Splunk Search

Community Activity

tstats returning zero results for a simple count query We are ingesting large volume of network data and would like to use tstats to make the searches faster. The query ind... by imrago Contributor in Splunk Search 10-31-2024 0 2	0	2
Executing Conditional Queries in Splunk Based on Input Value I have two query in splunk query 1 and query 2 and an input. Based on the input, i need to execute either query 1 or ... by taruntalreja New Member in Splunk Search 10-31-2024 0 4	0	4
passing diffrent base search based on inputput dropdown values Hello Splunkers, I'm having a inputput dropdown field, when i'm selecting "*" in that input dropdown field, I need ... by smanojkumar Contributor in Splunk Search 10-31-2024 0 1	0	1
How to resolve field into either value from two different keys with two tables outer joined I'm using `Splunk Add-on for Box` to collect box logging data.As a premise, `box:events' contains information for `up... by norish Explorer in Splunk Search 10-30-2024 0 3	0	3
append a field value to a lookup csv file I have a hostname.csv file and contact these attributes.hostname.csvip mac ... by jtran9373 Explorer in Splunk Search 10-30-2024 0 8	0	8
Default visualisation for charts Each time I run a search query and click visualisation, the default is "column chart".How do I set this to default to... by dataisbeautiful Communicator in Splunk Search 10-30-2024 1 1	1	1
Search term in table results Ok maybe it is too much Splunk today. Whatever it is I can not for the life of me remember how to do this.I am doing... by bullbasin Explorer in Splunk Search 10-30-2024 0 6	0	6
Using splunk-sdk in user-defined functions in Spark/Databricks notebook Background:I've created a small function in a spark/Databricks notebook that uses Splunk's splunk-sdk package. The ... by hughkelley Path Finder in Splunk Search 10-30-2024 0 0	0	0
Create Single Field and Multifield Values Based on Same Fields Hi Splunkers, How can I create a single value field based on multiple fields? Also, let's assume that the field names... by whitefang1726 Path Finder in Splunk Search 10-30-2024 0 2	0	2
Need help with spl query index=web_logs sourcetype=access_combined \| eval request_duration=round(duration/1000, 2) \| stats avg(request_durat... by xaviershebha New Member in Splunk Search 10-30-2024 0 1	0	1
Percentage of search field by day Hi All I have a search string ... index="ee_apigee" vhost="rbs" uri="/eforms/v1.0/cb/" \| rex "(?i) .?=\"(?P<httpsta... by Mick_OBrien Path Finder in Splunk Search 10-30-2024 0 1	0	1
Join fields together Good day,Is there a way to join all my rows into one?My simple query index=collect_identities sourcetype=ldap:query ... by JandrevdM Path Finder in Splunk Search 10-30-2024 0 9	0	9
Need help search tablename and count across multiple lines I have data like this in splunk search2024-10-29 20:14:49 (715) worker.6 worker.6 txid=XXXX JobPersistence Total reco... by Ckashton New Member in Splunk Search 10-30-2024 0 1	0	1
Passing a diffrent base search based on the selection of input dropdown Hello Splunkers, I would like to pass the two base search when input dropdown is set as all, i need to pass a base ... by smanojkumar Contributor in Splunk Search 10-29-2024 0 3	0	3
Chart with count statistics associated time from multiple table Hi Guys,I have one master list that inculdes all items, and I want to consolidate two other time-related tables into ... by splunksuperman Explorer in Splunk Search 10-29-2024 0 2	0	2
Filtering logfiles showing one error log for every row Hello,I need help in creating a search query to filter info showing just our logfile with same error line for all row... by apmcharter New Member in Splunk Search 10-29-2024 0 1	0	1
How to join two indexes with a search Good day,I want to join two indexes to show all the email addresses that the user have that signed in. This queries m... by JandrevdM Path Finder in Splunk Search 10-29-2024 0 1	0	1
Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response We have an on-prem Splunk-Enterprise Version: 9.0.4.1 We updated IDP url in the SAML configuration and after uploadin... by cimino Engager in Splunk Search 10-29-2024 0 0	0	0
How do I send email alert if one or more subsearch exceed 50000 results? Hello,Hello,How do I send email alert if one or more subsearch exceed 50000 results?For example below I have 4 subse... by LearningGuy Motivator in Splunk Search 10-29-2024 0 18	0	18
How do I join an inputlookup and a tstats search? So I have a lookup file with a complete list of servers and their details like version, owner etc, and an index my_in... by PotatoDataUser Explorer in Splunk Search 10-29-2024 0 2	0	2
ジョブを消しても復活する現象について splunkで以下のSPLをジョブのバックグラウンドに送りました。\| metadata type=sourcetypes \| search totalCount > 0その後、こちらのサーチのジョブを削除したのですが、splunkのサ... by yuuki98696 New Member in Splunk Search 10-28-2024 0 0	0	0
How to match fields with the same name from two events and if match add a field Hello,I have these two events that are part of a transaction.These have the same s and qid. I need to match s and qid... by SplunkUser001 Explorer in Splunk Search 10-28-2024 0 6	0	6
How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel? HiI am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 v... by varsh_6_8_6 Explorer in Splunk Search 10-28-2024 1 2	1	2
How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help I'm using a query which returns entire day data : index="index_name" source="source_name" And this search provid... by andy11 Observer in Splunk Search 10-27-2024 0 5	0	5
Can I rename different fields the same thing? I'm working with a dataset that lists companies and individual people, so that some entries have the field "Entity Na... by Federica_92 Communicator in Splunk Search 10-25-2024 2 6	2	6