Splunk Search

Ask a Question

Discussions

Thread Info

How to compute next cron iteration from _raw event?

Hi, I have a last run epoch time and a cron schedule (i.e. : "*/5 * * * *") in an _raw event and I'd like to parse...

by Explorer in

How can I calculate stats of a chart list?

I have the following query : ... | chart list(time) by request actor Where time it returns the time for...

by Path Finder in

How to create single row from multiple results?

Hi team, I have the following table with results IDprocessing timeactor12320actor112330actor212340actor3 A...

by Path Finder in

How to build a query to get the count of opened and resolved incidents every hour in a day?

Hi, I'm trying to build a query to get the count of opened and resolved incidents every hour in a day but the numb...

by Explorer in

Need help understanding Appending to Lookup file

Hi All,I have the below search. I am being told it appends results to a lookup table called user_ids. ...

by Builder in

How to Extract substring from Splunk String using regex

I ave a field "hostname" in splunk logs which is available in my event as "host = server.regi...

by Path Finder in

Experiencing rex extract errors with random pattern

Hi I have list of error codes that available here:https://www.ibm.com/docs/en/ibm-mq/9.1?topic=exceptions-jms-exce...

by Motivator in

How to make a Search NOT append results from previous row if record already exists ?

Hi All,We have a saved search (snippet below) which populates a CSV lookup file. The search is scheduled to run dail...

by Builder in

How to Populate data from one index to summary index?

Can we populate the raw events from one index to summary index. If yes how can I do that can you please help me

by Path Finder in

Eval against a lookup

Hello, I am new to Splunk and this is probably a basic query. I have a field with an email address and I want to chec...

by Explorer in

How to delete duplicates from Lookup csv file ?

Hello, We have a CSV Lookup file that is getting populated by a saved search. We are noticing there are lot of dupl...

by Builder in

Convert Epoch Time to Human Readable Date formatting issue

I have following Splunk Query which is trying to format Epoch captured start and end time into human readable format ...

by Explorer in

Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor

Hi guys I have an installation on Splunk 8.1.2 where we have XmlWinEventLog data ingested. When we run thi...

by Path Finder in

How to delete repeated rows and only keep the values that have a reason?

Hello, I need your help please, it happens that I have this table where when the technician enters the reason for ...

by Explorer in

Why do we use this is in the search ?

Hello, Here's my search: index="blah" sourcetype="blah" severity="*" dis_name IN ("*") "*" AND NOT 1=0 | ...

by Path Finder in

Using regex syntax to trim timestamp

Using regex, what is the syntax, to trim a timestamp formatted like 2022-01-06 01:51:23 UTC so that it only reflects ...

by Engager in

How to subtract one week from the current week in a report name?

Hello everybody, I have a report that is generated every week. I want to name the title of the report with the ...

by Observer in

How to create the table based on the specific time from latest(_time)?

I was trying to get the latest time from index=index1 sourcetype=source1 Below is the string: | tstats lat...

by Observer in

Help finding new solution when the lookup file contains strings and regular expressions

Hello guys!! I have a question about the lookup command when the lookup file contains strings and regular expressi...

by Explorer in

While using splunk Rest api getting 404 error in authentication

to do Splunk search with the help of API I am getting 404 error while doing this call response = self...

by Loves-to-Learn in

How to export a result with stats count of err_msg by Node and model?

I have 3 different sourcetype like Result , Node and error under same index. Result has id , model Node has add...

by Explorer in

How to remove repeated values from my search?

My Query is index=windows Type=Disk host IN (abc) FileSystem="*" DriveType="*" Name="*" | dedup host, Name | ...

by Path Finder in

How to Identify the events based on condition on other events

Hello Splunk Experts: From a system, we receive following events in splunk. I would like to get the event which do...

by Path Finder in

How can I retrieve count or distinct count of some field values using stats function

I have a table in this form (fields and values): USERID USERNAME CLIENT_A_ID CLIENT_B_ID 11 ...

by Explorer in

How to remove duplicate values in a column of table

My Query is index=windows Type=Disk host IN (abc) FileSystem="*" DriveType="*" Name="*" | dedup host, Na...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compute next cron iteration from _raw event?

How can I calculate stats of a chart list?

How to create single row from multiple results?

How to build a query to get the count of opened and resolved incidents every hour in a day?

Need help understanding Appending to Lookup file

How to Extract substring from Splunk String using regex

Experiencing rex extract errors with random pattern

How to make a Search NOT append results from previous row if record already exists ?

How to Populate data from one index to summary index?

Eval against a lookup

How to delete duplicates from Lookup csv file ?

Convert Epoch Time to Human Readable Date formatting issue

Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor

How to delete repeated rows and only keep the values that have a reason?

Why do we use this is in the search ?

Using regex syntax to trim timestamp

How to subtract one week from the current week in a report name?

How to create the table based on the specific time from latest(_time)?

Help finding new solution when the lookup file contains strings and regular expressions

While using splunk Rest api getting 404 error in authentication

How to export a result with stats count of err_msg by Node and model?

How to remove repeated values from my search?

How to Identify the events based on condition on other events

How can I retrieve count or distinct count of some field values using stats function

How to remove duplicate values in a column of table

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions