Splunk Search

Ask a Question

Discussions

Thread Info

Divide the results of a query based on a field in the log

Hi, I wanted to divide each hostname by using the count of "documentcompletetime" field. index=nextgen so...

by Path Finder in

How to find find my reports and alert coming from which directory

Hi Team, Need help in identifying how can we find the path/directory of my alers and reports.. For ex all...

by Path Finder in

'Show Source' in the search events

I am searching for logs, and when I click on 'Show source' they are more logs...

by Observer in

Extract fields from nested json structure with dynamic key

Hello,I have nested json type log messages like below being forwarded to splunk - { "timeStamp": "2021-03-1...

by Loves-to-Learn Everything in

Outputlookup Removes Multivalue Fields

I had an extremely expensive query that would return results in this format: I needed to speed up the query b...

by Communicator in

Avg and most common Search time frame

A quick search didn't find anything. I am looking to determine what the most used and avg Search window is. I.e. how ...

by Contributor in

How to filter out results where an extra event is present

Hello, I have events that look like this: 2021-05-27 14:33:44 UserId:123 Begin Fix for Issue:4354657687 <-- ex...

by Path Finder in

I need to display field value in dashboard from realtime log

Hi, I have logs coming from 5 servers, consider each sends status data everytime there is change in status, So I wa...

by Explorer in

Show only those users who exceed percentage of a certain value

I have a preliminary search of a web-server-like log that looks like: index=whatever Method=GET| where Response in ...

by Splunk Employee in

Splunk Search to see which queries they ran and exported out of Splunk

I have a need to pull all the users and the files/sourcetype or queries they ran to export data out of splunk I fou...

by Path Finder in

Issue with dbinspect command

Splunk version 7.3.6 When I run | dbinspect index=* I receive the expected output but only for...

by Path Finder in

Join alternatives

I've read in other posts that using join in Splunk isn't great so I'm looking for a better way to do my search. I w...

by Engager in

How to get intersection of two sets ?

Hello folks, Thanks to visit my question. Users are getting two kinds of errors say A and B one at a time. Both c...

by Explorer in

Create a chart with stacked success status and status>500

Hello there. I've a series of GET/POST request. The request is to have inside the dashboard a stacked column ...

by Path Finder in

eval strftime to create current_hour (HH:MM) to be used with inputlookup fields

I have a lookup with the files that should be sent each hour (common/flat file names) with the hour as the header, I ...

by Explorer in

Add stopwords to tfidf command in splunk

I have the following search: earliest=-1d@d latest=@d index=cdb_summary sourcetype=cfg_summary source=CDM_*...

by Explorer in

how to store a value from rex and reuse this value in another search

Dear fellows, I have two logs and i am looking to do some correlation between them. In the log1, i am looking for...

by Engager in

same field name exists in two indexes but with different values

Hola splunker. i performed a search using two indexes, but these tow indexes have different fields that uses th...

by Path Finder in

Find out index of hosts sending new since 24hrs

HiI wanted to write a search that show all hosts that sends new since 24hrs into Splunk. The problem now is that I wa...

by Loves-to-Learn Lots in

Search using two indexes

Hola Splunkers !! i want to search in two indexes with one common values in between, for exapmle: index=E...

by Path Finder in

Is there a way to deduplicate event in summary index

I created a report for finding list intersection of two set A: inputlookup spam_ip (Indicator of compromise) B: i...

by Explorer in

How to print latest value and average value of a column

Hi, I have a list of values as shown below from the above picture data I wanted to pick the average of each...

by Path Finder in

Calculate performance metrics for different categories in a single search

Hi, Bit out of my depth here but I have done an eval so we divide the events in the index by the URLs and I have 4 ...

by Communicator in

How to filter a field by common words

I have a field of titles that are filled with sentences about why a test was failed in a security audit, but they are...

by Explorer in

regex vs where match()

I've never used |regex, but use |where match() quite often. Is the former just syntax sugar or is there any differen...

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Divide the results of a query based on a field in the log

How to find find my reports and alert coming from which directory

'Show Source' in the search events

Extract fields from nested json structure with dynamic key

Outputlookup Removes Multivalue Fields

Avg and most common Search time frame

How to filter out results where an extra event is present

I need to display field value in dashboard from realtime log

Show only those users who exceed percentage of a certain value

Splunk Search to see which queries they ran and exported out of Splunk

Issue with dbinspect command

Join alternatives

How to get intersection of two sets ?

Create a chart with stacked success status and status>500

eval strftime to create current_hour (HH:MM) to be used with inputlookup fields

Add stopwords to tfidf command in splunk

how to store a value from rex and reuse this value in another search

same field name exists in two indexes but with different values

Find out index of hosts sending new since 24hrs

Search using two indexes

Is there a way to deduplicate event in summary index

How to print latest value and average value of a column

Calculate performance metrics for different categories in a single search

How to filter a field by common words

regex vs where match()

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!