Splunk Search

Discussions

Thread Info

Splunk query to extract json key value

Please help to extract payload data from logs entries and extract the PlatformVersion and PlatformClient values. Need...

by Loves-to-Learn in

Need help with lookups issue

Hello Team, I need help with a splunk query where I am trying to get the AWS instance ID via lookup table but I am ab...

by Observer in

when no events or any field contains contains zero for past hour through an alert using tstats

Hi, using the below query to trigger an alert. | tstats count WHERE index=your_index AND(TMPFIELD="FIELD1" OR...

by Communicator in

bin/timechart and timezones- Is there Splunk Documentation about their behaviour?

Binning/timecharting seems quite straightforward regarding time... unless you want to span day+ ranges. From exper...

by SplunkTrust in

when no events or any field contains contains zero for past hour through an alert

Hi, I'm trying to trigger an alert for the below scenarios (one alert).scenario one: when there are no events, ...

by Communicator in

How could extract a new field from a sentence which contains the expression of the value?

Hi, all! Here's my log file: - the pattern: raw call progress sequence is: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - t...

by Path Finder in

exclude time range in splunk query

Hi, I'm trying to exclude events from the time range. index = _internal | eval Hour=strftime(_tim...

by Communicator in

Can subsearches access search tokens?

I am building a dashboard using simple xml. I have a populating search that defines inputs for a dropdown list. Th...

by Engager in

Cidrmatch between two lookups

I have two lookup files. My first lookup file has the columns: ip, host, dnsName. We will call it List1.csv The s...

by Builder in

Have field a equal field b if event_type = xxx

I have a search that is based on two events types - admin_login and admin_change. Admin_Login has two fields that th...

by Path Finder in

Extracting number from a string in order to use stats command. Regex?

Data: SERVICEPERFDATA::'total 120m'=8%;95;97 SERVICECHECKCOMMAND::check_nrpe3!check_cpu!-a!"warn=load > 95" "crit=l...

by Explorer in

limited statistics results when running query via API

Hi All, I am running a query and getting limited results in Statistics field (10,000).Earlier I was using the | sor...

by Observer in

cumulative sum

Hello I have events that include a field of username ( and of course _time) .I would like to count how many users w...

by Explorer in

How to write base query to get all the fields from below three multiple logs

Hi , I have to get the below fields extracted from these three logs to create visulisation: Fields i am interested: ...

by Explorer in

How to identify where the Splunk roles - authorize.conf is located in an app

Hi all,I have an authorize.conf located in an application, which is usually deployed via Deployer to SH members.There...

by Builder in

Delimited field extracts always result in rex errors

I recently started trying to set up some field extracts for a few of our events. In this case, the logs are pipe del...

by Path Finder in

how to get ratio of count filtered results with condition by total grouping by month and field?

Hello, I have the next query to get data grouped by month by software version using condition "where" ...

by Loves-to-Learn Lots in

Splunk Search

Can we populate the primary index logs to summary index . How to populate the logs from primary index to summary ...

by Path Finder in

I am want to group together similar pattern of data , and plot a pie chart to see the percentage of it.

Below is the query I am trying to use to get the result but, its giving error for eval statement. Could anyone plea...

by Loves-to-Learn Lots in

How to display differences week by week IP address data

I'm splunk beginner. I want to know which destination IP addresses are used on my enterprise infra by using firewa...

by Explorer in

regular expression to extract lines of text between two different texts

suppose i had data like below field="_raw" afadfadfadf afadsfagafg adfafafa string1 ......... afjal;dkfhao ...

by Explorer in

cartToPurchase(%) by productID : purchases/addtocart

Can you pls share the cartToPurchase(%) by productID : purchases/addtocart query

by Loves-to-Learn Lots in

eval/sum field

Hi folks,What query can I use to sum up my field "viewer.Id" to see how many viewers we have between 01/22/2022 and 0...

by Path Finder in

finding peak times from timechart (Part 2)

Hello, i am aware that there already is a Question from way back called: "finding peak and low times from timecha...

by Path Finder in

If I have an IP address from a search, how do I look for its hostname from a lookup table?

Hello experts, If I have only IP address of hosts from a search, how do I look for its hostname from a lookup tab...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk query to extract json key value

Need help with lookups issue

when no events or any field contains contains zero for past hour through an alert using tstats

bin/timechart and timezones- Is there Splunk Documentation about their behaviour?

when no events or any field contains contains zero for past hour through an alert

How could extract a new field from a sentence which contains the expression of the value?

exclude time range in splunk query

Can subsearches access search tokens?

Cidrmatch between two lookups

Have field a equal field b if event_type = xxx

Extracting number from a string in order to use stats command. Regex?

limited statistics results when running query via API

cumulative sum

How to write base query to get all the fields from below three multiple logs

How to identify where the Splunk roles - authorize.conf is located in an app

Delimited field extracts always result in rex errors

how to get ratio of count filtered results with condition by total grouping by month and field?

Splunk Search

I am want to group together similar pattern of data , and plot a pie chart to see the percentage of it.

How to display differences week by week IP address data

regular expression to extract lines of text between two different texts

cartToPurchase(%) by productID : purchases/addtocart

eval/sum field

finding peak times from timechart (Part 2)

If I have an IP address from a search, how do I look for its hostname from a lookup table?

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Error preventing me from saving search with chart

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions