Splunk Search

Community Activity

Mismatch with values in Join When I run this query: index=edi-2 \| join type=inner TRACKINGNUMBER [search index=edi \| rename TRCK AS TRACKINGNUMBER... by tlunruh New Member in Splunk Search 11-21-2024 0 3	0	3
eval isnull() always returns true We're using Splunk to monitor EDI traffic onto our backend system. We want to have a single value panel that shows gr... by dmrhodes101 Explorer in Splunk Search 11-21-2024 1 3	1	3
Lookup definition is outputting incomplete results Hi, I have a simple search which is using a lookup definition based off of a lookup. This lookup is large. Search has... by mbasharat Builder in Splunk Search 11-20-2024 0 3	0	3
Check multiple arrays for value without knowing parent node(s) The structure of JSON in my log events is roughly as follows { "Info": { "Apps": { "Reportin... by mrsampson Explorer in Splunk Search 11-19-2024 0 2	0	2
I have been trying to use the CASE function in splunk, but my results are not correct This is my search. I brings back Not Known for every field instead of the correct case name:index=websphere webspher... by NanSplk01 Communicator in Splunk Search 11-19-2024 0 3	0	3
Rex has exceeded configured match_limit, consider raising the value in limits.conf. Hi Splunkers, any help with Rex has exceeded configured match_limit, consider raising the value in limits.conf.My sea... by majilan1 Path Finder in Splunk Search 11-18-2024 1 4	1	4
Use variable as complete search string I am trying to create a dashboard. It has two input text fields.I want to run a search query based on these two input... by ameyad Engager in Splunk Search 11-18-2024 1 1	1	1
show value in statistics where it doesnt exist in the logs hello Splunkersi have a requirement where i need to show values in statistics even if it doesn't exist, for example h... by msalghamdi Path Finder in Splunk Search 11-18-2024 0 3	0	3
Salesforce in SPLUNK I am confused on why I only get _ID's from my Salesforce ingest, for example, I am not getting Username, Profile Name... by linaaabad Observer in Splunk Search 11-18-2024 0 2	0	2
if _raw contains X rex this elseif _raw contains y rex this else rex this like in the subject, i am looking at events with different fields and delimetersi want to say if the event contains t... by darkins Engager in Splunk Search 11-15-2024 0 8	0	8
Unable to use conditions against datamodel Not sure what I am doing wrong. I have a datamodel with a dataset that I can pivot on a field when using the datamod... by smahoney Path Finder in Splunk Search 11-15-2024 0 2	0	2
Event time is not showing correctly on Dashboard table Hello everyone,I'm having an issue that I'm trying to understand and fix. I have a Dashboard table that displays the... by mninansplunk Path Finder in Splunk Search 11-15-2024 0 3	0	3
how to search for user id's and any information that splunk has we have a user ID that we are looking to find out what splunk has collected. what is the serach that i use? by mg99 New Member in Splunk Search 11-15-2024 0 1	0	1
Filter data from json file Team,I am bit new to Splunk, need help to pull ERR message from below sample raw data. {"hosting_environment": "nonp"... by drogo Explorer in Splunk Search 11-14-2024 0 3	0	3
Timechart and Timewrap I am on Splunk 8.2.12.I am trying to get a distinct count of incidents that have happened in each month, year to date... by scottmkirkland Explorer in Splunk Search 11-14-2024 0 3	0	3
Load Balancer My team has created production environment with 6 syslog servers (2 in each of 3 multi site cluster). My question is ... by splunklearner Communicator in Splunk Search 11-14-2024 0 3	0	3
Join two splunk searches in the outer query i am trying to pull the ORDERS which is Not available .I need to match the ORDERS which is Not a... by Athira Loves-to-Learn Everything in Splunk Search 11-14-2024 0 5	0	5
Stats command with latest values listing Hi Team, I have a splunk query that am testing for Service Now data extract. index=snow "INC783" \| search dv_state="I... by jerinvarghese Communicator in Splunk Search 11-14-2024 0 1	0	1
Adding zoom in option to timeline chart Hello All, I'm having a timeline chart, I would like to add zoom in to this chart when we drang and select some lin... by smanojkumar Contributor in Splunk Search 11-14-2024 0 4	0	4
whats wrong with this query?? Hello Everyone,I have below splunk query which will display the output as below (index= index_1 OR index= index_2) (k... by super_edition Path Finder in Splunk Search 11-14-2024 0 11	0	11
I want to create a subsearch that will abbreviate all but the first 30 characters of the result. index=replicate category=* action=* Message=* [search index=replicate \| eval Msg=substr(Message,1,30)] \| stats c... by NanSplk01 Communicator in Splunk Search 11-14-2024 0 2	0	2
Looking to improve a query with a lookup file I have a lookup file that contains a column for hostname, ip address and location. I need a query that will check th... by bond77s Explorer in Splunk Search 11-14-2024 0 3	0	3
Need help with the correct regex Hello, I'm trying to extract fields from an event, but am not up to par on my regex, and I can't seem to get this to ... by mninansplunk Path Finder in Splunk Search 11-13-2024 0 2	0	2
Possible to output a literal string with backslashes from a lookup without escaping? I am attempting to use a lookup to feed some UNC file paths into a dashboard search, but I am getting tripped by all ... by DaClyde Contributor in Splunk Search 11-13-2024 0 3	0	3
How to tie in 2 different event sources to display a field value from one source based on a value from the other source. Hello,Sorry, still trying to get the hang of Search queries. I am tasked with creating a table that displays a serv... by mninansplunk Path Finder in Splunk Search 11-13-2024 0 4	0	4