Splunk Search

Discussions

Thread Info

How to get max number of hours without events

I have a summary index for hourly event count of a feed. The feed has some hours with event count empty. How can I ge...

by Path Finder in

Regex search help

I was asked to " update a search to append a final ' | regex PatternStringMatch="[A-Z]" query that will look for anyt...

by Engager in

Dashboard: Split field into unknown number of separate fields and be clickable

Hi there, I have challenge which i am not sure if this is possible in Splunk. I have directory data with document...

by Path Finder in

File Comparision

How can we compare different versions of a file?

by Path Finder in

Windows Defender discovery on Splunk?

Hi everybody.I'm back using Splunk after some years, so I'm a bit "rusty". This is my scenario: suppose I have a ne...

by Engager in

How can I add a percentage sign to the radial gauge number that is displayed at the bottom?

Is it possible to set the format type of a radial gauge to % or somehow decorate the number display with a % sign? ...

by Path Finder in

How do I get only certain value from a log in results ?

Is it possible to get a particular value from search results in my final output. I'm having a hard time getting them ...

by Loves-to-Learn in

Filter events by length of json field

I'm trying put together a query to find some outlier events with very long values within a complex structure. ...

by Path Finder in

Change single quote to double quote

I'm working with a data source that has two different versions. In one version the information is double quoted whil...

by Contributor in

How do I add a label to a dashboard using rest command for several lookups ?

Hello There, I am able to use the | rest command to obtain the date that the lookup was last updated in Splunk. Ho...

by Path Finder in

How to Combine multiple rows into comma separated single row ?

Is it possible to combine multiple rows into one row ? COLUMN frow1 frow2 frow3 to something like COLUMN f...

by Communicator in

_Splunk_ error collecting event hub data

Hi All, I got into a error while setting up Microsoft Azure Add on for Splunk. Everything seems to be correct on co...

by Path Finder in

how to search using subsearch of occurence of a value

Hi Team, I have a search query that searches for checking the busy tread and showing their occurrence in the log th...

by Explorer in

How do you combine results based on substring?

I have results such as "No image", "No Images", "No images: Blank", etc. I want to combine all results that say no im...

by Explorer in

Regex help required

Hi Team, Can someone provide me the Regex for the below: |search (UPN=*T@mail...

by Path Finder in

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv...

by Path Finder in

How to combine two searches with common value into one table

I need help regarding a join from events based on different sourcetype (same index) that are related by the same valu...

by Explorer in

field extraction

I have logs like below findContractsByPersonId(String) executed in 463 millisecondsfindContractsByPersonId(String) e...

by Explorer in

How to write subquery to run the sub query for timings different from dashboard timings

Hi, We need help in drawing the trend for multiple timings in the splunk. Below is my query - ...

by Path Finder in

File Latest and Oldest

I have a file which I uploaded once (say 1 year ago), i uploaded it again (say 6 months ago) with some changes, and t...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get max number of hours without events

Regex search help

Dashboard: Split field into unknown number of separate fields and be clickable

File Comparision

Windows Defender discovery on Splunk?

How can I add a percentage sign to the radial gauge number that is displayed at the bottom?

How do I get only certain value from a log in results ?

Filter events by length of json field

Change single quote to double quote

How do I add a label to a dashboard using rest command for several lookups ?

How to Combine multiple rows into comma separated single row ?

_Splunk_ error collecting event hub data

how to search using subsearch of occurence of a value

How do you combine results based on substring?

Regex help required

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

How to combine two searches with common value into one table

field extraction

How to write subquery to run the sub query for timings different from dashboard timings

File Latest and Oldest

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month