Splunk Search

Community Activity

Chart with count statistics associated time from multiple table Hi Guys,I have one master list that inculdes all items, and I want to consolidate two other time-related tables into ... by splunksuperman Explorer in Splunk Search 10-29-2024 0 2	0	2
Filtering logfiles showing one error log for every row Hello,I need help in creating a search query to filter info showing just our logfile with same error line for all row... by apmcharter New Member in Splunk Search 10-29-2024 0 1	0	1
How to join two indexes with a search Good day,I want to join two indexes to show all the email addresses that the user have that signed in. This queries m... by JandrevdM Path Finder in Splunk Search 10-29-2024 0 1	0	1
Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response We have an on-prem Splunk-Enterprise Version: 9.0.4.1 We updated IDP url in the SAML configuration and after uploadin... by cimino Engager in Splunk Search 10-29-2024 0 0	0	0
How do I send email alert if one or more subsearch exceed 50000 results? Hello,Hello,How do I send email alert if one or more subsearch exceed 50000 results?For example below I have 4 subse... by LearningGuy Motivator in Splunk Search 10-29-2024 0 18	0	18
How do I join an inputlookup and a tstats search? So I have a lookup file with a complete list of servers and their details like version, owner etc, and an index my_in... by PotatoDataUser Explorer in Splunk Search 10-29-2024 0 2	0	2
ジョブを消しても復活する現象について splunkで以下のSPLをジョブのバックグラウンドに送りました。\| metadata type=sourcetypes \| search totalCount > 0その後、こちらのサーチのジョブを削除したのですが、splunkのサ... by yuuki98696 New Member in Splunk Search 10-28-2024 0 0	0	0
How to match fields with the same name from two events and if match add a field Hello,I have these two events that are part of a transaction.These have the same s and qid. I need to match s and qid... by SplunkUser001 Explorer in Splunk Search 10-28-2024 0 6	0	6
How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel? HiI am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 v... by varsh_6_8_6 Explorer in Splunk Search 10-28-2024 1 2	1	2
How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help I'm using a query which returns entire day data : index="index_name" source="source_name" And this search provid... by andy11 Observer in Splunk Search 10-27-2024 0 5	0	5
Can I rename different fields the same thing? I'm working with a dataset that lists companies and individual people, so that some entries have the field "Entity Na... by Federica_92 Communicator in Splunk Search 10-25-2024 2 6	2	6
How can I display only 1 value in a timechart that uses a by Hellohow can I display only 1 value of these 3 "maxCapacitMachine" results (which are the same in all 3 cases) in a B... by Splunked_Kid Explorer in Splunk Search 10-25-2024 0 5	0	5
How can I optimize my Splunk queries for better performance? I’m experiencing slow performance with my Splunk queries, especially when working with large datasets. What are some ... by sajjadali1122 New Member in Splunk Search 10-25-2024 0 2	0	2
How to extract fields from source? How to extract fields from below source./audit/logs/QTEST/qtestw-core_server4-core_server4.log I need extract QTEST ... by karthi2809 Builder in Splunk Search 10-25-2024 0 2	0	2
Replace Notable Title Variable With Value I need to replace the variables in the field rule_title field that is generated when using the `notable` macro. I was... by Devinz Loves-to-Learn Lots in Splunk Search 10-25-2024 0 1	0	1
Help with join query for Salesforce Hello Smarties... Can someone offer some assistance; We recently started ingesting Salesforce into Splunk, Username a... by linaaabad Observer in Splunk Search 10-24-2024 0 2	0	2
Dashboard panels with shared base search stopped working... Some years ago I've created a (beautiful!) dashboard, with multiple panels, which presented related data at different... by unitedmarsupial Path Finder in Splunk Search 10-24-2024 0 3	0	3
Dedup Question Hello Everyone,Having a hard time finding the appropriate way to display data. I have duplicate data where one field ... by enb_splunk Engager in Splunk Search 10-24-2024 0 1	0	1
Compare results from same field I'm using cmd \|iplocation src, and the results produce results for the City. Next i want to compare each City and rep... by CyberWolf Path Finder in Splunk Search 10-24-2024 0 5	0	5
Using Lookup csv file to query fieldname I have a lookup file saved with a single column having values of specific fields in it. And want to use to search in ... by chrismatt02 Explorer in Splunk Search 10-24-2024 0 6	0	6
Splunk query to build a table with total event count, sub event count and sub event in percent Hi Team,i am trying to design a query which show be result like total event count, sub event count and sub event in p... by cbiraris Path Finder in Splunk Search 10-24-2024 0 2	0	2
delete fault submitted events, including avg timechart delete Hi Community,i have a data source, that submit sometimes faulty humidity data like 3302.4 Percent.To clean / delete t... by CMEOGNAD Engager in Splunk Search 10-24-2024 0 9	0	9
Service maintenance in search Hi,I am a rookie in SPL and I have this general correlation search for application events:index="foo" sourcetype="bar... by niemi_splunk Explorer in Splunk Search 10-23-2024 0 4	0	4
extract fields Oct 22 14:20:45 10.5.0.200 DNAC {"version":"1.0.0","instanceId":"20fd8163-4ca8-424b-a5a9-1e4018372abb","eventId":"AUD... by afeng New Member in Splunk Search 10-23-2024 0 4	0	4
How to merge two fields into one field? I have the following result set coming from a search: field_1 field_2 1 2 3 4 5 6 I need to mer... by lpolo Motivator in Splunk Search 10-23-2024 9 32	9	32