Splunk Search

Discussions

Thread Info

How to get Start and End time from failed condition

Hi Splunk, We have data like this: ( how to get the result like on the table StartError EndError and SumCall ?) I h...

by Explorer in

Bitbucket and Splunk integration

I want to view bitbucket files changed , owners who changed bitbucket files in Splunk. Can someone please share the s...

by Communicator in

Comparing sum results between several days

I am trying to average the sum of power consumption readings between 2 days and compare that sum to a 3rd day. If the...

by Explorer in

How to regex specific word string?

Hello, Ignoring commas and spaces, how do I grab just the name string from the below log? Below regex kept returnin...

by Path Finder in

Can I change _time based on time within data that is ingested

Hi , I have a report that is ingested in splunk. Due to the report format not correctly ingested by splunk, I had ...

by Explorer in

Extracting field with spath from JSON sourcetype overwrites field in other None-JSON sourcetype

Hi, looked through documentation and Splunk answers but did not find reason/root cause for the following obervation...

by Path Finder in

Splunk alert for peak errors only

Hi, I am working on a query to write an alert where i need to monitor few pages for 500 Errors. Now currently there ...

by Path Finder in

How to compare two json objects for equality?

I have a table where the x axis labels are a json object of parameters that were passed into a test. The y axis are a...

by Loves-to-Learn Lots in

PII in Email

Hi, How can I find PII data in our email dashboard. Thank you Personally Identifiable Information DetectedDete...

by New Member in

How to dedup multivalued fields?

Some of the data coming in from one of our indexes is doing the following( It appears data is repeating for each fiel...

by Communicator in

Calculate the average of 99th percentile

Hi, I am working on a query where I need to calculate the average of 99th percentile values over a 5 minute period of...

by Path Finder in

earliest and latest information in custom python search command

I was not able to find in the doc a way to get earliest and latest information from the datetimepicker to use in my g...

by Builder in

How do i use eval to calculate two fields?

What I am trying to accomplish with the command is to find the events with the EventCode "4624" and Logon_Type "10" o...

by Engager in

Search for instances of 'test' but not 'testn'

I would like to see instances with the source 'test*' - that is everything that starts with 'test' but eliminate 'tes...

by Explorer in

Subtring from url field and then group using the url

I have a field "BackendURL" which contains different url's. for eg : http://abc.com/emp?name=jim&no=101 http://...

by Explorer in

inputlookup excluding index

I am trying to write a query that will ignore events in certain indexes (these indexes change over time). I have a ...

by Path Finder in

Get a list of ID by date and compare with lookup file and get result not in search

Hi everyone I have a lookupfile that contains a name and an ID Brokers.csv Name ID Broker1 101 Broker2 10...

by Explorer in

Using field values from a lookup to modify other field values

Hey everyone,above you can see an example of what I can expect in my work environment..My goal is to modify the value...

by Communicator in

How to display date values based on picker and sort it based on the value being pick

Hi - i'm working on a simple dashboard where user will pick a certain date in a multipicker. Once date is being picke...

by Loves-to-Learn Lots in

How to create a trigger alert with condition that relies on an other alert?

Hello splunkers, I don't now if my title makes sense but here is the situation : I have an alert called buy sig...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get Start and End time from failed condition

Bitbucket and Splunk integration

Comparing sum results between several days

How to regex specific word string?

Can I change _time based on time within data that is ingested

Extracting field with spath from JSON sourcetype overwrites field in other None-JSON sourcetype

Splunk alert for peak errors only

How to compare two json objects for equality?

PII in Email

How to dedup multivalued fields?

Calculate the average of 99th percentile

earliest and latest information in custom python search command

How do i use eval to calculate two fields?

Search for instances of 'test' but not 'testn'

Subtring from url field and then group using the url

inputlookup excluding index

Get a list of ID by date and compare with lookup file and get result not in search

Using field values from a lookup to modify other field values

How to display date values based on picker and sort it based on the value being pick

How to create a trigger alert with condition that relies on an other alert?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Comparing data from 2 days by data type

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...