Splunk Search

Community Activity

Looking for a query to display a list of jobs stuck in queue (the past 7 days). I'm looking for a query to display a list of jobs stuck in queue (the past 7 days). Does anyone knows the query? by Ninja_splunk Splunk Employee in Splunk Search 11-03-2024 0 1	0	1
Need solution on search query I am having two index( index A and index B). Here I need to measure response time of topup of prepaid or postpaid num... by dinesh001kumar Explorer in Splunk Search 11-03-2024 0 2	0	2
trying to split one event into multiple events Please help me to extract multiple values from one single value. by rukshar Explorer in Splunk Search 11-03-2024 0 7	0	7
Search a field for multiple values I have 2 field that holds 3 valuesField 1values= a,b,cField 2values= 1,2,3 Is there a way to table without using Joi... by Cheng2Ready Communicator in Splunk Search 11-03-2024 0 1	0	1
Custom Command Works in CLI but Fails in Splunk UI Hello team,I’ve developed a custom command script that works perfectly when executed through the CLI, but it fails to... by unicornia New Member in Splunk Search 11-02-2024 0 2	0	2
Time difference between log time and time in log line itself (NOT a timezone issue)? In my company's Splunk server, when I do a search, I usually see a difference in time between the "Time" column and t... by tbessie New Member in Splunk Search 11-02-2024 0 6	0	6
IOC threat hunting We deal with hundreds of iocs ( mostly flagged IP's) that come in monthly, and we need to check them for hits in our ... by mackey Engager in Splunk Search 11-01-2024 0 5	0	5
How can I use a subsearch with rex extracted field to seach over an extracted field I am trying to take the results of one search, extract a field from those results (named "id") and take all of those ... by mwolfe Engager in Splunk Search 11-01-2024 0 2	0	2
How can I split up values in a field to create new fields? New field names should be extracted from original field. I've imported a csv file and one of the fields called "Tags" looks like this:Tags="avd:vm, dept:support services, cm-... by eraser Explorer in Splunk Search 11-01-2024 0 6	0	6
How to compare success/failure by status I've got data so:"[clientip] [host] - [time] [method] [uri_path] [status] [useragent]" .. and do the following sear... by mwolfe Engager in Splunk Search 11-01-2024 0 4	0	4
Can i assign a color to a string in a field if it is present in the field ? My requirement is to highlight the "Error" string in red colour if it is present in the extracted field "Status". Not... by varun99 Path Finder in Splunk Search 10-31-2024 0 12	0	12
Triggered alerts query - Need help with date Putting together a query that shows, on an individual alert level, the number of times the alert fired in a day and t... by jason2 Loves-to-Learn in Splunk Search 10-31-2024 0 3	0	3
tstats returning zero results for a simple count query We are ingesting large volume of network data and would like to use tstats to make the searches faster. The query ind... by imrago Contributor in Splunk Search 10-31-2024 0 2	0	2
Executing Conditional Queries in Splunk Based on Input Value I have two query in splunk query 1 and query 2 and an input. Based on the input, i need to execute either query 1 or ... by taruntalreja New Member in Splunk Search 10-31-2024 0 4	0	4
passing diffrent base search based on inputput dropdown values Hello Splunkers, I'm having a inputput dropdown field, when i'm selecting "*" in that input dropdown field, I need ... by smanojkumar Contributor in Splunk Search 10-31-2024 0 1	0	1
How to resolve field into either value from two different keys with two tables outer joined I'm using `Splunk Add-on for Box` to collect box logging data.As a premise, `box:events' contains information for `up... by norish Explorer in Splunk Search 10-30-2024 0 3	0	3
append a field value to a lookup csv file I have a hostname.csv file and contact these attributes.hostname.csvip mac ... by jtran9373 Explorer in Splunk Search 10-30-2024 0 8	0	8
Default visualisation for charts Each time I run a search query and click visualisation, the default is "column chart".How do I set this to default to... by dataisbeautiful Communicator in Splunk Search 10-30-2024 1 1	1	1
Search term in table results Ok maybe it is too much Splunk today. Whatever it is I can not for the life of me remember how to do this.I am doing... by bullbasin Explorer in Splunk Search 10-30-2024 0 6	0	6
Using splunk-sdk in user-defined functions in Spark/Databricks notebook Background:I've created a small function in a spark/Databricks notebook that uses Splunk's splunk-sdk package. The ... by hughkelley Path Finder in Splunk Search 10-30-2024 0 0	0	0
Create Single Field and Multifield Values Based on Same Fields Hi Splunkers, How can I create a single value field based on multiple fields? Also, let's assume that the field names... by whitefang1726 Path Finder in Splunk Search 10-30-2024 0 2	0	2
Need help with spl query index=web_logs sourcetype=access_combined \| eval request_duration=round(duration/1000, 2) \| stats avg(request_durat... by xaviershebha New Member in Splunk Search 10-30-2024 0 1	0	1
Percentage of search field by day Hi All I have a search string ... index="ee_apigee" vhost="rbs" uri="/eforms/v1.0/cb/" \| rex "(?i) .?=\"(?P<httpsta... by Mick_OBrien Path Finder in Splunk Search 10-30-2024 0 1	0	1
Join fields together Good day,Is there a way to join all my rows into one?My simple query index=collect_identities sourcetype=ldap:query ... by JandrevdM Path Finder in Splunk Search 10-30-2024 0 9	0	9
Need help search tablename and count across multiple lines I have data like this in splunk search2024-10-29 20:14:49 (715) worker.6 worker.6 txid=XXXX JobPersistence Total reco... by Ckashton New Member in Splunk Search 10-30-2024 0 1	0	1