Splunk Search

Discussions

Thread Info

Email from Splunk

I have splunk search - index=cloud EventName: "Error Occurred" XChangeToSalesForce | rename message as "Message" _tim...

by Loves-to-Learn Lots in

Split results into multiple charts

Hello, I am creating a query for my proxy data. The idea is to show all categories that I want in multiple single ...

by Path Finder in

space in values not filtering data on dashboard

I have data coming in where I have a field called Result which holds data as below 1) "FAIL" 2) " FAIL " 3) "PA...

by Explorer in

Merging similar error strings

this is similar to https://community.splunk.com/t5/Splunk-Search/Merging-with-similar-strings-without-eval/m-p/484972...

by Explorer in

join replacement with stats

OK, I'm trying to improve performance by replacing some join queries with stats, but struggling on a filter.I have th...

by Path Finder in

Trellis Search

Splunk's VisualizationTrellis documentation page shows example searches for things like count by sourcetype, and late...

by Engager in

Change time field to show 'x' minutes ago?

Hello Splunk Community, I have a stats table I have created and I want to change the time field ("%Y-%m-%d %H:%M:%...

by Path Finder in

Why does my set union command result in two datasets and not just one?

by Engager in

Append string to end of log file if regex match is true

Im trying to get a way to have SED (via search) append a string to the raw log in the results window if a condition ...

by New Member in

How do you list top items for each group?

I want to list the top 3 elements for each group. How would you do this? Examples Name score Jon 100 Jon 54 Jon 90 Jo...

by Explorer in

Filter Events that show value x and y by one that have matching z

I am searching a source that has events that have FieldA and FieldB. I need to find which events that have specific...

by Loves-to-Learn Lots in

Rex field list of strings

How do I extract all values from a json file containing a list with multiple strings with rex? The content of the f...

by Loves-to-Learn Lots in

Comparing version number for multiple hosts in index

I have an index that ingests scan files and assigns a sourcetype based on the folder location. There are several scan...

by Path Finder in

Merging with similar strings without eval

Hi All, I would like to combine similar strings (with different field values) in my data. The data I have now: ...

by Explorer in

Remove $ (dollar) characters in field results

Morning, everyone, Thank you in advance for your help. I would like to remove a part of a character from my resul...

by Path Finder in

lookup usage in query

Hi, I have a requirement like we have a csv file which has the values of functionid and functiondesc, this file was...

by Engager in

How to get the status wise data

Hi, I wrote below query which gives me data per service per min... index=**** | bucket _time span=1m | convert ct...

by Path Finder in

Extracting a value from log message

Hi, I have a requirement like i need to extract a some card value which was present inside the message body of the ...

by Engager in

Simply query, failes with field specificity

I have what should be a simple problem, but I don't have an answer without burning some brain cells Simple query ex...

by Contributor in

Monitor CPU Usage, RAM Usage, Hard Disk Utilization, Load Average, Largest Files and LAN Card Traffic

Hi, I'm running Splunk Enterprise v7.0.1 (Indexer) on a separate Linux server with Splunk Forwarders on two mor...

by Explorer in

Compare field with column of lookup table

Hi all, I have this need, compare a field with a series of error codes. I would not like to write in the search, any ...

by Explorer in

Why am I unable to filter COMMAND twice?

Hello all, I am trying to setup a search that logs ufw commands, while ignoring any ufw status commands. I have tri...

by Path Finder in

Get New event and it's count

I want to simply get new exceptions that occur within last 30 minutes which did not happened anytime last week on the...

by Observer in

Need Help with lookup using variable

Hi,I have index data as below and i have kvstores per each account which has additional info. Example Scenario (accou...

by Observer in

Splunk Regex help

Hi, I have the search returning the event Nov 10 23:45:3 8888888 Tra[9100]: { EventName: "Error Occurred", BatchId...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Email from Splunk

Split results into multiple charts

space in values not filtering data on dashboard

Merging similar error strings

join replacement with stats

Trellis Search

Change time field to show 'x' minutes ago?

Why does my set union command result in two datasets and not just one?

Append string to end of log file if regex match is true

How do you list top items for each group?

Filter Events that show value x and y by one that have matching z

Rex field list of strings

Comparing version number for multiple hosts in index

Merging with similar strings without eval

Remove $ (dollar) characters in field results

lookup usage in query

How to get the status wise data

Extracting a value from log message

Simply query, failes with field specificity

Monitor CPU Usage, RAM Usage, Hard Disk Utilization, Load Average, Largest Files and LAN Card Traffic

Compare field with column of lookup table

Why am I unable to filter COMMAND twice?

Get New event and it's count

Need Help with lookup using variable

Splunk Regex help

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...