Splunk Search

Discussions

Thread Info

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

I'm using a query which returns entire day data : index="index_name" source="source_name" ...

by Observer in

Can I rename different fields the same thing?

I'm working with a dataset that lists companies and individual people, so that some entries have the field "Entity Na...

by Communicator in

How can I display only 1 value in a timechart that uses a by

Hellohow can I display only 1 value of these 3 "maxCapacitMachine" results (which are the same in all 3 cases) in a B...

by Explorer in

How can I optimize my Splunk queries for better performance?

I’m experiencing slow performance with my Splunk queries, especially when working with large datasets. What are some ...

by New Member in

How to extract fields from source?

How to extract fields from below source. /audit/logs/QTEST/qtestw-core_server4-core_server4.log I need extract ...

by Builder in

Replace Notable Title Variable With Value

I need to replace the variables in the field rule_title field that is generated when using the `notable` macro. ...

by Loves-to-Learn Lots in

Help with join query for Salesforce

Hello Smarties... Can someone offer some assistance; We recently started ingesting Salesforce into Splunk, Usernam...

by Observer in

Dashboard panels with shared base search stopped working...

Some years ago I've created a (beautiful!) dashboard, with multiple panels, which presented related data at different...

by Path Finder in

Dedup Question

Hello Everyone, Having a hard time finding the appropriate way to display data. I have duplicate data where one fie...

by Engager in

Compare results from same field

I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and rep...

by Path Finder in

Using Lookup csv file to query fieldname

I have a lookup file saved with a single column having values of specific fields in it. And want to use to search in ...

by Explorer in

Splunk query to build a table with total event count, sub event count and sub event in percent

Hi Team,i am trying to design a query which show be result like total event count, sub event count and sub event in p...

by Path Finder in

delete fault submitted events, including avg timechart delete

Hi Community,i have a data source, that submit sometimes faulty humidity data like 3302.4 Percent.To clean / delete t...

by Engager in

Service maintenance in search

Hi, I am a rookie in SPL and I have this general correlation search for application events: index="foo" sourcetyp...

by Explorer in

extract fields

Oct 22 14:20:45 10.5.0.200 DNAC {" version" :" 1.0.0"," instanceId" :" 20...

by New Member in

How to merge two fields into one field?

I have the following result set coming from a search: field_1 field_2 1 2 3 4 5 6 I need ...

by Motivator in

Field Extraction index=_internal

I tried to run the Indexing Performance: Instance dashboard but was not getting any data, on exploring the search I f...

by Path Finder in

How to convert the value into months , days

Hi I am building dashboard for UPS monitoring and i would like to convert a specific metric which is battery age....

by Path Finder in

Missing values in results

I found this very usefull search for a dashboard on gosplunk: | rest /services/data/indexes | dedup title | fields ...

by Loves-to-Learn in

How to assess the storage if we modify the index searchable retention days

Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an...

by Explorer in

optimizing a query that check the ldap service

I created the following query to check the status of ldap service but i was wonder if there a better query ta...

by Explorer in

Displaying unique URIs visited per session as columns

I have a splunk search that returns two columns, SESSION and URI. How can I show the sequence of URIs visited by each...

by Path Finder in

Error in "litsearch" command

Good morning, Getting a weird error this morning when trying to run searches. It is saying that m license is expir...

by Path Finder in

Variable earliest/latest in main search

I have a working dashboard that displays a number of metrics and KPIs for the previous week. Today, I was asked to e...

by Path Finder in

Drilldown Token from Single Value Panel to Stats Table Panel

Need help passing a token value from a Single Value Panel using the ( | stats count) in conjuction to the ( | rex fie...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

Can I rename different fields the same thing?

How can I display only 1 value in a timechart that uses a by

How can I optimize my Splunk queries for better performance?

How to extract fields from source?

Replace Notable Title Variable With Value

Help with join query for Salesforce

Dashboard panels with shared base search stopped working...

Dedup Question

Compare results from same field

Using Lookup csv file to query fieldname

Splunk query to build a table with total event count, sub event count and sub event in percent

delete fault submitted events, including avg timechart delete

Service maintenance in search

extract fields

How to merge two fields into one field?

Field Extraction index=_internal

How to convert the value into months , days

Missing values in results

How to assess the storage if we modify the index searchable retention days

optimizing a query that check the ldap service

Displaying unique URIs visited per session as columns

Error in "litsearch" command

Variable earliest/latest in main search

Drilldown Token from Single Value Panel to Stats Table Panel

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!