Splunk Search

Ask a Question

Discussions

Thread Info

Check multiple arrays for value without knowing parent node(s)

The structure of JSON in my log events is roughly as follows { "Info": { "Apps": { "ReportingServices":...

by Explorer in

I have been trying to use the CASE function in splunk, but my results are not correct

This is my search. I brings back Not Known for every field instead of the correct case name: index=websphere websp...

by Communicator in

Rex has exceeded configured match_limit, consider raising the value in limits.conf.

Hi Splunkers, any help with Rex has exceeded configured match_limit, consider raising the value in limits.conf. My ...

by Path Finder in

Use variable as complete search string

I am trying to create a dashboard. It has two input text fields.I want to run a search query based on these two input...

by Engager in

show value in statistics where it doesnt exist in the logs

hello Splunkers i have a requirement where i need to show values in statistics even if it doesn't exist, for exampl...

by Path Finder in

Salesforce in SPLUNK

I am confused on why I only get _ID's from my Salesforce ingest, for example, I am not getting Username, Profile Name...

by Observer in

if _raw contains X rex this elseif _raw contains y rex this else rex this

like in the subject, i am looking at events with different fields and delimeters i want to say if the event contain...

by Engager in

Unable to use conditions against datamodel

Not sure what I am doing wrong. I have a datamodel with a dataset that I can pivot on a field when using the datamod...

by Path Finder in

Event time is not showing correctly on Dashboard table

Hello everyone, I'm having an issue that I'm trying to understand and fix. I have a Dashboard table that displays ...

by Path Finder in

how to search for user id's and any information that splunk has

we have a user ID that we are looking to find out what splunk has collected. what is the serach that i use?

by New Member in

Filter data from json file

Team,I am bit new to Splunk, need help to pull ERR message from below sample raw data. {"hosting_environment": "nonp"...

by Explorer in

Timechart and Timewrap

I am on Splunk 8.2.12. I am trying to get a distinct count of incidents that have happened in each month, year to d...

by Explorer in

Load Balancer

My team has created production environment with 6 syslog servers (2 in each of 3 multi site cluster). My question ...

by Communicator in

Join two splunk searches

in the outer query i am trying to pull the ORDERS which is Not available .I need to match the ORDERS which is Not a...

by Loves-to-Learn Everything in

Stats command with latest values listing

Hi Team, I have a splunk query that am testing for Service Now data extract. index=snow "INC783" | se...

by Communicator in

Adding zoom in option to timeline chart

Hello All, I'm having a timeline chart, I would like to add zoom in to this chart when we drang and select some ...

by Contributor in

whats wrong with this query??

Hello Everyone, I have below splunk query which will display the output as below (index= index_1 OR index...

by Path Finder in

I want to create a subsearch that will abbreviate all but the first 30 characters of the result.

index=replicate category=* action=* Message=* [search index=replicate | eval Msg=substr(Message,1,30)] | stats count ...

by Communicator in

Looking to improve a query with a lookup file

I have a lookup file that contains a column for hostname, ip address and location. I need a query that will check th...

by Explorer in

Need help with the correct regex

Hello, I'm trying to extract fields from an event, but am not up to par on my regex, and I can't seem to get this ...

by Path Finder in

Possible to output a literal string with backslashes from a lookup without escaping?

I am attempting to use a lookup to feed some UNC file paths into a dashboard search, but I am getting tripped by all ...

by Contributor in

How to tie in 2 different event sources to display a field value from one source based on a value from the other source.

Hello, Sorry, still trying to get the hang of Search queries. I am tasked with creating a table that displays a s...

by Path Finder in

Dowloading results of table to .csv file

Hello Splunkers, I'm getting proper results without any selction in input dropdown, I can able to download the...

by Contributor in

Java Logger and Splunk Class HttpEventCollectorLoggingHandler not working, forwarding to HEC + Splunk

I reduced content of my documentation of problem (Code and Trace), due to request from Splunk, I'm trying to log ...

by Engager in

Join two logs in Splunk

hi , I wanted to search and save result as table from two log statements. one log statement using regex to extract ...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Check multiple arrays for value without knowing parent node(s)

I have been trying to use the CASE function in splunk, but my results are not correct

Rex has exceeded configured match_limit, consider raising the value in limits.conf.

Use variable as complete search string

show value in statistics where it doesnt exist in the logs

Salesforce in SPLUNK

if _raw contains X rex this elseif _raw contains y rex this else rex this

Unable to use conditions against datamodel

Event time is not showing correctly on Dashboard table

how to search for user id's and any information that splunk has

Filter data from json file

Timechart and Timewrap

Load Balancer

Join two splunk searches

Stats command with latest values listing

Adding zoom in option to timeline chart

whats wrong with this query??

I want to create a subsearch that will abbreviate all but the first 30 characters of the result.

Looking to improve a query with a lookup file

Need help with the correct regex

Possible to output a literal string with backslashes from a lookup without escaping?

How to tie in 2 different event sources to display a field value from one source based on a value from the other source.

Dowloading results of table to .csv file

Java Logger and Splunk Class HttpEventCollectorLoggingHandler not working, forwarding to HEC + Splunk

Join two logs in Splunk

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions