Splunk Search

Discussions

Thread Info

How to create a search lookup macro to output enriching field names appended to passed matching field name

I'm trying to create a search macro which accepts a field to match on and enriches the results with matches and outpu...

by Engager in

Why do results from extraction of multivalued fields contain fields missing in each statements?

Hi all, I need your help with a query to extract the values of fields with multiple values. The problem I'm facin...

by Explorer in

How to change existing field transformation via gui

I have created a field transformatie via the gui of splunk. I want to add a field in this transformation. If I open...

by Contributor in

How to parse string JSON along with actual JSON?

I have the following log in Splunk: { "tags":{ "app":"foobar", "ou":"internal" }, "log":"{\"key1\":\"value1...

by Path Finder in

Is there any method to create another script for the current data?

I am unable to find my script for my current dashboard and also not getting my data into dashboard so is there any me...

by New Member in

How to create a report that shows max indexed volume per day by month per index?

I need to create a report that shows max indexed volume per day by month per index. The following search gives me the...

by Builder in

How to breakdown errors in charts group by error codes in error tables or list?

Hello - I am a new Splunk user and learning as I go. My current task is to breakdown Errors/Exceptions in chart group...

by Path Finder in

How would I extract fields from raw data containing auto populated numbers in the fields I am trying to extract?

Hello Community, How would I extract fields from raw data containing auto populated numbers in the fields I am try...

by Explorer in

Combining And Analyzing Stats Across Events by Other Fields

tl;dr I want to take a list of events, separately sum the fields "message_accounts" (accounts processed in the event)...

by Loves-to-Learn in

In three related events, how do you avoid the one without a field value?

Hello, I have a tricky question. I'm trying to count tickets by providers we have. I am using the parent and su...

by Explorer in

How to improve efficiency of a Splunk search?

Hi All,One of my scheduled report is quite expensive.It runs everyday from Monday to Friday and results in 30 days wo...

by Explorer in

How to check the odd once out ( field < 1) field with 2 or more values?

how to check the odd once out ( field < 1) field with 2 or more values Ex field = true ...

by Explorer in

How to capture multiple lines in rex

HI all, I am trying to capture multiple lines between two strings in my log data. But so far have not been able to...

by Loves-to-Learn in

How to merge two Splunk queries ?

Hi All, I need help with Splunk Query for below scenario: Query 1:index =abc | table src, dest_name, severity,...

by Explorer in

Enterprise Search: Can we delete or clone correlation searches in the Content Management section?

Under the Content Management section, we only see the Enable and Disable options for the correlation searches. Is the...

by Motivator in

After installing license and restart , splunk is still reflecting the trial license of 500MB

Hello Experts, I have splink enterprise up with trial version installed. The license group was trail license grou...

by New Member in

How to write search with CASE and MATCH function?

Hi peeps, I need help to fine tune this query; index=network sourcetype=ping| eval pingsuccess=case(match(ping...

by Path Finder in

Why does search with subsearch fail if earliest and latest is used?

The following search does not produce any results: index=* earliest="04/19/2022:15:00:00" latest="04/19/2022:17:00...

by Path Finder in

How to build a correlation search for direct web traffic without proxy?

Hi Splunkers, I'm facing the following task: I have to build a correlation search that check users that go on a w...

by Path Finder in

How to write a Query to identify Splunk notable rule triggers with change in urgency?

Hello, I am trying write a query to identify if any Splunk notable rule triggers with change in Urgency (i.e...

by Engager in

Why does Splunk values() return swapped counts?

I want to use the values() function because I want to group by fields. If I just use count by I get the correct resul...

by Engager in

Why am I receiving this Error while using the |rest in the splunk rest API?

Hi Team, I am trying to run a search and get the searchId, I will use this searchId later to fetch the results. ...

by Path Finder in

Need Help with Splunk Query- Titles in chart

Hi, Can any one please help me with the query currently iam using " | rename * AS \|*\| " but i don't want \...

by Communicator in

How to Color all my dynamic column to min max scale color?

I would like to perform coloring in mindmidmax based on each column value. However, the column is dynamic, it is quit...

by Loves-to-Learn Everything in

Using timechart to get count, why is returning null values as 0?

Already using a query with below to get total number: | timechart span=1d count What can I add to return, show ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a search lookup macro to output enriching field names appended to passed matching field name

Why do results from extraction of multivalued fields contain fields missing in each statements?

How to change existing field transformation via gui

How to parse string JSON along with actual JSON?

Is there any method to create another script for the current data?

How to create a report that shows max indexed volume per day by month per index?

How to breakdown errors in charts group by error codes in error tables or list?

How would I extract fields from raw data containing auto populated numbers in the fields I am trying to extract?

Combining And Analyzing Stats Across Events by Other Fields

In three related events, how do you avoid the one without a field value?

How to improve efficiency of a Splunk search?

How to check the odd once out ( field < 1) field with 2 or more values?

How to capture multiple lines in rex

How to merge two Splunk queries ?

Enterprise Search: Can we delete or clone correlation searches in the Content Management section?

After installing license and restart , splunk is still reflecting the trial license of 500MB

How to write search with CASE and MATCH function?

Why does search with subsearch fail if earliest and latest is used?

How to build a correlation search for direct web traffic without proxy?

How to write a Query to identify Splunk notable rule triggers with change in urgency?

Why does Splunk values() return swapped counts?

Why am I receiving this Error while using the |rest in the splunk rest API?

Need Help with Splunk Query- Titles in chart

How to Color all my dynamic column to min max scale color?

Using timechart to get count, why is returning null values as 0?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!