Splunk Search

Ask a Question

Discussions

Thread Info

How do I match based on multiple values using eval and like command

Hi, I have a field named operating_system. it can contain multiple values examples being "Windows 10", "Windows Ser...

by Path Finder in

Rex to filter To remove multiline log entry

Please find the below single Log entry with multiple lines: >Validation results Message 1) sucess: true ...

by Observer in

How to get a new line while adding two values

Need to get a new line (\n) after the value, is it possible ?eval check=case( 'value' > 0,'value'+" "+"Good", 'value'...

by Path Finder in

Join searches and make a calculation

I would like to run 2 searches and calculate the difference between 2 fields and plot the result using timechart I...

by Path Finder in

How to fill null values in JSon field

hello community, good afternoonI am trapped in a challenge which I cannot achieve how to obtain the expected result. ...

by Engager in

Differentiate JSON event with multiple fields with the same name

Hello - I have JSON events that have multiple items nested inside them. Each item has fields with the same name. I'...

by Explorer in

ConnectionRefusedError: [Errno 111] Connection refused

Am using splunk-sdk to connect. splunklib.client importing client object = client.connect(host=host, port=8089,...

by New Member in

Need help with adding if condition between time

Hello all, blacklist blackout_end blackout_start1 1616756907 16167564...

by Explorer in

Search for IDS with inputlookup

So this may be a pretty easy task, however I am not getting it to work the way I want it:so here is my problem:I have...

by Explorer in

Regex command with eval regex-expression

I am beginner with splunk and want to filter the log lines with matching file name field but file name (Ex. file_name...

by Loves-to-Learn Lots in

Help me to format the below query without the join command.

Help me to format the below query without the join command. index=sample sourcetype=Sample_1 | fillnull | makemv de...

by Explorer in

How to use eval to rename a variable unter certain conditions

I have under each orderNr five different weights. __________________________ Weight: 0.898, WeightTypeId: 1, Orde...

by Path Finder in

Truncate logs to 10K for all the sources in SPLUNK (cloud)? Default setting is not applicable for HTTP and TCP l

how to truncate logs to 10K for all the sources in SPLUNK (cloud)? The default setting is not applicable for HTTP and...

by Observer in

Need get last event occurred time of each day

Hi All, I would like to get last event occurred time of each day, my searching window area is last 30 days. For exa...

by Engager in

Find null values in multivalue fields

Hello, Need to find null values from multivalue field. I am using mvcount to get all the values I am interested for...

by Explorer in

Matching Results of a Search on One Value - Based on the Results of Two Events

Hello, I am trying to configure alerting for a Failover Cluster by verifying the running server name, then confirmi...

by Explorer in

Search for events surrounding error clusters - transaction event too large

I am trying to do analysis on a historical/intermittent issue that is surround a particular error in our logs.This er...

by Path Finder in

Combining records with the same date

I have a search that I am using for tracking VPN connection and I have found that I have users having multiple connec...

by Engager in

How to filter the search with the following record

Hi there, Can I know how to get the record from ver 1.1 by case sensitive excluding record from ver 1.2? Curr...

by Explorer in

compare fields by vpn session user and rdp session

Hello everyone. There is a task of comparing the sessions of the user who came from the VPN and further with the same...

by Loves-to-Learn Everything in

Reg. Correlation searches. Do they have to be configured in Splunk Ent. & ES? Could they be only on one of these 2 ?

Reg. Correlation searches. Do they have to be configured in Splunk Ent. & ES? Could they be only on one of these 2 ? ...

by Builder in

how do I get daily average over a month for all the pages I receive

I receive about say between 10 to 20 alerts per day. All these pages shows as an event in my splunk. How do I find ou...

by Path Finder in

How do I get status & list of my Correlation searches via GUI & How to get the best out of them?

by Builder in

CASE command in Props.conf

Hello SMEs....Seeking helping hand I got stuck while putting EVAL-<field-name> in props.conf using case command and...

by Path Finder in

One alert but two different timings based on the output of the first alert

Hi, I need your help in knowing if it is possible to have an alert that triggers at 1 PM everyday and if the search...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I match based on multiple values using eval and like command

Rex to filter To remove multiline log entry

How to get a new line while adding two values

Join searches and make a calculation

How to fill null values in JSon field

Differentiate JSON event with multiple fields with the same name

ConnectionRefusedError: [Errno 111] Connection refused

Need help with adding if condition between time

Search for IDS with inputlookup

Regex command with eval regex-expression

Help me to format the below query without the join command.

How to use eval to rename a variable unter certain conditions

Truncate logs to 10K for all the sources in SPLUNK (cloud)? Default setting is not applicable for HTTP and TCP l

Need get last event occurred time of each day

Find null values in multivalue fields

Matching Results of a Search on One Value - Based on the Results of Two Events

Search for events surrounding error clusters - transaction event too large

Combining records with the same date

How to filter the search with the following record

compare fields by vpn session user and rdp session

Reg. Correlation searches. Do they have to be configured in Splunk Ent. & ES? Could they be only on one of these 2 ?

how do I get daily average over a month for all the pages I receive

How do I get status & list of my Correlation searches via GUI & How to get the best out of them?

CASE command in Props.conf

One alert but two different timings based on the output of the first alert

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!