Splunk Search

Ask a Question

Discussions

Thread Info

Deployed Apps Search

I would like to determine how many times an app on a deployment server has been deployed. I'm not concerned with the...

by Communicator in

Update CSV source without duplicates

I have csv data( source .csv file with sourcetype=csv ) which I need to update every week. Problem is that I might g...

by Communicator in

Why do I get different results from save search

Hi, I have a customer who is exporting data via the REST API, and getting different results from the same time per...

by Champion in

How to divide a value from a string into fields?

I have value in field: value: 10,5 CC,00136;CY,00004;JE,00004;QK,00004Where CC,CY,JE - type message and there are ...

by Explorer in

Creating tags error: Parameter "name" must be less than 1024 characters.

I have some data that their event field is sometimes... lengthy (not always) so when I try to tag the events of inter...

by Engager in

Using Eval to Filter Values

Hello Splunkers - I am trying to filter any value that is wrapped in $, such as $host$or $value$. I thought the belo...

by Communicator in

Graph total events over time

Hi all, Im attempting to create a graph that plots total number of events over time. I have tried various usages of...

by Explorer in

rex for http2 field in log

In the following log entry as "_raw": "OPTIONS /nnrf-nfm/v1 HTTP/2.0" 405 173 "-" "gmlc-http-client/2.0" "-" ...

by Explorer in

Splunk data doesn't split correctly

Hi Splunk team, When I used Splunk to search the log data and found it didn't split correctly, It displayed as bel...

by Engager in

Optimize query that hits disk usage limit when computing stats

Hi All, What I'm trying to do is to have a chart with time on x-axis and percentages by ResponseStatus on y-axis. ...

by Explorer in

After Eventstats two events are clubbed to a single row. how to ignore second event

Below column has two values after eventstats command. i want to ignore the second events "Passed" from the column "Va...

by Builder in

Match condition in the XML dashboard

Hai,I am looking for one match condition,Here is my requirement,<condition match=""boilerrole"== IN('$resul...

by Communicator in

Bandwith between SearchHeads and ClusterPeers

Hi Folks Is there a way to analyze the bandwith used between the SearchHeads and the indexer cluster peers? I kno...

by Path Finder in

Monitor number of threads used by a service installed on Windows Server

I have parts of a Windows .Net application that are installed as services and run as services under an account on Win...

by Engager in

Using transaction command to group jobs together based on different Statuses.Multiple startwith and endswith transaction

Ideally, JOB should start with Status as either RUNNING or STARTJOB or maybe both and it can end with either status a...

by Engager in

multisearch not allowing dedup individual search

I have two searches that I wanted to do some filtering before doing multisearch, Is that not possible? my code look...

by Communicator in

Splunk Alert to Incident add-on multiple results

Hello All, I have a simple search for the alert: Index="vpn" message="recently failed"|table _time, host,message ...

by Observer in

How do I search for business hours or non-business hours during the month?

I would like to search for business hours(09:00 ~ 18:00) or non-business hours(18:00 ~ 09:00) during the month. How d...

by Explorer in

Creating Custom IP reputation Check

Hello guys, I am fairly new to splunk, and i wish to create a system where i can extract unique client ips from our o...

by Engager in

Sync Max Y Value Between Different Charts

Hi everyone. I have three charts in a panel in a Simple XML dashboard and I'm trying to programmatically (i.e., with ...

by Explorer in

sub search does not return string on splunk 8.1.4

I get number from subsearch but get null for string like below on splunk 8.1.4.I found the splunk answer that resolve...

by Explorer in

JSON nested field extraction

I have the following JSON: { "kind": "report", "id": { "time": "2021-12-24T15:45:01.331Z", }, "events": [ { "pa...

by Explorer in

token passage

Hi , I have requirement like there two panels, in which the 1st one has success and failure as a column name and on...

by Engager in

How could I exclude the selected fields like "host", "source","sourcetype" in the event column which is displayed on the

Hi, all! I wish to display the event without the fields like "host", "source", and "sourcetype" like the photo belo...

by Path Finder in

How to write a search where if a specific value for FIELD1 is present in subsearch results, run Search1, but if not, run Search2?

I have a search which has a field (say FIELD1). I would like to search the presence of a FIELD1 value in subsearch. I...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Deployed Apps Search

Update CSV source without duplicates

Why do I get different results from save search

How to divide a value from a string into fields?

Creating tags error: Parameter "name" must be less than 1024 characters.

Using Eval to Filter Values

Graph total events over time

rex for http2 field in log

Splunk data doesn't split correctly

Optimize query that hits disk usage limit when computing stats

After Eventstats two events are clubbed to a single row. how to ignore second event

Match condition in the XML dashboard

Bandwith between SearchHeads and ClusterPeers

Monitor number of threads used by a service installed on Windows Server

Using transaction command to group jobs together based on different Statuses.Multiple startwith and endswith transaction

multisearch not allowing dedup individual search

Splunk Alert to Incident add-on multiple results

How do I search for business hours or non-business hours during the month?

Creating Custom IP reputation Check

Sync Max Y Value Between Different Charts

sub search does not return string on splunk 8.1.4

JSON nested field extraction

token passage

How could I exclude the selected fields like "host", "source","sourcetype" in the event column which is displayed on the

How to write a search where if a specific value for FIELD1 is present in subsearch results, run Search1, but if not, run Search2?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions