Splunk Search

Ask a Question

Discussions

Thread Info

To check if service of endpoint starts back once stopped

Hi Folks, I am working on creating an alert for endpoint where we have to check if its service came up after it...

by Engager in

what is colour code of boolean while using endswith?

Hi all, endswith=(notificationType="TestCompleted" OR notificationType="TestCancelled" OR notificationType="Te...

by Path Finder in

How to return all results if field is not exist?

Hi, i use regex to extract fields My query is | rex field=_raw "(?P<Command>((?<=\bCommand>).*(?=<)))" | rex field=_r...

by Path Finder in

Combining two different events with same values from different source types

index=a0_payservutil_generic_app_audit_prd sourcetype="npp:pom:stdout" eventCode="fundsReservationManualInterventionN...

by New Member in

How to make a query to search filed by taking output from the the 1st query

I have a requirement like, I have to create a dashboard and there will be a input filed called as account Id and afte...

by Explorer in

How do I find the versions of all my UFs & HFs and dates of install on Splunk Enterprise?

by Builder in

strptime using 2020-03-08T02:00:21is 1 hour off

The following query returns a result that is one hour off. | makeresults| eval timestr="2020-03-08T02:00:21"| eval ...

by Explorer in

Splunk sort class not working with subsearch

With the below query I'm trying to sort dateTime by descending order but the sorting is not working, could someone pl...

by New Member in

How to split stats command results into rows

I have proxy logs, in which I am interested in 4 fields: the ip address of the user's computer, the category of the s...

by Explorer in

How to hide X axis scale in a bar chart

Hi, I am unable to hide the X-axis scale in the bar chart. See below screenshot, I am plotting the chart u...

by Explorer in

How to extract multiple values from output to create new column in table with associated values

Hello, I have a search query that produces a value similar to below. What i am trying to accomplish is to extract ...

by New Member in

Query 1 week with time range from 0900 - 1700

How do I create a search with below table result? Date RangeTime RangeCount of UsersJan-40900-1700900Jan-50900-1700...

by Observer in

Search Query to trigger an email of the host is not reporting in Splunk for last 15 minutes

Hi Team I have set of 5 hosts which are coming from an index=xyz and with sourcetype=iis so for example if any of t...

by Contributor in

combine where and eval

Hi Community, how do i combine where and eval?Available field are "Gear" and "Torque_Crankshaft" Discribed in my ...

by Path Finder in

Round _value by mstats metrics

Hello, we use mstats to visualize the _value. But for cpu perfmon values there is a number with 10 or more decimals...

by Path Finder in

how to exclude several patterns by IN function?

Hi team, I have below sample events in splunk. 2021-04-09 07:12:41,323 PLV=EVENT DT=MANUALEVENT CIP=0.0.0.1CM...

by Path Finder in

can i clone alerts from the UI

Thats all i need the method for cloning alerts as we migrate

by Engager in

Why are the iplocations not working at all?

Hi My iplocation is not working at all, what am i missing? index=_internal sourcetype=splunkd_ui_access | stats...

by Influencer in

Need one help to prepare Splunk query.

Hello Team, I would like to setup Splunk email alert when Log Statement 2 and Log Statement 3 doe...

by New Member in

How to search for string like "KeyError: 'ABC_DEF'"

I am trying to search for log entries that contain the following: KeyError: 'ABC_DEF' The following work, but will ...

by New Member in

How to create a condition based on the number of digits of a value?

Hello Talented People of the wordl!I hope you are having a great day, I wish to know if there is a way to have a YES ...

by Communicator in

Workload Management - Admission Rules only working on Cluster Master

Hi, Been struggling to get Workload Admission Rules working properly. After a bunch of testing and monitoring ...

by Contributor in

Time based Monitoring

Hi Team, I am having few devices located across the globe and want to monitor only during their Business hour timin...

by Communicator in

Search for sum of application bytes uploaded

Hello All, I am trying to get a total number of bytes/MB/GB uploaded per application in Splunk. Can't seem to fi...

by Loves-to-Learn in

Dashboard

As per below screen shot i created toggle tabs and when i used the in by below panel results are not poplutating. P...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

To check if service of endpoint starts back once stopped

what is colour code of boolean while using endswith?

How to return all results if field is not exist?

Combining two different events with same values from different source types

How to make a query to search filed by taking output from the the 1st query

How do I find the versions of all my UFs & HFs and dates of install on Splunk Enterprise?

strptime using 2020-03-08T02:00:21is 1 hour off

Splunk sort class not working with subsearch

How to split stats command results into rows

How to hide X axis scale in a bar chart

How to extract multiple values from output to create new column in table with associated values

Query 1 week with time range from 0900 - 1700

Search Query to trigger an email of the host is not reporting in Splunk for last 15 minutes

combine where and eval

Round _value by mstats metrics

how to exclude several patterns by IN function?

can i clone alerts from the UI

Why are the iplocations not working at all?

Need one help to prepare Splunk query.

How to search for string like "KeyError: 'ABC_DEF'"

How to create a condition based on the number of digits of a value?

Workload Management - Admission Rules only working on Cluster Master

Time based Monitoring

Search for sum of application bytes uploaded

Dashboard

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions