Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Filter events by length of json field

I'm trying put together a query to find some outlier events with very long values within a complex structure. ...

by Path Finder in

Change single quote to double quote

I'm working with a data source that has two different versions. In one version the information is double quoted whil...

by Communicator in

How do I add a label to a dashboard using rest command for several lookups ?

Hello There, I am able to use the | rest command to obtain the date that the lookup was last updated in Splunk. Ho...

by Path Finder in

How to Combine multiple rows into comma separated single row ?

Is it possible to combine multiple rows into one row ? COLUMN frow1 frow2 frow3 to something like COLUMN f...

by Communicator in

_Splunk_ error collecting event hub data

Hi All, I got into a error while setting up Microsoft Azure Add on for Splunk. Everything seems to be correct on co...

by Path Finder in

how to search using subsearch of occurence of a value

Hi Team, I have a search query that searches for checking the busy tread and showing their occurrence in the log th...

by Explorer in

How do you combine results based on substring?

I have results such as "No image", "No Images", "No images: Blank", etc. I want to combine all results that say no im...

by Explorer in

Regex help required

Hi Team, Can someone provide me the Regex for the below: |search (UPN=*T@mail...

by Path Finder in

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv...

by Path Finder in

How to combine two searches with common value into one table

I need help regarding a join from events based on different sourcetype (same index) that are related by the same valu...

by Explorer in

field extraction

I have logs like below findContractsByPersonId(String) executed in 463 millisecondsfindContractsByPersonId(String) e...

by Explorer in

How to write subquery to run the sub query for timings different from dashboard timings

Hi, We need help in drawing the trend for multiple timings in the splunk. Below is my query - ...

by Path Finder in

File Latest and Oldest

I have a file which I uploaded once (say 1 year ago), i uploaded it again (say 6 months ago) with some changes, and t...

by Path Finder in

Multi-value field grouping

Hi, I'm sending AWS SSM patching logs to splunk. I'm transforming these via a Lambda and getting the following eve...

by New Member in

Using Sparklines with mstats

How do I draw a Sparkline from data that comes from a metrics index (ie accessed via the mstats command)? I've trie...

by Path Finder in

Combining two search and charting successfull event and errors in one chart.

Hello everyone, Seeking your help. I have logs where Transaction_ID is unique to transaction. Depending on each t...

by Engager in

Check box for base search

Hi guys, For a dashboard panel, I am running base search and hoping to have a checkbox that returns the timechart d...

by Explorer in

ITSI app - Issues in service analyser - Could not load service analyse

I have copied ITSI app from one Splunk server to another server . But later when i am trying to access the service a...

by Explorer in

How to return false if all results for a user are the same

Hi there I am trying to construct a search query which checks the ASN a user logs in from within a time period.I wo...

by Observer in

Were to use where and when to use OR when to use AND

Hi Guys, I am novice somewhat, and confusion has struck.Where does the | where clause go in the query? Is it befor...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filter events by length of json field

Change single quote to double quote

How do I add a label to a dashboard using rest command for several lookups ?

How to Combine multiple rows into comma separated single row ?

_Splunk_ error collecting event hub data

how to search using subsearch of occurence of a value

How do you combine results based on substring?

Regex help required

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

How to combine two searches with common value into one table

field extraction

How to write subquery to run the sub query for timings different from dashboard timings

File Latest and Oldest

Multi-value field grouping

Using Sparklines with mstats

Combining two search and charting successfull event and errors in one chart.

Check box for base search

ITSI app - Issues in service analyser - Could not load service analyse

How to return false if all results for a user are the same

Were to use where and when to use OR when to use AND

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...