Splunk Search

Discussions

Thread Info

How do i pick the first and last value in a table with one column

I am doing a CTF that provides logs to filter and work through, one of the questions asks for the time period between...

by New Member in

How to remove duplicate value from one column and do addition of corresponding values in another column

I have 2 columns 1 has application name another has number of instances . I want to remove duplicate application nam...

by Engager in

Search blocked by license notice

Hello, We recently installed Splunk, we thought we had a free license, however we got a notice that we have exceede...

by Explorer in

how to move a value into adjacent row

Hello, I have a condition when the variable new_tag of the previous row is equal to 1 and the variable test_tag of ...

by Explorer in

How could I adjust the time to only show the yyyy/mm/dd/hour/minute?

Hi, all! Here's my current time format! How could I adjust into the format from 2022-01-20 18:21:19,448 to 2022-01-...

by Path Finder in

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

After upgrading our environment from 8.1.3 to 8.2.3, some searches return "StatsFileWriterLz4 file open failed". Our ...

by Engager in

help to retrieve a token value in a dropdown list

Hi I launch a dashboard from another dashboard when I click on the field "Site" /app/spl_pub_dashboard/bib_re...

by Motivator in

Timewrap with specific time range

Hi, Iam a newbie and have just started exploring the power of splunk. My below query works fine except that I need ...

by Explorer in

Splunk Event difference calculation

hi, i am using the below query to list the bootup time and downtime based on event code.. but if the bootuptime sho...

by Path Finder in

AVG command with WHERE statement

Hello All, I am trying to calculate the Average of a column, but i want it to ignore all values that are equal ...

by Path Finder in

Json data fields are not extracting properly

Cisco logs with json format is not extracting properly. I tried from GUI using this kv delims in search and they are ...

by Engager in

Need help on creating table

I have table like below using my splunk query. Request1_tpsRequest1_avgRequest1_p95Request1_p90Request2_tpsRequest2...

by Loves-to-Learn Lots in

How to extract the following word from the sentence

Hi All, I want to extract the following word from sentence: nodeUrl=https://sappbos.aexp.com/odata.svc/v1.0/Blaze...

by Motivator in

I want to limit the search that matches the values which are a part of lookup

I want to limit the search that matches the "dest" values which are a part of lookupCurrently I am getting all events...

by Path Finder in

two search result at the same time

I want to have a search, the output of which is the next search stream, provided that each occurred at a common time....

by Explorer in

Need to print 2 counts with different time intervals

Hi Team,I need to use print two values from an index with different earliest values. please find the below example.in...

by Communicator in

How to mvzip two JSON Arrays

I am trying to find frequently used search filters from my application log. I have written a below query to extract...

by New Member in

Rest API quote escape

Hi guys I'm trying to run a search to the /jobs endpoint. however I get a bash: syntax error near unexpected tok...

by Explorer in

REST API tstats results slow

Hi guys I am definitely a splunk novice. I want to run a search with the splunk REST API. it is a tstats on a datam...

by Explorer in

Stats based on Case

I'm still new, and struggling with the following. I am looking at a set of data from three probes. If all three probe...

by Loves-to-Learn Lots in

How could I edit my search command in order to filter this table which will display the earliest time of the same value(

Hi, all! How could I edit my search command in order to filter this table which will display the earliest time of t...

by Path Finder in

rex to combine result

HiI have two field that extract send & rec like this: | rex "S\[(?<SEND>\w+\.\w+)" | rex "R\[(?<REC>\w+\.\w+)" ...

by Motivator in

How to use rex to extract JSON text in "ip" keyValue pair?

I have a json raw string from which I have to extract the "Source device","values":[{"ip": key a...

by Loves-to-Learn in

Trying to enrich data from IP addresses collected for a project

Hello, I have been trying to find a way to get internet service provider (ISP) information from IPs collected from a ...

by Observer in

I'm new to splunk queries and how to create an alert using Linux commands on Splunk?

I need to write a Splunk alert to check number of connections on a server. Using below Linux command I can get the re...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do i pick the first and last value in a table with one column

How to remove duplicate value from one column and do addition of corresponding values in another column

Search blocked by license notice

how to move a value into adjacent row

How could I adjust the time to only show the yyyy/mm/dd/hour/minute?

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

help to retrieve a token value in a dropdown list

Timewrap with specific time range

Splunk Event difference calculation

AVG command with WHERE statement

Json data fields are not extracting properly

Need help on creating table

How to extract the following word from the sentence

I want to limit the search that matches the values which are a part of lookup

two search result at the same time

Need to print 2 counts with different time intervals

How to mvzip two JSON Arrays

Rest API quote escape

REST API tstats results slow

Stats based on Case

How could I edit my search command in order to filter this table which will display the earliest time of the same value(

rex to combine result

How to use rex to extract JSON text in "ip" keyValue pair?

Trying to enrich data from IP addresses collected for a project

I'm new to splunk queries and how to create an alert using Linux commands on Splunk?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions