Splunk Search

Discussions

Thread Info

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

After upgrading our environment from 8.1.3 to 8.2.3, some searches return "StatsFileWriterLz4 file open failed". Our ...

by Engager in

help to retrieve a token value in a dropdown list

Hi I launch a dashboard from another dashboard when I click on the field "Site" /app/spl_pub_dashboard/bib_re...

by Motivator in

Timewrap with specific time range

Hi, Iam a newbie and have just started exploring the power of splunk. My below query works fine except that I need ...

by Explorer in

Splunk Event difference calculation

hi, i am using the below query to list the bootup time and downtime based on event code.. but if the bootuptime sho...

by Path Finder in

AVG command with WHERE statement

Hello All, I am trying to calculate the Average of a column, but i want it to ignore all values that are equal ...

by Path Finder in

Json data fields are not extracting properly

Cisco logs with json format is not extracting properly. I tried from GUI using this kv delims in search and they are ...

by Engager in

Need help on creating table

I have table like below using my splunk query. Request1_tpsRequest1_avgRequest1_p95Request1_p90Request2_tpsRequest2...

by Loves-to-Learn Lots in

How to extract the following word from the sentence

Hi All, I want to extract the following word from sentence: nodeUrl=https://sappbos.aexp.com/odata.svc/v1.0/Blaze...

by Motivator in

I want to limit the search that matches the values which are a part of lookup

I want to limit the search that matches the "dest" values which are a part of lookupCurrently I am getting all events...

by Path Finder in

two search result at the same time

I want to have a search, the output of which is the next search stream, provided that each occurred at a common time....

by Explorer in

Need to print 2 counts with different time intervals

Hi Team,I need to use print two values from an index with different earliest values. please find the below example.in...

by Communicator in

How to mvzip two JSON Arrays

I am trying to find frequently used search filters from my application log. I have written a below query to extract...

by New Member in

Rest API quote escape

Hi guys I'm trying to run a search to the /jobs endpoint. however I get a bash: syntax error near unexpected tok...

by Explorer in

REST API tstats results slow

Hi guys I am definitely a splunk novice. I want to run a search with the splunk REST API. it is a tstats on a datam...

by Explorer in

Stats based on Case

I'm still new, and struggling with the following. I am looking at a set of data from three probes. If all three probe...

by Loves-to-Learn Lots in

How could I edit my search command in order to filter this table which will display the earliest time of the same value(

Hi, all! How could I edit my search command in order to filter this table which will display the earliest time of t...

by Path Finder in

rex to combine result

HiI have two field that extract send & rec like this: | rex "S\[(?<SEND>\w+\.\w+)" | rex "R\[(?<REC>\w+\.\w+)" ...

by Motivator in

How to use rex to extract JSON text in "ip" keyValue pair?

I have a json raw string from which I have to extract the "Source device","values":[{"ip": key a...

by Loves-to-Learn in

Trying to enrich data from IP addresses collected for a project

Hello, I have been trying to find a way to get internet service provider (ISP) information from IPs collected from a ...

by Observer in

I'm new to splunk queries and how to create an alert using Linux commands on Splunk?

I need to write a Splunk alert to check number of connections on a server. Using below Linux command I can get the re...

by Engager in

Deployed Apps Search

I would like to determine how many times an app on a deployment server has been deployed. I'm not concerned with the...

by Communicator in

Update CSV source without duplicates

I have csv data( source .csv file with sourcetype=csv ) which I need to update every week. Problem is that I might g...

by Communicator in

Why do I get different results from save search

Hi, I have a customer who is exporting data via the REST API, and getting different results from the same time per...

by Champion in

How to divide a value from a string into fields?

I have value in field: value: 10,5 CC,00136;CY,00004;JE,00004;QK,00004Where CC,CY,JE - type message and there are ...

by Explorer in

Creating tags error: Parameter "name" must be less than 1024 characters.

I have some data that their event field is sometimes... lengthy (not always) so when I try to tag the events of inter...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

help to retrieve a token value in a dropdown list

Timewrap with specific time range

Splunk Event difference calculation

AVG command with WHERE statement

Json data fields are not extracting properly

Need help on creating table

How to extract the following word from the sentence

I want to limit the search that matches the values which are a part of lookup

two search result at the same time

Need to print 2 counts with different time intervals

How to mvzip two JSON Arrays

Rest API quote escape

REST API tstats results slow

Stats based on Case

How could I edit my search command in order to filter this table which will display the earliest time of the same value(

rex to combine result

How to use rex to extract JSON text in "ip" keyValue pair?

Trying to enrich data from IP addresses collected for a project

I'm new to splunk queries and how to create an alert using Linux commands on Splunk?

Deployed Apps Search

Update CSV source without duplicates

Why do I get different results from save search

How to divide a value from a string into fields?

Creating tags error: Parameter "name" must be less than 1024 characters.

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions