Splunk Search

Ask a Question

Discussions

Thread Info

extract fields

Oct 22 14:20:45 10.5.0.200 DNAC {" version" :" 1.0.0"," instanceId" :" 20...

by New Member in

How to merge two fields into one field?

I have the following result set coming from a search: field_1 field_2 1 2 3 4 5 6 I need ...

by Motivator in

Field Extraction index=_internal

I tried to run the Indexing Performance: Instance dashboard but was not getting any data, on exploring the search I f...

by Path Finder in

How to convert the value into months , days

Hi I am building dashboard for UPS monitoring and i would like to convert a specific metric which is battery age....

by Path Finder in

Missing values in results

I found this very usefull search for a dashboard on gosplunk: | rest /services/data/indexes | dedup title | fields ...

by Loves-to-Learn in

How to assess the storage if we modify the index searchable retention days

Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an...

by Explorer in

optimizing a query that check the ldap service

I created the following query to check the status of ldap service but i was wonder if there a better query ta...

by Explorer in

Displaying unique URIs visited per session as columns

I have a splunk search that returns two columns, SESSION and URI. How can I show the sequence of URIs visited by each...

by Path Finder in

Error in "litsearch" command

Good morning, Getting a weird error this morning when trying to run searches. It is saying that m license is expir...

by Path Finder in

Variable earliest/latest in main search

I have a working dashboard that displays a number of metrics and KPIs for the previous week. Today, I was asked to e...

by Path Finder in

Drilldown Token from Single Value Panel to Stats Table Panel

Need help passing a token value from a Single Value Panel using the ( | stats count) in conjuction to the ( | rex fie...

by Path Finder in

Fecth the field based on other field condition

Hi, I need help to fetch field based on other field condition. I have lookup table as below, NAME STATE abc-...

by Explorer in

How to tie multiple events together (transaction, join, etc.)

Hi, I am trying to tie multiple events describing single transaction together.This is my test example: Event ...

by Explorer in

Need help with syntax and rex

I have a log with a sample of the following POST Uploaded File Size for project id : 123 and metadata id : xxxxxxxx...

by Path Finder in

Invalid value "$earliest$" for time term 'earliest'

Hi Splukers I'm looking for cross compare some events with other system data, using an initial search for the event...

by Communicator in

How to Fetch the output based on the input value from Dropdown

Hi, I have an log which show currency field and it will have all the valid currency codes like JPY, CNY, USD etc.. ...

by Engager in

Multi sourcetype search for extracted value

I am having some issues getting this to work correctly. It does not return all the results. I have different records ...

by Engager in

count by response time range

source aaa| eval Description=case(rt_sec>10, "G10", rt_sec>20, "G20", rt_sec>30, "G30", rt_sec>40, "G40") | stats cou...

by Explorer in

Using Eval Where Clause in Secondary Search from Stats Count

Have working query to give me list of all printers, total job count, total page count and show location of printers u...

by Path Finder in

Tweaking xyseries

Iam using splunk to generate as below.It is run for 2 days date range where am trying to compare the count ClassNam...

by Explorer in

File will not be read, seekptr checksum did not match for a file in splunk

Hi Team Splunk is unable to read a file which has particular content as below. If the file contains other conten...

by Engager in

How can I use the result of subquery field as wildcard?

I have subquery result as host1 host2 host2 And I want to put this all host result as host=* in the main que...

by Explorer in

Do I need to run this search twice?

I have the following fabricated search which is a pretty close representation of what I actually want to do and gives...

by Splunk Employee in

How to add a toggle to hide/unhide fields in a table in Splunk Dashboard?

I am working on a dashboard that has a bunch of field and will be used by multiple teams and people who will be needi...

by Explorer in

Search/Job missing in job_manager

I currently do a search monthly for searches/jobs that take a long time. I then look up the job and if there is an al...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extract fields

How to merge two fields into one field?

Field Extraction index=_internal

How to convert the value into months , days

Missing values in results

How to assess the storage if we modify the index searchable retention days

optimizing a query that check the ldap service

Displaying unique URIs visited per session as columns

Error in "litsearch" command

Variable earliest/latest in main search

Drilldown Token from Single Value Panel to Stats Table Panel

Fecth the field based on other field condition

How to tie multiple events together (transaction, join, etc.)

Need help with syntax and rex

Invalid value "$earliest$" for time term 'earliest'

How to Fetch the output based on the input value from Dropdown

Multi sourcetype search for extracted value

count by response time range

Using Eval Where Clause in Secondary Search from Stats Count

Tweaking xyseries

File will not be read, seekptr checksum did not match for a file in splunk

How can I use the result of subquery field as wildcard?

Do I need to run this search twice?

How to add a toggle to hide/unhide fields in a table in Splunk Dashboard?

Search/Job missing in job_manager

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions