 Running 0 6d...

by Explorer in

How extract data model fields using REST search?

I'm trying to at least initially to get a list of fields for each of the Splunk CIM data models by using a REST searc...

by Motivator in

What is the fastest way to use a lookup (or match records against a secondary source)?

I have index with json data that represents call data (phone calls), but there is nothing native in the index that re...

by Explorer in

Why is data is got getting indexed when we are adding csv file from add data under settings?

Hi,data is got getting indexed when we are adding csv file from add data under settings .. its events count is showin...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to convert multiple individual json objects into a nested json object ?

How to search or extract specific key/value pair from array?

How to setup an alert but omit certain time of day?

How to correlate similar field values together and adding totals?

How to create multiple values in time chart based on dropdown menu token?

How to get that file to be replicated to the other search heads?

How to extract field names from an object or nested JSON field?

How to combine two lookups?

How to compare two inputlook kv columns?

Creating a SPL using tstats for Multiple Failed Logins Followed by Success?

How to make timechart with ratio failed/total ?

How to apply regex to a field?

How to update table only with the values filtered on dropdown selection?

How to return count column in the existing search?

Federated Search Questions- Authentication option and Indexers?

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

How do I evaluate on column in space and tab delimited logs?

How extract data model fields using REST search?

What is the fastest way to use a lookup (or match records against a secondary source)?

Why is data is got getting indexed when we are adding csv file from add data under settings?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to convert multiple individual json objects in...

How to combine results of inputlookup and a search...