Splunk Search

Discussions

Thread Info

How to extract, convert and show data

I have following data and : ......2021-06-18 21:05:45.037 +02:00 [Information] Status=[1111111111111111111111111111...

by Explorer in

Regex inside eval is not working

I am trying to do a stats count where 2XX https response means as success and any non 2XX means that it's a failure. ...

by Explorer in

[ Search] Finding the same user connecting to Okta from Separate IPs

Currently trying to work out a search that would allow me to generate a notable event if a user has made successful c...

by Loves-to-Learn Lots in

How to get two different field values In a query

Hi Team I am looking to get two different field values in a single query in Splunk, example, I have two different c...

by Explorer in

Calculate elapsed time from two events

Hi, I'm sure I'm not the first to ask this question, but I can't seem to find an answer that covers what I am tryin...

by Communicator in

How to trigger second search based on first search where condition

I have a dbquery alert which will trigger when first query has more than 250 records then second search will trigger ...

by Communicator in

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search?

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search...

by Builder in

Is it possible to change default colors for charts?

Is it possible to change the default colors for charts (seriesColors), preferably so that it survives an upgrade? ...

by SplunkTrust in

Splunk dashboard using drilldown showing detailed info, but also sending email alert for us if result > 0

Guys, I've created a dashboard where I hunt IOCs from OTX intelligence across several logs in Splunk. This dashboa...

by Explorer in

Dashboard - How to trigger second search based on first search where condition is : first result count

Please, Can someone help me here? Basically , in the first search IF the search stats count >=1 then, a second sear...

by Explorer in

How can I use the chart to show top 100 of a json list?

I have a json list like this: package: [{duration: 100, name: a}, {duration: 90, name: b} ...] and I want to show...

by Engager in

Splunk wildcard for specific position of character in a host list

I have a table with more than 50000 hostnames. I want to run a wild card for 5th & 6th character in a hostname list. ...

by Path Finder in

Simple regex extraction not working?

Hi. I have an event that has the line "Total time taken for process: 535 ms" in it. it's not in a field i...

by New Member in

How to separate sets of information with same field values without using transaction

Hello, I have log entries that look like this: 2021-06-21 16:36:14 Error Fix Success for issue submitted by user:...

by Path Finder in

Split apart MV column into other columns

Hi, I have a MV field that I need to split apart into other mv fields Here is the result of the query ...

by Engager in

Single Value Color Change

I have a panel that is a single value that only shows the Health Status as "UP" or "DOWN". If it is "UP" I want it t...

by Path Finder in

Joining data from same index on single field value and multifield field

Hi I'm trying to join data from same index but with different marker field and multiple values in second index. Examp...

by Observer in

seemingly empty log returned with search query

We keep getting this "empty" log back whenever we do a search within this host/sourcetype. It doesn't seem to matter ...

by Motivator in

statistics by month

Hi Try to build a table for the below requirement First Column: url 2nd Column: jun2021 3rd Column: May2021 ...

by New Member in

Remove Line from stats based on value of line

So I am writing a query and It all gets piped into stats at the end. There is a value that I want to use to remove li...

by Engager in

Case with multiple potential wildcard matches

I have a field with error messages that I need a case statement to cleanup for reporting. In this case some of the me...

by Contributor in

Detecting and changing date format.

I have a field "Date" as below. However, there are some inconsistency in the date format. How can I get the "30/1/20...

by Path Finder in

How to feed a query?

I am trying to run a simple query, but with a catch. I want to run something like this: index=weblogs somedomain.c...

by Loves-to-Learn in

Time range not substituted by search

We have a SHC at version 8.1.3. When we try to use "earliest" and "latest" in search we get results based on the ear...

by Communicator in

Field value comparison

Hi, want to achieve daily,weekly ,monthly, yearly report empDirectory.csv contains Employee ID,Employee Name, M...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract, convert and show data

Regex inside eval is not working

[ Search] Finding the same user connecting to Okta from Separate IPs

How to get two different field values In a query

Calculate elapsed time from two events

How to trigger second search based on first search where condition

How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search?

Is it possible to change default colors for charts?

Splunk dashboard using drilldown showing detailed info, but also sending email alert for us if result > 0

Dashboard - How to trigger second search based on first search where condition is : first result count

How can I use the chart to show top 100 of a json list?

Splunk wildcard for specific position of character in a host list

Simple regex extraction not working?

How to separate sets of information with same field values without using transaction

Split apart MV column into other columns

Single Value Color Change

Joining data from same index on single field value and multifield field

seemingly empty log returned with search query

statistics by month

Remove Line from stats based on value of line

Case with multiple potential wildcard matches

Detecting and changing date format.

How to feed a query?

Time range not substituted by search

Field value comparison

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions