Splunk Search

Discussions

Thread Info

How to display data for every sunday of last 3 weeks in the given date and time range?

Say suppose we have data for the below date and time range, i want to pick only sunday's date and display the last 3 ...

by Explorer in

How to extract a field from my raw data using rex?

In my splunk logs, i have 2 IPs in 1 field name. I want to extract both IPs create a new field as IP1 & IP2. Pleas...

by Contributor in

How to rewrite the id with a type value of 2 to the id value with a type value of 1 for data with the same axid value?

Hi experts, Could you please advise me about SPL? Given the data below, I would like to rewrite the id with a t...

by Explorer in

How to create a search that will show other fields like dest_bunit with the port?

This search will display port numbers from the Endpoint datamodel | tstats 'summariesonly ' count from datamodel=E...

by Engager in

How to put a chart and a single value in a same row?

Hi, I have a chart to display value by time. Then I calculate the average of the value. I want to display the a...

by Communicator in

How to remove [] in Json format data?

I have a field properties.policies in json format field value: [{"fieldname":"fieldvalue","fieldname":"fieldvalu...

by Explorer in

Is there an easy way to remove a section of string from a field?

I want to get an alert and run it but there are items I wanted to remove. | rest "/servicesNS/-/-/saved/s...

by Explorer in

How to get token value and _time value from a single dropdown in a dashboard?

How can I pull 3 tokens from a single dropdown search? - I would like our users to select the case_idz, and have the ...

by Path Finder in

How to create a Splunk Allowlist Dashboard?

I am trying to create a dashboard for an allowlist. Basically the user should be able to fill in the required fields ...

by Path Finder in

How to Modify Field to exclude field not needed?

Hi,Can anyone help me how can I change the field of my query to exclude those with PRODUCED labelsquery: index...

by Explorer in

How to stats events for solving this problem please?

hello I stats events after 2 eventstats command like this | eventstats sum(netp) as "netp1" by site |...

by Motivator in

Invalid authorization - Code 3 - Why Splunk Zendesk Integration failing?

Hi All, I've stumbled on a very frustrating problem. I've created a HEC token to use in Zendesk so that Zend...

by Loves-to-Learn Everything in

Difference between lookup and search - i only want the unique value from the lookup that doesnt exist in the search

Hi All, I have a splunk query which i cannot get to work for the life of me: This is the search |inpu...

by Loves-to-Learn Everything in

Why is there no data being written to the _internal\_audit indexes?

Hello, After setting up a brand new standalone server (v 8.2.6) and migrating our data from another server, it see...

by Explorer in

How to change the number formatting to 2 decimals and multiply with 1000 for all fields except the fields with strings?

abcdefgxyz123456 My table looks like thatI need the following table abcdefgxyz1000.002000.003000.004000.0...

by Path Finder in

Is there a way to sample resulting events from a transaction?

Hello all, Is there a way to sample resulting events from a transaction? Thanks!

by Loves-to-Learn in

Is it possible to see the past readings of a single value graph over a time range?

HI all, can we see the past readings of a single value graph over a time range? like if at this moment the sing...

by Path Finder in

How to get the "last time" there was traffic on one of the services/for a particular client?

How can i get the "last time" there was traffic on one of the services/for a particular client?

by Path Finder in

Is there away to have Splunk automatically extract XML key value pairs?

I'm using SPLUNK to index an xml file. Is there a way to have SPLUNK automatically extract the key-value pairs for ea...

by Contributor in

Why don't transaction results match?

Hello all, The transaction command is not correctly grouping the events in query 1). The expected result is given ...

by Loves-to-Learn in

Is it possible to map one index to another index?

by Loves-to-Learn Everything in

How to search in real time and append those values in dashboard?

Hi all, whenever I get a new log I wanted to count of the number of logs for the last 5 min and then append it to...

by Path Finder in

How to avoid unwanted nested transactions?

Hi - I have a list of events, most of which pair up nicely as 'startswith' (A) and 'endswith' (B) to make a desired t...

by Engager in

How to extract token from HTTP header?

Hello Everyone, I have a set of data with a lot of HTTP requests, where I want to extract only the tokens highligh...

by Loves-to-Learn in

Help using IF function

Hi All, i am using IF function like |eval xxx= if ( status =="1","A", if(status =="2","A", if(status =="3","A","0") ...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display data for every sunday of last 3 weeks in the given date and time range?

How to extract a field from my raw data using rex?

How to rewrite the id with a type value of 2 to the id value with a type value of 1 for data with the same axid value?

How to create a search that will show other fields like dest_bunit with the port?

How to put a chart and a single value in a same row?

How to remove [] in Json format data?

Is there an easy way to remove a section of string from a field?

How to get token value and _time value from a single dropdown in a dashboard?

How to create a Splunk Allowlist Dashboard?

How to Modify Field to exclude field not needed?

How to stats events for solving this problem please?

Invalid authorization - Code 3 - Why Splunk Zendesk Integration failing?

Difference between lookup and search - i only want the unique value from the lookup that doesnt exist in the search

Why is there no data being written to the _internal\_audit indexes?

How to change the number formatting to 2 decimals and multiply with 1000 for all fields except the fields with strings?

Is there a way to sample resulting events from a transaction?

Is it possible to see the past readings of a single value graph over a time range?

How to get the "last time" there was traffic on one of the services/for a particular client?

Is there away to have Splunk automatically extract XML key value pairs?

Why don't transaction results match?

Is it possible to map one index to another index?

How to search in real time and append those values in dashboard?

How to avoid unwanted nested transactions?

How to extract token from HTTP header?

Help using IF function

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions