Splunk Search

Discussions

Thread Info

How to join two with datasets with a common field using appendcol ?

I have a lookup | inputlookup citizen_data , it has fields ID, Name, State.I have another sourcetype | index=bayseian...

by Contributor in

regex to fetch a particular field available in different places in different events

I have a field( version) which is available in different position in different events of same sourcetype,Since the pr...

by Path Finder in

Regular Expression for field extraction

Hi everyone, i got two URLs which i want to represent in one regex group. The dest Port (443) will be in a seperate...

by Path Finder in

additional info on timechart

Hi I need to show id1,id2 on timechart have table with these columns: index="myindex" | table duration serverna...

by Motivator in

join query not returning result

Hi, I have a query below with a join condition .The issue is if I am hardcoding name value I am getting the result bu...

by Path Finder in

How to remove words and characters from a multivalued filed

Hello All, How can I remove words and characters from a multivalued field without using REX?I have a filed named O...

by Path Finder in

Last time a forwarder sent a log until now.

Hi there, I am new to splunk. I and was wondering how to find the difference in time from the last time a forwarder...

by Engager in

how can I show bar for small number of count in bar chart?

Hi Folks,I am facing the issue where I am not able to see red bar in the below panel. The count is for each hour and ...

by Explorer in

Automatically generating multivalue fields in generic Key=Value logs

I've got a situation that I thought I understood but clearly don't. I have logs that look like this: 2021-11-22 14:...

by Explorer in

Why is _time indicating UTC when the event happened in EST.

_time: 2021-11-19T11:34:02.000+0000 date_hour: 11 date_mday: 19 date_wday: friday date_year: 2021 date_zo...

by Communicator in

How to get list of values which I am not "eval"?

Id=xyz id=ABC id=EDC Id=FIS index=* event=*| eval id = case(id = "xyz" , "one", id = "ABC", "Two")|eval index...

by Explorer in

Splunk indexing 1,000s of events from one host in millisecond, then receives nothing until we restart splunk

I have a Splunk deployment which is monitoring a fair number of network devices. One in particular is having an issue...

by Engager in

json parsing

Hi I have logs in below format, which is mix of delimiter (|) and json. now I want to extract statuscode and status...

by Explorer in

Timechart not gives correct values after stats

My query , index=s_New sourcetype IN (Compare,Fire)| stats values(*) as * values(sourcetype) as sourcetype by sysid...

by Path Finder in

Table with count and latest date

Hi all, i need to create a table that count for every product how many events are accepted or rejected. In additi...

by Engager in

Cross filter two lookups where field contains other field

Hello, I'm trying to filter one lookup with the values of an other lookup.This is the situation: Lookup roles.csv c...

by Engager in

How to find items from one index across other index's.

We have specific ID's that track how request process through the system. What I want to do search for all these ID's ...

by Explorer in

Extract domains from raw data into a new field and create a table with count

I have raw data, I would like to search for domains within the data, output it to a field and then run stats to show ...

by New Member in

Error in IndexScopedSearch

Hi I got this error when I search on specific index. index="myindex" Error in 'IndexScopedSearch': Th...

by Motivator in

How to extract one value from log in a query

I am trying to extract the name of log output but struggling with how to. I have this query <query>index=dap ("user...

by New Member in

how to merge two sourcetype for coverage dashboard ( one gets count increase and other will have decrease in count )

I am using below query, index=A sourcetype IN (Compare,Fire)| fillnull value="" | search Name="*SWZWZQ0001*" OR Nam...

by Path Finder in

Mismatch ']' in the search of Python Splunk SDK package

My python is 3.8.5 and splunk-sdk is 1.6.16. My Splunk developer gives me a URL and I get its search string to retri...

by Engager in

Match Common Values from Multiline Fields from Different Indexes

Hello, thank you for taking the time to read and consider my question. I'm trying to integrate a .json file which con...

by Path Finder in

Extract New Fields

Hi there, I'm trying so hard to do a new field in Splunk, but i don't know where i do "wrongs". I would like ...

by Communicator in

Anomaly detection in Splunk

Hi all, I am new to Splunk and have been trying to work on a use case to detect anomalous switches from one type of...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join two with datasets with a common field using appendcol ?

regex to fetch a particular field available in different places in different events

Regular Expression for field extraction

additional info on timechart

join query not returning result

How to remove words and characters from a multivalued filed

Last time a forwarder sent a log until now.

how can I show bar for small number of count in bar chart?

Automatically generating multivalue fields in generic Key=Value logs

Why is _time indicating UTC when the event happened in EST.

How to get list of values which I am not "eval"?

Splunk indexing 1,000s of events from one host in millisecond, then receives nothing until we restart splunk

json parsing

Timechart not gives correct values after stats

Table with count and latest date

Cross filter two lookups where field contains other field

How to find items from one index across other index's.

Extract domains from raw data into a new field and create a table with count

Error in IndexScopedSearch

How to extract one value from log in a query

how to merge two sourcetype for coverage dashboard ( one gets count increase and other will have decrease in count )

Mismatch ']' in the search of Python Splunk SDK package

Match Common Values from Multiline Fields from Different Indexes

Extract New Fields

Anomaly detection in Splunk

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions