Splunk Search

Discussions

Thread Info

Error in 'eval' command: The expression is malformed. Expected ).

<query>"$ps_fn$" |rex field=message "(?<Http>HttpStatus): (?<status>\\d+)" | eval status=(sta...

by Explorer in

How to determine which deployment server a forwarder is phoning home to?

I have multiple deployment servers.The global deployment server is to distribute basic configurations and also config...

by Path Finder in

Show all events for individual users during a timeframe

Creating a dashboard to track when users badge into and out of different areas. Problem: If I do a basic search for...

by Explorer in

what is the reason for getting events with source=unknown

As I am indexing the data, I notice that apart from the 'sources' that are appearing correctly (/var/log/filename.gz ...

by Explorer in

I am getting the Error in 'eval' command: Type checking failed. '-' only takes numbers, while calculating difference

Hi , My wish to get the difference between yesterday and todays Pass % and fail % for different sourcetypes . I h...

by Path Finder in

Find results that appears in a % of the cases and list the outliers

Hi there, First of all, thank you for any comment. I am looking for a way to identify if I have any index missing...

by Path Finder in

index=_metrics is not a floating point value

Hi Team, We noticed that every time a Indexer is restarted, the search head and the Indexer itself pops up with a m...

by Path Finder in

How to use the sendemail command to send an email to different recipients from a lookup per event?

Hi. I have a lookup object named user_email which contains a notified email list. If there is at least an event fo...

by Communicator in

How to send individual emails that appear in the search results

Hi team, I have search results with CUID is the email(I will append my company domain to CUID, so that mail will g...

by New Member in

sending emails to users that appear in search results

Hi, The question was asked before but I couldn't find a good answer anywhere. Here goes... I have a search result ...

by Explorer in

How to use the sendemail command to send results to different emails created with eval?

Hi splunkers !!! Need help. I used eval to create a field with the email address for some users: search myquery...

by Path Finder in

How do i get the url without params

I am trying to make a report based on the url, and avg response that certain url is taking. I am able to get the logs...

by Communicator in

Eval for Performance based on Category and if below MaxResponseTime

Hi, I want to look at each response_time value for each Tier, and count the amount of response times that are above...

by Communicator in

Splunk 8.0.1 and 8.2.0 stats latest behaving differently

Following produces values for a and b in Splunk 8.2.0, but in 8.0.1, values of a is empty Is there any changes in b...

by New Member in

SPL | REST command does not work when non-Admin

User with these capabilities fails, but ADMIN user works. This SPL works fine when logged in as ADMIN, but doe...

by Contributor in

Splunk SPL to detect anomaly over usages from indexes

Hello ,I would really appreciate your help in creating a splunk search query to find out the anomaly over size from ...

by Loves-to-Learn Lots in

Use the result from the subsearch to a main search

In one of the search strings, I have an event from which i extract the correlation ids and in turn want to search thr...

by Path Finder in

earliest and latest HH:MM across multiple days

I want to set dynamic SLA's for File Processing. In order to do this I need to: 1. get the earliest HH:MM:SS the j...

by Explorer in

How do i search for IPv6 addresses from my src_ip field.

I'm trying to do a search that finds IPv6 addresses. Currently our field src_ip has both IPv4 and IPv6 in it. How can...

by Path Finder in

How to use stats instead of transaction command ?

log1 : user_id , status=interrupt, log2 : user_id, status = success Hi All, I want to find user_ids that failed...

by Explorer in

Combine two searches

Hi, I have 2 sample logs and I need to combine them into 1 query to grab the "Accesses" values, Due to the l...

by Loves-to-Learn Lots in

Help with Boolean query

Below is an example of what I want to accomplish: If x="example" and y="success", return true for this segment....

by Path Finder in

Searching data that is not indexed

We have data which is not being indexed that needs to be searched. I've been told by our Splunk admin team that the d...

by Explorer in

Exclude Source IP and Destination IP from results if they belong to same private ip range

Hi There, How do i Exclude Source IP and Destination IP from results if they belong to same private ip range? For e...

by Communicator in

SPL Query to filter the ip used less than 20+users

Hi Team, I have a dashboard where existing results showing Event date, Event title, email id, Logon IP, Logon Locat...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Error in 'eval' command: The expression is malformed. Expected ).

How to determine which deployment server a forwarder is phoning home to?

Show all events for individual users during a timeframe

what is the reason for getting events with source=unknown

I am getting the Error in 'eval' command: Type checking failed. '-' only takes numbers, while calculating difference

Find results that appears in a % of the cases and list the outliers

index=_metrics is not a floating point value

How to use the sendemail command to send an email to different recipients from a lookup per event?

How to send individual emails that appear in the search results

sending emails to users that appear in search results

How to use the sendemail command to send results to different emails created with eval?

How do i get the url without params

Eval for Performance based on Category and if below MaxResponseTime

Splunk 8.0.1 and 8.2.0 stats latest behaving differently

SPL | REST command does not work when non-Admin

Splunk SPL to detect anomaly over usages from indexes

Use the result from the subsearch to a main search

earliest and latest HH:MM across multiple days

How do i search for IPv6 addresses from my src_ip field.

How to use stats instead of transaction command ?

Combine two searches

Help with Boolean query

Searching data that is not indexed

Exclude Source IP and Destination IP from results if they belong to same private ip range

SPL Query to filter the ip used less than 20+users

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions