Splunk Search

Discussions

Thread Info

Create a failed search job

Hi, for a testing purpose, i would like to create a failed search job.. i did search for this, but no luck.. any sugg...

by SplunkTrust in

How to combine two searches in one search?

HelloI am trying to get data from two different searches into the same panel, let me explain. Below is a search that...

by Communicator in

last status changed time

Hi Guys, I have this query , which will provide me the list of “Name” on which ProtectionStatus is OFF. index...

by Path Finder in

Retrieving All Events After the Second Instance of an Event

Hello! I am having trouble creating a query to retrieve all of the events between now and the second instance of a...

by Path Finder in

How to suppress first DELTA value?

I am trying to alert on any processes where their CPU time is gaining 60 sec for every elapsed minute. I am using th...

by Loves-to-Learn Lots in

WHERE clause not working when comparing fields in events from same sourcetype

Hello! I am trying to retrieve two events: the latest event where a user leaves a room and the earliest event where...

by Path Finder in

transaction to retrive value then make eval

Dear community, I have the following scenario: User can make many actions, in this case we can have action equals...

by Communicator in

How do we strip single quotes from the beginning and end of the values?

We are an index in which most of the fields have a single quote at the beginning and end of the values. We would like...

by Motivator in

Company retire age is 55; find employee count and list of employee who get retired in next 5 year

Hi there! I have a subjected case to find out list of employees who get retire in next 5 years. i tried with lot of...

by Explorer in

Top 10 values of a field based top 2 values of another field

I want to get top 10 destination IP's for each top 2 source IP's . Where count of is more that 1000 for Source IP ...

by Explorer in

Not able to Extract Year and Quarter from the input field

I have a JSON Input Request like below{"liabilityDetailsVOs":[{"processMasterId":null,"transactionMasterId":null,"tra...

by Engager in

How to create a Table where each row is the result of a query and afterwards make some operations with it?

Hello my unafraid nerve of steel fellas! I hope you are having a lot of fun this week...I have been loosing my sleep ...

by Communicator in

How to expand multiple multivalue fields?

My table is a mess. There are 2 single-value fields and 6 multivalue fields. The multivalue fields can have any numbe...

by Communicator in

Splunk query for Forwarder , Indexer & SH restart

Could someone please help me with the Splunk query to configure the alert if Forwarder, Indexer, or search head had r...

by Contributor in

Merge the data on index

Hi All, I'm in this situation index a index bid neme idneme1simone 1simone3francesco 2marco4luca I have ...

by Path Finder in

Trouble indexing special characters in UTF-8

Hi Splunk community! I'm trying to index a CSV file where multiple values contains special characters such as æ, ø,...

by Engager in

How to have resutls from | stats values(field) shown in individual rows

Hello guys I am trying to download a CVS file from a query that comes after a | stats values(field) command, thus thi...

by Communicator in

UPS monitoring dashboard

Hi Is there any app in Splunk to monitor ups logs or any sample, demo ups monitoring dashboard available which I ...

by Path Finder in

search brackets and special charachters

Hi How can search something like this: 40: message.body.v10.timeLocalTransaction: [00*] FYI: seems not sup...

by Motivator in

Download results a CVS file properly with column values instead of rows!

hello guys.. I am having a HUGE trouble when downloading my results as a CVS file.this is my query| search ....| tabl...

by Communicator in

How to build a table to where the rows are results from previous field operation about common and uncommon values

Hello my dear splunkers I hope you are doing very well.. I would REALLY be so thankful if u can help me put with the ...

by Communicator in

How to create a table where the rows are results from previous field operation about common and uncommon values

Hello my dear splunkers I hope you are doing very well.. I would REALLY be so thankful if u can help me put with the ...

by Communicator in

Splunk - Sendemail for each output row

Hi, I have a tabular results of folks, who are using index=* in their searches. So i have SPL that outputs below ...

by Path Finder in

Eval Case Sequence on Conditions

Hi Splunk Community, How does Spunk prioritize conditional case functions? Lets say I have a case function with 2 c...

by Communicator in

How do I investigate delayed searched reported in Health status under Splunkd

I keep getting delayed searches marked in red "Health Status - Splunkd". How do I investigate and fix this issue?

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create a failed search job

How to combine two searches in one search?

last status changed time

Retrieving All Events After the Second Instance of an Event

How to suppress first DELTA value?

WHERE clause not working when comparing fields in events from same sourcetype

transaction to retrive value then make eval

How do we strip single quotes from the beginning and end of the values?

Company retire age is 55; find employee count and list of employee who get retired in next 5 year

Top 10 values of a field based top 2 values of another field

Not able to Extract Year and Quarter from the input field

How to create a Table where each row is the result of a query and afterwards make some operations with it?

How to expand multiple multivalue fields?

Splunk query for Forwarder , Indexer & SH restart

Merge the data on index

Trouble indexing special characters in UTF-8

How to have resutls from | stats values(field) shown in individual rows

UPS monitoring dashboard

search brackets and special charachters

Download results a CVS file properly with column values instead of rows!

How to build a table to where the rows are results from previous field operation about common and uncommon values

How to create a table where the rows are results from previous field operation about common and uncommon values

Splunk - Sendemail for each output row

Eval Case Sequence on Conditions

How do I investigate delayed searched reported in Health status under Splunkd

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions