Splunk Search

Community Activity

Top with optional field results When I search I want to show the top results by a specific field "field1" and also show "field2" and "field3". Proble... by thrtnastrx Observer in Splunk Search 11-25-2024 0 3	0	3
Inconsistent Key-Value Pair Searching in Splunk (Some Events Only Found with Wildcards) Hey Splunk team, I’m facing an issue where Splunk fails to search for certain key-value pairs in some events unless I... by Aithnave Engager in Splunk Search 11-25-2024 0 3	0	3
Summary results for a "per item" query Hello, I have the following query to search Proofpoint logs. index=ppoint_prod host=host1 \| eval time=strftime(_ti... by SplunkUser001 Explorer in Splunk Search 11-25-2024 0 11	0	11
Only show slots of a timechart that have more than x results We search thru the logs of switches and there are some logs that are unconcerning if you just have a couple of them l... by mariojost Engager in Splunk Search 11-25-2024 0 6	0	6
rex help probably an easy one, i have two events as follows thisisfield1 thisisfield2 mynextfield3thisisfield1 mynextfield3mea... by darkins Engager in Splunk Search 11-25-2024 0 7	0	7
How can I determine which fields will work with tstats? I understand that tstats will only work with indexed fields, not extracted fields. How can I determine which fields ... by campbellwarren Engager in Splunk Search 11-24-2024 0 5	0	5
Field Extraction Need help to extract a field that comes after a certain word in a event. I am looking to extract a field called "sn_g... by scout29 Path Finder in Splunk Search 11-22-2024 0 3	0	3
Finding changes in a field We are trying to watch the NIC statistics for our OS interfaces. We are gathering data from a simple ifconfig eth0 \|... by Brad Explorer in Splunk Search 11-22-2024 0 6	0	6
Limiting result from lookup I am trying to figure out how to include a lookup in my search, but only some records. My current search is below. My... by vm_molson Explorer in Splunk Search 11-21-2024 0 1	0	1
HTML - Style - remove the extra lin eof black Hi I have the below code to produce this table - but does anyone know how to get rid of the part in red (I have added... by robertlynch2020 Influencer in Splunk Search 11-21-2024 0 5	0	5
Events mismatch values with lookup values Hello Splunkers!!We have events that contains source and destination fields with complete values, and we want to matc... by uagraw01 Motivator in Splunk Search 11-21-2024 0 3	0	3
Stringing together searches I have searches for two files that are related but the incoming and outgoing file names differ, basically it's an inc... by ecnausysadm Explorer in Splunk Search 11-21-2024 0 3	0	3
How to get the difference of time between 2 events Hello Everyone, I have events like 02-Jul-2014 09:25:25 AM: ========== Finish Transmit Process ========== 02-Ju... by gajananh999 Contributor in Splunk Search 11-21-2024 0 3	0	3
Mismatch with values in Join When I run this query: index=edi-2 \| join type=inner TRACKINGNUMBER [search index=edi \| rename TRCK AS TRACKINGNUMBER... by tlunruh New Member in Splunk Search 11-21-2024 0 3	0	3
eval isnull() always returns true We're using Splunk to monitor EDI traffic onto our backend system. We want to have a single value panel that shows gr... by dmrhodes101 Explorer in Splunk Search 11-21-2024 1 3	1	3
Lookup definition is outputting incomplete results Hi, I have a simple search which is using a lookup definition based off of a lookup. This lookup is large. Search has... by mbasharat Builder in Splunk Search 11-20-2024 0 3	0	3
Check multiple arrays for value without knowing parent node(s) The structure of JSON in my log events is roughly as follows { "Info": { "Apps": { "Reportin... by mrsampson Explorer in Splunk Search 11-19-2024 0 2	0	2
I have been trying to use the CASE function in splunk, but my results are not correct This is my search. I brings back Not Known for every field instead of the correct case name:index=websphere webspher... by NanSplk01 Communicator in Splunk Search 11-19-2024 0 3	0	3
Rex has exceeded configured match_limit, consider raising the value in limits.conf. Hi Splunkers, any help with Rex has exceeded configured match_limit, consider raising the value in limits.conf.My sea... by majilan1 Path Finder in Splunk Search 11-18-2024 1 4	1	4
Use variable as complete search string I am trying to create a dashboard. It has two input text fields.I want to run a search query based on these two input... by ameyad Engager in Splunk Search 11-18-2024 1 1	1	1
show value in statistics where it doesnt exist in the logs hello Splunkersi have a requirement where i need to show values in statistics even if it doesn't exist, for example h... by msalghamdi Path Finder in Splunk Search 11-18-2024 0 3	0	3
Salesforce in SPLUNK I am confused on why I only get _ID's from my Salesforce ingest, for example, I am not getting Username, Profile Name... by linaaabad Observer in Splunk Search 11-18-2024 0 2	0	2
if _raw contains X rex this elseif _raw contains y rex this else rex this like in the subject, i am looking at events with different fields and delimetersi want to say if the event contains t... by darkins Engager in Splunk Search 11-15-2024 0 8	0	8
Unable to use conditions against datamodel Not sure what I am doing wrong. I have a datamodel with a dataset that I can pivot on a field when using the datamod... by smahoney Path Finder in Splunk Search 11-15-2024 0 2	0	2
Event time is not showing correctly on Dashboard table Hello everyone,I'm having an issue that I'm trying to understand and fix. I have a Dashboard table that displays the... by mninansplunk Path Finder in Splunk Search 11-15-2024 0 3	0	3