Splunk Search

Discussions

Thread Info

Microsoft O365 add-on: How to extract data from emails?

I am facing challenges while extracting the data from emails, using the Microsoft O365 email add on. I want to ext...

by Explorer in

How to filter Search 1 result from Search 2 returned value?

We have many completely diff events. Sometimes, we got a result based on Search 1. But we want to exclude some record...

by Engager in

How do I create a field extraction that match/pick only the event which contains "ccexpire"?

I would like to match/pick only the event which contains "ccexpire". sample event :- 09/Dec/2021 23:52:39,Query...

by Loves-to-Learn Everything in

Why is outer join working with inputlookup but not with index?

Hi All,I have transaction data from a database and want to compare it with an index in splunk, filtering the transact...

by Path Finder in

Why can't tstats search sourcetype field specifically?

Hi All, I'm running the query | tstats count where index=<index name> by sourcetype No results OR ...

by Path Finder in

How to search that shows the current uptime of the server? and the date / time / user who last reboot the server?

by Loves-to-Learn Everything in

How to avoid a join in a lookup search?

I have 3 searches executing against same lookup, and since each lookup needs to be grouped by different set of fields...

by Path Finder in

How to get a count with dedup?

i have the following in a statistical table on a dashboard index=* <do search> | dedup B C | table _time B C D E F...

by Engager in

How to get incremental count of data?

Hi Team, I am looking to get incremental count of some data in dashboard. For example : If the count for a cert...

by Explorer in

Why do I get this error in my search?

<title> Clam Scan Results </title> <event> <search> ref="anti-virus scan results"> </search> <option name="list.drill...

by Explorer in

Why is apache logs relevant field name not showing in details log?

Hello , I have installed forwarder on Linux system and able to see logs in searches but the when i open a detailed...

by Explorer in

How to produce a table that can display 5xx status code counts per host over a timeframe?

I am trying to produce a table that can display 5xx status code counts per host over a timeframe (this will eventuall...

by Explorer in

How calculate the % based on two different tables where I am using addcoltotals to calculate grand total?

Hi Team, I want to calculate the % based on two different tables where I am using addcoltotals to calculate g...

by Path Finder in

How to get fields extracted by two fields?

i need the fields extracted by two fields 1) Detail message = before the comma ( I need the full description...

by Communicator in

Why am I unable to add field values over timechart?

Hi, I have 2 timecharts where I need to show a TOTAL count across specified field values. The first timechart must...

by Loves-to-Learn Lots in

How do I extract this field with regex for Nmap result?

Hi i want to extract the mac_algorithms field with regex from a nmap scan result. Does anyone have an idea how it wor...

by Engager in

How do I add the values in a single row and three columns?

stats count(eval(searchmatch(Bala))) as A count(eval(searchmatch(kasa))) as B count(eval(searchmatch(reddy))) as C ...

by Explorer in

How do I use xyseries get the count and the values for each field?

Hi Team, I have the following result in place with 30min bucket using stats values() and then xyseries time ...

by Communicator in

How to use files got as results from one query as source in another query?

Hi all, I have 2 queries, from one i get a list of files and the other query should use these files as their sourc...

by Communicator in

How to create event if no results are returned?

Hello Community, I have quite a strange issue to face...For a project I'm working on, I would need to create a new...

by Explorer in

How to merge 2 search in one search?

Hello I use 2 separate search almost identical Now I want to merge these 2 search in one search Here is the ...

by Motivator in

How do I round the time to up/down to the nearest hour?

Hi I'm fairly new to Splunk and I need to round my time field up/down to the nearest hour. For example... If...

by Explorer in

How to extract field name and field values from multi-value field?

I am indexing email data that Splunk reads from an inbox folder (via TA-mailclient). Those emails contain a csv file ...

by Contributor in

How to use xml cdata tag for not displaying characters?

hi I use a "link to the search" drilldown from a table panel When I have a look to my xml, I have a lot of sp...

by Motivator in

How do I split a multi value single field into multi fields?

JSON field=value pairing i have a log with single field name TestCategories and has multiple values in it like--x,...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Microsoft O365 add-on: How to extract data from emails?

How to filter Search 1 result from Search 2 returned value?

How do I create a field extraction that match/pick only the event which contains "ccexpire"?

Why is outer join working with inputlookup but not with index?

Why can't tstats search sourcetype field specifically?

How to search that shows the current uptime of the server? and the date / time / user who last reboot the server?

How to avoid a join in a lookup search?

How to get a count with dedup?

How to get incremental count of data?

Why do I get this error in my search?

Why is apache logs relevant field name not showing in details log?

How to produce a table that can display 5xx status code counts per host over a timeframe?

How calculate the % based on two different tables where I am using addcoltotals to calculate grand total?

How to get fields extracted by two fields?

Why am I unable to add field values over timechart?

How do I extract this field with regex for Nmap result?

How do I add the values in a single row and three columns?

How do I use xyseries get the count and the values for each field?

How to use files got as results from one query as source in another query?

How to create event if no results are returned?

How to merge 2 search in one search?

How do I round the time to up/down to the nearest hour?

How to extract field name and field values from multi-value field?

How to use xml cdata tag for not displaying characters?

How do I split a multi value single field into multi fields?

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions