Splunk Search

Discussions

Thread Info

Why is timechart crating stats which are not part of the search?

Hello All, I was extracting some volume data for PE testing from prod systems, using following query I am expe...

by Engager in

How to get Uptime in Days

My output format is 20220129054235.496380-300I need to convert the value in bold to normal and find the difference of...

by Path Finder in

How to receive a result containing value= '0' in column without using the " chart " command?

Hi all, I want a result containing value= '0' in column without using the " chart " commandThank you.

by Communicator in

How to make a dynamic string substitution to insert specific parameters into specific place in string

Dear Splunk community I need help with a presumably easy task, but it had already cost me quite a while. I'm tr...

by Explorer in

How to list results from two events that are linked via common field?

I would like to list results from two events that are linked via common field (system_id), but searched via value onl...

by Path Finder in

Why are the table command and dropping values?

Summary: When using the table command, values are dropped if { is the first character. ...

by Explorer in

Search to list all UF's and OS including version number (Windows Server 2008 RS, Windows Server 2016)

I did this a few weeks ago and now I can't seem figure out how I did it. I need a report listing all UFs, with the...

by Communicator in

How to Search/Visualization Time Chart - Days/Months Filter

Hello everyone, I'm pretty new to Splunk and mostly learning as I go, so please bear with me if this is a common q...

by Engager in

How can I get _time in stats command displays in Epoch when count is greater than 1?

Hello, The below search displays _time in human readable format when count of the results =1 but in EPOCH format w...

by Builder in

Where to find some already created Splunk use cases for github webhook logs?

Does anyone know where I can find some already created Splunk use cases for github webhook logs? I am having a rea...

by Observer in

Can these searches be combined?

I have two sets of IIS data (two sourcetypes) in a single index. One sourcetype logs web service requests, the other ...

by Path Finder in

How to convert seconds to days?

This search: index=perfstats host=hostname | chart max(System_Up_Time) as "System Uptime" by host Outputs a val...

by Path Finder in

How to auto increment/decrement a value based on character position?

Hi Everyone,So the goal here is to auto increment / decrement a value based on the position of character present in a...

by Communicator in

Having trouble reading complexed nested Json

Hi, struggling trying to count objects in a big json doc. I'm on version 8.0.5, so function json_keys is not availabl...

by Contributor in

How to chart data by month with sorting order?

I am running into an issue when I am trying to get a chart to populate with the data as I am expecting. I am runni...

by Path Finder in

Help masking data and regex?

Hi All, Can someone please help me in masking data and regex? currently, we have an event where I need to mask ce...

by Communicator in

How can you make data to come in different rows using mvzip?

Hi all, I have a query which gives this kind of table. Name Date Status Task ...

by Communicator in

How can I make the new field have less rows?

Here is the original log file: Host availabilty Hashmap is {HKL20167984SIT_13_8225=true, HKL20167984SIT_7_82FB=tru...

by Path Finder in

How to extract values from a CSV lookup based on date?

Hello, I am looking for some guidance please with regards to a CSV input I have that is automatically updated dail...

by Engager in

How to do field extraction with regex?

My events are in json format.The json path where my data is , is here "alert.smtp-message.smtp-header"And with in "...

by Contributor in

How could I make this pattern "a=b" from log files into 'a' as the key and 'b' as the value?

Hi, all! How could I make this pattern "HKL20167991SIT_7_8299=true" from my log files into 'XXXX'(the last four di...

by Path Finder in

How to save multiple values after multiple evaluation?

Hello Splunkers, for a project I'm working on, I would need to store different IDs in a variable after evaluating t...

by Explorer in

How to query to out the configurations for any particular app or index using Splunk web UI?

Hi All, Is there any search query to find out the configurations for any particular app or index using splunk web ...

by Path Finder in

How to regex match?

Hi, This is a raw log Job=[IN-SNMMIS-DLY]], I am trying to build regex just the words " IN-SNMMIS-DLY]" ...

by Communicator in

How to create sleep time of Windows PC calculation into timechart?

Hi, I am using following search into Windows EventViewer System logs that I extracted for testing: index="503461...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is timechart crating stats which are not part of the search?

How to get Uptime in Days

How to receive a result containing value= '0' in column without using the " chart " command?

How to make a dynamic string substitution to insert specific parameters into specific place in string

How to list results from two events that are linked via common field?

Why are the table command and dropping values?

Search to list all UF's and OS including version number (Windows Server 2008 RS, Windows Server 2016)

How to Search/Visualization Time Chart - Days/Months Filter

How can I get _time in stats command displays in Epoch when count is greater than 1?

Where to find some already created Splunk use cases for github webhook logs?

Can these searches be combined?

How to convert seconds to days?

How to auto increment/decrement a value based on character position?

Having trouble reading complexed nested Json

How to chart data by month with sorting order?

Help masking data and regex?

How can you make data to come in different rows using mvzip?

How can I make the new field have less rows?

How to extract values from a CSV lookup based on date?

How to do field extraction with regex?

How could I make this pattern "a=b" from log files into 'a' as the key and 'b' as the value?

How to save multiple values after multiple evaluation?

How to query to out the configurations for any particular app or index using Splunk web UI?

How to regex match?

How to create sleep time of Windows PC calculation into timechart?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions