Splunk Search

Ask a Question

Discussions

Thread Info

How to search Indexes with count = 0

Dear Team, I just want to use the simple search below to see which indexes are having zero count that day/week/whi...

by Explorer in

How to get count for different values in a field when dealing with datamodels?

I have a Data Model called Web_Events with a root object called Access. There is a field in Access called 'status_...

by Engager in

Joining Tables

Hello, I need your help please, I have two tables resulting from two searches and I need to join these two tables ...

by Explorer in

How to extract the following fields?

2022-02-03 12:07:12 [machine-run-00000-hit-000000-step-00000] [[Card Onboarding] CCC Capture - Logging Framework] [Ca...

by Contributor in

How to check migration is successful?

There are 2000 dashboards in Splunk. Out of which, some are used and some are not. How to check that? How to migrate ...

by New Member in

How to check Splunk metrics in prometheus

I'm deployed a Splunk in VM. How to get the instance application Splunk metrics in Prometheus.

by Observer in

How to extract field from one event and search field one by one in other event

This event is printed eveytime UserPin AreaCode AreaNum Sector Short Sem are unique for each userid and come only ins...

by New Member in

Why doesn't event one field value not match with lookup file field value?

We have event having field "ip_client" and have lookup file i.e(F5_IPS_Exclusion.csv) having field "F5_Exclusion_IP" ...

by Loves-to-Learn Everything in

Why is data extraction showing different time formats?

In the query _time is already formatted. But when i try to export the data in csv its showing different formats. ...

by Path Finder in

Grouping event by correlation id with the closest time

Hi All, We have a number of micro services with correlation id flowing across the request and responses. What i'm t...

by New Member in

How to change SPL comparison dates in dashboard with a CASE clause dynamically?

Hello, I'm new to Splunk and I was searching and trying many solutions before asking here, but I'm really stuck. I...

by Engager in

How to match the search string presence in lookuptable and show the presence as yes or not in result table

Hi Guys, I have a string say example : abc this string I want to lookup and match the presence in a lookup table ...

by Loves-to-Learn Lots in

Why am I not receiving results for different time ranges in a subsearch and main search?

Hello! I'm struggling with the time ranges within my query. I have two indexes (anonymized) inde...

by Path Finder in

How to calculate days for past and future days?

Hello, I want to calculate the days in difference like below like future days should be in positive and past days ...

by Builder in

Why is this query malformed after adding in a simple division statement?

Good afternoon Guru's, I just was put into a position to teach myself how to splunk. I don't have experience with ...

by Explorer in

How could I map one existing field with another csv file by using automatic lookups?

Hi, all! I have one existing field which is CHECKPOINT_ID from my table 1 and another csv file which contains an in...

by Path Finder in

Why am I not able to tag single events when they don't have a small enough field to use for the tags?

The original problem I am trying to fix is that I am not able to tag single events since they dont have a small enoug...

by Engager in

How to delete the repeated rows and only keep the values that have a reason?

Hello, Please I need your help, I have a dedup with a conditional. It happens that I have this table where whe...

by Explorer in

How to calculate percentage during runtime?

This is give me data in integers, I want calculate percentages. How can we do it? | savedsearch cbp_inc_base | ...

by Path Finder in

How to exclude duplicates when using outputlookup ?

Hello All, I have a lookup that is a saved as a schedule report that runs once a week. This schedule report will ...

by Path Finder in

How to generate or repeat the search condition that generates some stats for multiple days?

Hi, using logs i am generating some stats that are needed to track the performance of my app on daily basis using ...

by Explorer in

Which applications are ingesting more data and violating the license?

Hi All, I would like to know which applications are ingesting more data and violating the license. I tried the...

by Path Finder in

How to extract startTime using query and then convert the extracted startTime- which is in GMT to PST?

Hi Splunkers, Below is my sample event, [2021-02-06 15:30:03] production.INFO: {"uri":"https:\/\/platform.ringc...

by Explorer in

Why do fields extracted from JSON by spath in eval result in null?

I cannot use any of the fields extracted by spath inside an eval. The result is always null. Input: (formatted fo...

by Engager in

Splunk query to extract json key value

Please help to extract payload data from logs entries and extract the PlatformVersion and PlatformClient values. Need...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search Indexes with count = 0

How to get count for different values in a field when dealing with datamodels?

Joining Tables

How to extract the following fields?

How to check migration is successful?

How to check Splunk metrics in prometheus

How to extract field from one event and search field one by one in other event

Why doesn't event one field value not match with lookup file field value?

Why is data extraction showing different time formats?

Grouping event by correlation id with the closest time

How to change SPL comparison dates in dashboard with a CASE clause dynamically?

How to match the search string presence in lookuptable and show the presence as yes or not in result table

Why am I not receiving results for different time ranges in a subsearch and main search?

How to calculate days for past and future days?

Why is this query malformed after adding in a simple division statement?

How could I map one existing field with another csv file by using automatic lookups?

Why am I not able to tag single events when they don't have a small enough field to use for the tags?

How to delete the repeated rows and only keep the values that have a reason?

How to calculate percentage during runtime?

How to exclude duplicates when using outputlookup ?

How to generate or repeat the search condition that generates some stats for multiple days?

Which applications are ingesting more data and violating the license?

How to extract startTime using query and then convert the extracted startTime- which is in GMT to PST?

Why do fields extracted from JSON by spath in eval result in null?

Splunk query to extract json key value

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions