Splunk Search

Ask a Question

Discussions

Thread Info

Why has field extractor incorrectly mapped the fields or shows same value for multiple fields?

I have a long event which I tried to extract fields from, using splunk's extract additional fields feature. I cho...

by Communicator in

How to correlate to multi-value fields from one event?

Hello, I have logs where there are multiple values for two fields. This data looks like this example below for ea...

by Engager in

How to extract the last three digits after the ">" sign, and than the summation of those values?

Hello, I have a search that prints out a list of numbers in this format. [144 ==> 143][145 ==> 144][144 ==> 145...

by Path Finder in

How to convert `_time` to the column and `host` as an index while using `mstats`?

How to convert `_time` to the column and `host` as an index while using `mstats`? | mstats avg(_value) prestats=t...

by Explorer in

How to subsearch/multisearch date based on minimum of main search?

lets say I have a subsearch or multisearch. I want to have my subsearch/multisearch date to be 30 days before the ...

by Communicator in

How to do the below search without having to use a second lookup with the header being host

I have this search where the splunk_check_hostnames.csv is a single column of hostnames with hostname as the header. ...

by Contributor in

How to implement a Splunk query that is based on if the other Splunk query result exist or not

Hello, I am trying to develop a splunk query. But the query that needs to be run is based on another SPlunk quer...

by Loves-to-Learn in

Lookup file: Why does scheduling the report diff in limitations from running it in free form search?

I have a lookup file that I am generating with a query. The query results in ~59,000 rows currently. If I run the...

by Path Finder in

Why are indexed real-time searches not returning results?

I have a Splunk Enterprise cluster (version 8.1.3) that for some reason, is not returning any results for indexed rea...

by Explorer in

How to create a regex that gives the count, if the url string has two question mark symbols (not consecutive though)?

Hi Experts, I have an issue with the search string, I have a url text like below and I need to filter that ou...

by New Member in

How to get a stats count on multiple fields in a table sorted by count?

Hi All, I am trying to get the count of different fields and put them in a single table with sorted count. stat...

by Explorer in

How to search a splunk search result?

I have a macro named X that uses the lookup in the search and produces the results as follows indexes index IN...

by Builder in

Streamstats command issue with splunk version 8.2.4

We are seeing strange behavior after updating Splunk from 8.0.4.1 to 8.2.4. The major issue is with all queries tha...

by Path Finder in

What are the types of sample logs dump similar to tutorialsdata.zip for exploring splunk search options?

Hi, I am looking for various types of sample logs dump similar to tutorialsdata.zip for exploring splunk search o...

by Explorer in

How to extract string from lookup field?

Hi, I need to extract a string from a field in a lookup. need to extract between <query> and <query> and ...

by Communicator in

Why is Lookup definition in transforms.conf not returning results?

I have created a lookup in the LOOKUP folder placed in local. Post that I defined the lookup in transforms.conf. T...

by Loves-to-Learn in

Why is the percentage of non high priority searches skipped (50%) is high?

The percentage of non high priority searches skipped (50%) over the last 24 hours is very high and exceeded the red t...

by New Member in

How to design a data catalogue that captures all source types that are being ingested?

I'm looking at designing a Splunk data catalogue that captures all source types (and metadata) that are currently bei...

by Engager in

How to sum two rows from a table?

I have the following table that I would like to summarize as total logins and total token creationsby creating a new ...

by Explorer in

How to get top 20 results from each category based on data size?

I've below search: | tstats summariesonly=true count, sum(All_Traffic.bytes) as total_bytes, sum(All_Traf...

by SplunkTrust in

How to get the last hour of events but also remove any data after last hour

Deleted

by Path Finder in

Scom: How to remove resolved events that are monitored using dedup?

We are ingesting scom events When an alert is triggered it is assigned an id (the earliest event pictured) and we ...

by Communicator in

How to add background cover for Dashboard Panel Title Colors?

Hello, I am trying to add a background cover for the panels within a dashboard. I have attached a pho...

by Explorer in

Why is it showing "splunk command not found"?

help

by Observer in

Can I get data out Splunk Cloud Platform?

Can I get data in Splunk Cloud Platform?and how can i get it (REST API, library in python,...)Any help is appreciated

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why has field extractor incorrectly mapped the fields or shows same value for multiple fields?

How to correlate to multi-value fields from one event?

How to extract the last three digits after the ">" sign, and than the summation of those values?

How to convert `_time` to the column and `host` as an index while using `mstats`?

How to subsearch/multisearch date based on minimum of main search?

How to do the below search without having to use a second lookup with the header being host

How to implement a Splunk query that is based on if the other Splunk query result exist or not

Lookup file: Why does scheduling the report diff in limitations from running it in free form search?

Why are indexed real-time searches not returning results?

How to create a regex that gives the count, if the url string has two question mark symbols (not consecutive though)?

How to get a stats count on multiple fields in a table sorted by count?

How to search a splunk search result?

Streamstats command issue with splunk version 8.2.4

What are the types of sample logs dump similar to tutorialsdata.zip for exploring splunk search options?

How to extract string from lookup field?

Why is Lookup definition in transforms.conf not returning results?

Why is the percentage of non high priority searches skipped (50%) is high?

How to design a data catalogue that captures all source types that are being ingested?

How to sum two rows from a table?

How to get top 20 results from each category based on data size?

How to get the last hour of events but also remove any data after last hour

Scom: How to remove resolved events that are monitored using dedup?

How to add background cover for Dashboard Panel Title Colors?

Why is it showing "splunk command not found"?

Can I get data out Splunk Cloud Platform?

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions