Splunk Search

Ask a Question

Discussions

Thread Info

append a field value to a lookup csv file

I have a hostname.csv file and contact these attributes. hostname.csv ip mac ...

by Explorer in

Default visualisation for charts

Each time I run a search query and click visualisation, the default is "column chart". How do I set this to default...

by Communicator in

Search term in table results

Ok maybe it is too much Splunk today. Whatever it is I can not for the life of me remember how to do this. I am do...

by Explorer in

Using splunk-sdk in user-defined functions in Spark/Databricks notebook

Background: I've created a small function in a spark/Databricks notebook that uses Splunk's splunk-sdk package. T...

by Path Finder in

Create Single Field and Multifield Values Based on Same Fields

Hi Splunkers, How can I create a single value field based on multiple fields? Also, let's assume that the field na...

by Path Finder in

Need help with spl query

index=web_logs sourcetype=access_combined | eval request_duration=round(duration/1000, 2) | stats avg(request_duratio...

by New Member in

Percentage of search field by day

Hi All I have a search string ... index="ee_apigee" vhost="rbs" uri="/eforms/v1.0/cb/*" | rex "(?i) .*?=\"(...

by Path Finder in

Join fields together

Good day,Is there a way to join all my rows into one?My simple query index=collect_identities sourcetype=l...

by Path Finder in

Need help search tablename and count across multiple lines

I have data like this in splunk search 2024-10-29 20:14:49 (715) worker.6 worker.6 txid=XXXX JobPersistence Total r...

by New Member in

Passing a diffrent base search based on the selection of input dropdown

Hello Splunkers, I would like to pass the two base search when input dropdown is set as all, i need to pass a ba...

by Contributor in

Chart with count statistics associated time from multiple table

Hi Guys, I have one master list that inculdes all items, and I want to consolidate two other time-related tables in...

by Explorer in

Filtering logfiles showing one error log for every row

Hello, I need help in creating a search query to filter info showing just our logfile with same error line for all ...

by New Member in

How to join two indexes with a search

Good day,I want to join two indexes to show all the email addresses that the user have that signed in. This queries m...

by Path Finder in

Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response

We have an on-prem Splunk-Enterprise Version: 9.0.4.1 We updated IDP url in the SAML configuration and after uploadin...

by Engager in

How do I send email alert if one or more subsearch exceed 50000 results?

Hello,Hello,How do I send email alert if one or more subsearch exceed 50000 results?For example below I have 4 subse...

by Motivator in

How do I join an inputlookup and a tstats search?

So I have a lookup file with a complete list of servers and their details like version, owner etc, and an index my_in...

by Explorer in

ジョブを消しても復活する現象について

splunkで以下のSPLをジョブのバックグラウンドに送りました。 | metadata type=sourcetypes | search totalCount > 0 その後、こちらのサーチのジョブを削除したのですが、sp...

by New Member in

How to match fields with the same name from two events and if match add a field

Hello, I have these two events that are part of a transaction. These have the same s and qid. I need to match s a...

by Explorer in

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

HiI am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 v...

by Explorer in

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

I'm using a query which returns entire day data : index="index_name" source="source_name" ...

by Observer in

Can I rename different fields the same thing?

I'm working with a dataset that lists companies and individual people, so that some entries have the field "Entity Na...

by Communicator in

How can I display only 1 value in a timechart that uses a by

Hellohow can I display only 1 value of these 3 "maxCapacitMachine" results (which are the same in all 3 cases) in a B...

by Explorer in

How can I optimize my Splunk queries for better performance?

I’m experiencing slow performance with my Splunk queries, especially when working with large datasets. What are some ...

by New Member in

How to extract fields from source?

How to extract fields from below source. /audit/logs/QTEST/qtestw-core_server4-core_server4.log I need extract ...

by Builder in

Replace Notable Title Variable With Value

I need to replace the variables in the field rule_title field that is generated when using the `notable` macro. ...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

append a field value to a lookup csv file

Default visualisation for charts

Search term in table results

Using splunk-sdk in user-defined functions in Spark/Databricks notebook

Create Single Field and Multifield Values Based on Same Fields

Need help with spl query

Percentage of search field by day

Join fields together

Need help search tablename and count across multiple lines

Passing a diffrent base search based on the selection of input dropdown

Chart with count statistics associated time from multiple table

Filtering logfiles showing one error log for every row

How to join two indexes with a search

Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response

How do I send email alert if one or more subsearch exceed 50000 results?

How do I join an inputlookup and a tstats search?

ジョブを消しても復活する現象について

How to match fields with the same name from two events and if match add a field

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

Can I rename different fields the same thing?

How can I display only 1 value in a timechart that uses a by

How can I optimize my Splunk queries for better performance?

How to extract fields from source?

Replace Notable Title Variable With Value

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions