Splunk Search

Discussions

Thread Info

Splunk query- How to use spath command for the below logs?

How to use spath command for the below logs i have attached in the screenshot.

by Motivator in

How to delete duplicate logs?

I've uploaded the same log twice(using drag and drop option in add data) and now when I query I see duplicate results...

by Path Finder in

How do you map value from inputlookup to another search

Hi, I have 2 separate queries as below: Query1: (normal splunk search e.g. index=* host=abcde | table Message1,Me...

by Explorer in

Can you do conditional formatting in Splunk, like in Excel? (ex: have a cell color change based on percentage values in a column?)

Can you do conditional formatting, like in Excel, in Splunk? For example, can I have conditional formatting on the...

by Motivator in

How to check results and see if there is a name that does not exist in lookup?

Hi, I receive data from a particular product that is installed on various customers, that data is received ev...

by Loves-to-Learn Everything in

How to write a query required for checking all sourcetype which is configured for alert/report/dashboard

Hi Team, We are using Splunk Enterprise SIEM tool. we want to check all the source type which is configured for al...

by Loves-to-Learn Lots in

Trying to break multiline event into separate events

Sample Data: {{"device_id":"a1c842ef8c0545f48e8e61d3e03c68bb","ip":"192.168.193.162","topic":"DEVICE","event":"device...

by Engager in

Schedule search with updating value in lookup

Hi, I have following data which I use search to find from last 30 days and save it into lookup: CustomersOld Acqui...

by Explorer in

Response time or Latency comparison for API's against different time period

Hi - I want to list API's and its latencies / response times and want to compare the latencies in a table like below,...

by New Member in

How to use dst{} in data model?

I have a sourcetype the provides results for dst if it has one result or dst{} with multiple results. I am attempt...

by Path Finder in

How to extract fields out of the winevent IIS logs?

I'm trying to extract fields out of the winevent IIS logs. My regex works in regex101 perfectly. Also I can do someth...

by Path Finder in

How to create a multistage Sankey diagram with a single search without needing to "append"?

I have a dataset where each event summarizes a workflow, using the fields Foo->Bar->Baz, and I'm looking to create a ...

by Path Finder in

How to get transaction results in table with "transacted" items in separate rows?

Hello Experts, I have a transaction query that I am displaying in a table. I am able to get results in a table, ho...

by Explorer in

What is the configuration so that the following events show independently in the Splunk search?

Could someone help me with the Splunk configuration so that the following events show independently in the Splunk sea...

by Engager in

How to create a drop down with add and remove choices that will then remove or add the user?

Would like a way to create a drop down with add and remove choices that will then remove or add the user from the loo...

by Path Finder in

Why does this field extraction and rex give different results?

I'm completely stuck here. I'm trying to extract the "Path" from a logfile with this format: Time: 05/1...

by Engager in

How to extract desired data from search result?

Hi Team, We are trying below search: index=index_123 host=xyz source="/sys_apps_01/pqr/logs/xyz/mapper...

by New Member in

How to filter Specific Data from a host?

Hi there - I am trying to filter out some noisy rules in a specific firewall (FWCL01) from being ingested into splunk...

by Path Finder in

Help creating search to combine multiple message lines to create timechart

We have Splunk setup in our firm and our application logs writes TLS connections information that span across multipl...

by Engager in

Help showing top tenants by number of hosts in pie chart

I would like to make a pie chart which shows the Top 10 tenants by number of hosts and then put everything else under...

by Loves-to-Learn Lots in

How to add Filler gauge cpu/ram to dashboard?

Hi I have this json in my splunk : Serverip, serverRamUsage, TotalRAM, ServiceRAMUsage, serverCPUUsage, TotalCPU, ...

by Observer in

How to set this date search automatically? Need to set alert for yesterdays date search

index=* namespace="dk1017-j" sourcetype="kube:container:kafka-clickhouse-snapshot-writer" message="*Snapshot event pu...

by Explorer in

Correlating logs from two different sources

Hi Team, I have two log sources ,say x and y. For x we need to extract a field x1 and then for each x1 we need to...

by New Member in

Drilldown option is not working for Custom Search

Hi there, I am trying to enable drilldown on a dashboard view to use a custom search(see below search string snipp...

by Explorer in

Subsearch using time from lookup in main search

I am performing a lookup in a main search which returns earliest_event and latest_event timestamp values. I would li...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk query- How to use spath command for the below logs?

How to delete duplicate logs?

How do you map value from inputlookup to another search

Can you do conditional formatting in Splunk, like in Excel? (ex: have a cell color change based on percentage values in a column?)

How to check results and see if there is a name that does not exist in lookup?

How to write a query required for checking all sourcetype which is configured for alert/report/dashboard

Trying to break multiline event into separate events

Schedule search with updating value in lookup

Response time or Latency comparison for API's against different time period

How to use dst{} in data model?

How to extract fields out of the winevent IIS logs?

How to create a multistage Sankey diagram with a single search without needing to "append"?

How to get transaction results in table with "transacted" items in separate rows?

What is the configuration so that the following events show independently in the Splunk search?

How to create a drop down with add and remove choices that will then remove or add the user?

Why does this field extraction and rex give different results?

How to extract desired data from search result?

How to filter Specific Data from a host?

Help creating search to combine multiple message lines to create timechart

Help showing top tenants by number of hosts in pie chart

How to add Filler gauge cpu/ram to dashboard?

How to set this date search automatically? Need to set alert for yesterdays date search

Correlating logs from two different sources

Drilldown option is not working for Custom Search

Subsearch using time from lookup in main search

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions