Splunk Search

Ask a Question

Discussions

Thread Info

help with search repeated events with diffrent values in specific field

Hello, Help will be very appreciated. My splunk index contains a field with codes, and another field with names. ...

by Explorer in

How do you use IF / Else statement to pull different fields including JSON elements?

Hello Community, 2 part question: First, how to use an IF / ELSE statement, secondly, how to specify the JSON eleme...

by Observer in

eval isnull

Hi! Anyone know why i'm still getting NULL in my timechart? The lookup "existing" has two columns "ticket|host_...

by Contributor in

Error: has exceeded configured match_limit

Hi all, please can you help to solve this error by modifying rex line. Here is my error: Error in 'rex' command: ...

by Path Finder in

How to stop loading for entire splunk dashboard?

Hello All, I have and seen many others loading wrong splunk dashboard. Knowing that splunk dashboards at time...

by Path Finder in

List of Serverclass and apps in deployment server

SPlunk SPL query to list unique serverclass and Apps present in deployment server.

by Explorer in

How to show percentages calculated by totals

Hi Splunkers, please help. I have search where i want to show percentages by host of how many errors (mentioned bel...

by Path Finder in

grouping events based on start and end

Hi All i have a below data DateOrginaldatejobidprocess_nameMessge_text14-02-2020 T11:30:0014-02-2020 T11:25:00a1...

by Builder in

Using Join to fields with another values

I have lookup with possible sources and i'm comparing them with the real log events to check if any of them don't sen...

by Loves-to-Learn in

How to fill null value of multi value fields with other value in search output

Hello Community, I need to fill null value of multi-field values with any value , i.e 0 or Not found. Here's th...

by Explorer in

Search a Datamodel using field values from a lookup csv file

I have a lookup: test.csv that has a list of 10 IP's (src_ip). I want to be able to search a datamodel that looks fo...

by Explorer in

Current Splunk Host and IP

How do I confirm the host name & IP address of a host I am logged in in Splunk GUI?

by Builder in

How to build a search with queries depending on each other?

I have a scenario where typical HTTP requests are logged in Splunk.Every request has an unique identifier which is sa...

by Explorer in

Use token just if is defined

Hello, I need to create a dashboard panel (table) doing a query that uses the following filtering condition: acco...

by Explorer in

How to do multi join in a single query

i am trying to write a single query like below, Id is the common field in all the queries. query1 + join[query 2], ...

by Observer in

How to extract an integer value after colon and display results using timechart?

NOTICE: <script>: [3473090307|3167225225](SENDER[10.65.197.2:5073]): Current Active Inbound Calls: NOTICE: <script>: ...

by Explorer in

How do you reset a dashboard field after hitting the submit button?

I have a dashboard form that uses free text inputs to write into a CSV file. How do I get the fields to reset after I...

by Path Finder in

Get data from the last 2 business days

I'm setting an alert that will run everdy business day at 9AM and triggers only if the sum of a field is 0 for 2 cons...

by Engager in

Compare two lists of values, not on the same row

I have a query which runs once a day and which produces a list of all countries a user has visited over the last 30 d...

by Explorer in

Aggregate results with count

Hi there, Got some pain with aggregating results from 2 queries, which seemed simple at first glance... Query 1: ...

by Path Finder in

splunk search

I have an event value like this 2021-02-15 18:07:33,936, where the last value after comma(936) means the respons...

by Explorer in

Timechart how to keep latest value

I'm getting in my splunk database a set of data coming from 8 sensorsThose 8 sensor work in a consecutive sequenceTha...

by New Member in

SPL on configuration files

Hi , I would like to know if we can use SPL commands on configuration files to filter incoming data ? Cause usin...

by Builder in

How to bring 2 different numerical fields under one column name

I have to bring 2 different numerical fields in one column name .I am fetching the fields from a view . Example :I ...

by Path Finder in

How can i retrieve the SID of a saved search by curl?

by Explorer in

Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...

Splunk Search

Discussions

help with search repeated events with diffrent values in specific field

How do you use IF / Else statement to pull different fields including JSON elements?

eval isnull

Error: has exceeded configured match_limit

How to stop loading for entire splunk dashboard?

List of Serverclass and apps in deployment server

How to show percentages calculated by totals

grouping events based on start and end

Using Join to fields with another values

How to fill null value of multi value fields with other value in search output

Search a Datamodel using field values from a lookup csv file

Current Splunk Host and IP

How to build a search with queries depending on each other?

Use token just if is defined

How to do multi join in a single query

How to extract an integer value after colon and display results using timechart?

How do you reset a dashboard field after hitting the submit button?

Get data from the last 2 business days

Compare two lists of values, not on the same row

Aggregate results with count

splunk search

Timechart how to keep latest value

SPL on configuration files

How to bring 2 different numerical fields under one column name

How can i retrieve the SID of a saved search by curl?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown