Splunk Search

Discussions

Thread Info

two search queries with join not working

I have two separate search queries which are working separately but when i am trying to get data by joining them its ...

by Explorer in

Search comparison not working

Hi - I have some data that looks like this, which ingests into splunk with no issues at all 11/24/2...

by Path Finder in

how to extract extract wildcard key name in nested json

Sample JSON { message: { application: hello deploy: { X: { A: { QPY: 14814 } } Y: { A: { BWQ: 10967 MQP...

by Observer in

assign the value to another variable and set an alert

hello, I would like to ask a question on how to assign the value to another variable and set an alert.I have a this...

by Explorer in

Is it possible to convert a |stats values(<field>) as <field> to create a delimited csv outputlookup?

Hi I am trying to speed up a query. When I run >>> index=foo | stats values(host) as F_host I...

by Builder in

Join between indexes and sum fields

Hi all, I have two indexes with the following fields: index=sofwaresw version authorso...

by Engager in

Improve Speed of Correlation Search

Hello, thank you for taking the time to consider my question. I currently have a working SPL search that retrieves IP...

by Path Finder in

Is there a way in Splunk to change the timezone or a raw event from UTC to EST or vica versa?

I am trying to correlate 2 different logs one is in EST and the is in UTC. The UTC logs, I have tried to specific ...

by Communicator in

Relative time search to find last updated dashboards

Hello, Can you tell me please why the below does not work? | rest splunk_server=local servicesNS/-/-/data/ui/...

by Path Finder in

What is the best way to get a scheduled saved search creation date?

I do not want to run through _audit logs to find when the initial schedule kicked in. Rest call for the list of saved...

by Influencer in

Help with search then loookup

Hi, The following is my search: index=pace ERROR OR FATAL OUI=* Number=*| stats count by OUI Number| sort -count ...

by New Member in

How can I not index commented lines from my files?

How can I avoid having lines that are commented within my files from being indexed by Splunk? Lets say I have a lo...

by Splunk Employee in

Error in 'where' command: The operator at '>=2101 and week<=2152' is invalid.

Hi I am trying to filter data using week data using 2 dropdowns. Please find info below snippet. the below code throw...

by Explorer in

Missing fields in Splunk that were previously there

Hey all, I have the Splunk add on for unix/linux deployed to about ~70 servers. All was working fine (and has been ...

by Builder in

tune spl command

Hi How can I tune this spl command? this spl execute daily, and return something like this: servername send ...

by Motivator in

Help me extract this data and create a table.

I have a log sample: | LRU Config Message from RMQ: {"endpoint":"lru/ config", "data":{"timestamp":1637322539.953,"ve...

by Loves-to-Learn Everything in

merging data from 2 separate queries

All, I have 2 separate queries working from AWS Description data that we collect on a regular basis. The ask fro...

by Engager in

Several subsearch with metrics index

Hello Community. I am trying to solve a problem and I can't see a solution. Hope you can help me! I am working wi...

by Loves-to-Learn Everything in

How to join two with datasets with a common field using appendcol ?

I have a lookup | inputlookup citizen_data , it has fields ID, Name, State.I have another sourcetype | index=bayseian...

by Contributor in

regex to fetch a particular field available in different places in different events

I have a field( version) which is available in different position in different events of same sourcetype,Since the pr...

by Path Finder in

Regular Expression for field extraction

Hi everyone, i got two URLs which i want to represent in one regex group. The dest Port (443) will be in a seperate...

by Path Finder in

additional info on timechart

Hi I need to show id1,id2 on timechart have table with these columns: index="myindex" | table duration serverna...

by Motivator in

join query not returning result

Hi, I have a query below with a join condition .The issue is if I am hardcoding name value I am getting the result bu...

by Path Finder in

How to remove words and characters from a multivalued filed

Hello All, How can I remove words and characters from a multivalued field without using REX?I have a filed named O...

by Path Finder in

Last time a forwarder sent a log until now.

Hi there, I am new to splunk. I and was wondering how to find the difference in time from the last time a forwarder...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

two search queries with join not working

Search comparison not working

how to extract extract wildcard key name in nested json

assign the value to another variable and set an alert

Is it possible to convert a |stats values(<field>) as <field> to create a delimited csv outputlookup?

Join between indexes and sum fields

Improve Speed of Correlation Search

Is there a way in Splunk to change the timezone or a raw event from UTC to EST or vica versa?

Relative time search to find last updated dashboards

What is the best way to get a scheduled saved search creation date?

Help with search then loookup

How can I not index commented lines from my files?

Error in 'where' command: The operator at '>=2101 and week<=2152' is invalid.

Missing fields in Splunk that were previously there

tune spl command

Help me extract this data and create a table.

merging data from 2 separate queries

Several subsearch with metrics index

How to join two with datasets with a common field using appendcol ?

regex to fetch a particular field available in different places in different events

Regular Expression for field extraction

additional info on timechart

join query not returning result

How to remove words and characters from a multivalued filed

Last time a forwarder sent a log until now.

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions