Splunk Search

Discussions

Thread Info

Search an index for two fields with a join

Good day,I am trying to figure out how I can join two searches to see if there is a service now ticket open for someo...

by Path Finder in

Looking for a query to display a list of jobs stuck in queue (the past 7 days).

I'm looking for a query to display a list of jobs stuck in queue (the past 7 days). Does anyone knows the query?

by Splunk Employee in

Need solution on search query

I am having two index( index A and index B). Here I need to measure response time of topup of prepaid or postpaid num...

by Engager in

trying to split one event into multiple events

Please help me to extract multiple values from one single value.

by Explorer in

Search a field for multiple values

I have 2 field that holds 3 valuesField 1values= a,b,cField 2values= 1,2,3 Is there a way to table without...

by Communicator in

Custom Command Works in CLI but Fails in Splunk UI

Hello team, I’ve developed a custom command script that works perfectly when executed through the CLI, but it fails...

by New Member in

Time difference between log time and time in log line itself (NOT a timezone issue)?

In my company's Splunk server, when I do a search, I usually see a difference in time between the "Time" column and t...

by New Member in

IOC threat hunting

We deal with hundreds of iocs ( mostly flagged IP's) that come in monthly, and we need to check them for hits in our ...

by Engager in

How can I use a subsearch with rex extracted field to seach over an extracted field

I am trying to take the results of one search, extract a field from those results (named "id") and take all of those ...

by Engager in

How can I split up values in a field to create new fields? New field names should be extracted from original field.

I've imported a csv file and one of the fields called "Tags" looks like this: Tags= "avd:vm, dept:support service...

by Explorer in

How to compare success/failure by status

I've got data so:"[clientip] [host] - [time] [method] [uri_path] [status] [useragent]" .. and do the following sear...

by Engager in

Can i assign a color to a string in a field if it is present in the field ?

My requirement is to highlight the "Error" string in red colour if it is present in the extracted field "Status". Not...

by Path Finder in

Triggered alerts query - Need help with date

Putting together a query that shows, on an individual alert level, the number of times the alert fired in a day and t...

by Loves-to-Learn in

tstats returning zero results for a simple count query

We are ingesting large volume of network data and would like to use tstats to make the searches faster. The query ...

by Contributor in

Executing Conditional Queries in Splunk Based on Input Value

I have two query in splunk query 1 and query 2 and an input. Based on the input, i need to execute either query 1 or ...

by New Member in

passing diffrent base search based on inputput dropdown values

Hello Splunkers, I'm having a inputput dropdown field, when i'm selecting "*" in that input dropdown field, I need ...

by Contributor in

How to resolve field into either value from two different keys with two tables outer joined

I'm using `Splunk Add-on for Box` to collect box logging data. As a premise, `box:events' contains information for ...

by Explorer in

append a field value to a lookup csv file

I have a hostname.csv file and contact these attributes. hostname.csv ip mac ...

by Explorer in

Default visualisation for charts

Each time I run a search query and click visualisation, the default is "column chart". How do I set this to default...

by Communicator in

Search term in table results

Ok maybe it is too much Splunk today. Whatever it is I can not for the life of me remember how to do this. I am do...

by Explorer in

Using splunk-sdk in user-defined functions in Spark/Databricks notebook

Background: I've created a small function in a spark/Databricks notebook that uses Splunk's splunk-sdk package. T...

by Path Finder in

Create Single Field and Multifield Values Based on Same Fields

Hi Splunkers, How can I create a single value field based on multiple fields? Also, let's assume that the field na...

by Path Finder in

Need help with spl query

index=web_logs sourcetype=access_combined | eval request_duration=round(duration/1000, 2) | stats avg(request_duratio...

by New Member in

Percentage of search field by day

Hi All I have a search string ... index="ee_apigee" vhost="rbs" uri="/eforms/v1.0/cb/*" | rex "(?i) .*?=\"(...

by Path Finder in

Join fields together

Good day,Is there a way to join all my rows into one?My simple query index=collect_identities sourcetype=l...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search an index for two fields with a join

Looking for a query to display a list of jobs stuck in queue (the past 7 days).

Need solution on search query

trying to split one event into multiple events

Search a field for multiple values

Custom Command Works in CLI but Fails in Splunk UI

Time difference between log time and time in log line itself (NOT a timezone issue)?

IOC threat hunting

How can I use a subsearch with rex extracted field to seach over an extracted field

How can I split up values in a field to create new fields? New field names should be extracted from original field.

How to compare success/failure by status

Can i assign a color to a string in a field if it is present in the field ?

Triggered alerts query - Need help with date

tstats returning zero results for a simple count query

Executing Conditional Queries in Splunk Based on Input Value

passing diffrent base search based on inputput dropdown values

How to resolve field into either value from two different keys with two tables outer joined

append a field value to a lookup csv file

Default visualisation for charts

Search term in table results

Using splunk-sdk in user-defined functions in Spark/Databricks notebook

Create Single Field and Multifield Values Based on Same Fields

Need help with spl query

Percentage of search field by day

Join fields together

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions