Splunk Search

Ask a Question

Discussions

Thread Info

Help with CSV - Special Case

Hello Splunkers! We have a situation here and need your help and experience. We are looking for best practice t...

by Path Finder in

Detect spikes in log activity

I am trying to create an alert if Splunk detect anomalies in my log creation rate. For example, my application norm...

by Path Finder in

Time Modifier to an earlier day of the week

Hi There, I have a query that restricts events that were delivered and my search window is from 01/20/21 through 01...

by Explorer in

Find records between dates entered in text boxes

Good Evening, I have, what appears to be, a unique situation. I have tried every means that I could find even vagu...

by Path Finder in

How to execute a saved search using Splunk's REST API

I know this question has been asked a few times but none of the answers seem to work for me. I have a saved search c...

by Engager in

Lookup returns all events

Hi I'm a beginner at Splunk and am running into a problem with lookups. I have indexed IIS data in one sourcetype cal...

by Explorer in

Query for Users, Roles, AD Groups and Indexes.

Hi, I'm trying to get the query to pull out the following, but struggling a bit with all the joins. I need to get ...

by Path Finder in

Anything wrong is with join query?

I have inserted the same data in splunk and mysql. Splunk query: index=sysmon EventCode=3 | stats count a...

by Explorer in

writing to csv using java sdk affect performance?

Hi, I am exporting search results to csv using java sdk ,from then to mysql database.sometimes it is writing to cs...

by New Member in

Using earliest with custom time field

This below query gives me the earliest trigger_name according to the splunk log timestamps. But I have a custom times...

by Explorer in

Compare output of a search to a lookup values

Hello everyone, I am trying to compare a list of IPs from a lookup with a output from a search field, and instated...

by Path Finder in

External command based lookup 'X' is not available because KV Store initialization has failed. Contact yo

I'm getting this error when I run a report: External command based lookup 'x' is not available because KV Store ini...

by Observer in

Top 10 Splunk Users

I need to get a top 10 of the users who use Splunk the most

by Builder in

field values with "invisible" characters?

I have a number of events searchable by: index=main sourcetype="myevents" All of them show foo field with value b...

by Explorer in

Drilldown not working, even when using <![CDATA]]>

I am having a similar issue to this thread here, but my drilldown search still won't work (explanation below):https:/...

by Communicator in

Toggling alerts on/off

Hi, If you have (for arguments sake) 10 alerts setup in the Splunk Cloud version. Is there a way to toggle all of t...

by Explorer in

Multiple values field extraction with colon delimiter

Hi all,i have been trying to extract error code which is alphanumeric and is delimited as per below but not able to e...

by Path Finder in

Extract field from group with minimum timestamp

I have a query like this where i group by REQUEST_ID eventtype=sfdc-event-log EVENT_TYPE="ApexTrigger" REQU...

by Explorer in

Eval If Else with calculations

Hi, I am stuck with this from last few days and i really need some help. M trying to create a gauge for displayin...

by Explorer in

The search job terminated unexpectedly.

Splunk internal logs: INFO StreamedSearch - Streamed search connection terminated Splunk search: index=oswins...

by Explorer in

how to make time_token.earliest in readable format

Hi, I have like this <title>Report $time_token.earliest$</title> result : Report -30d@d can the result be cha...

by Path Finder in

Combine two search queries to display count

One of the search queries provides a TimerName and an ID as a field. Another search provides the TYPE of the ID as a ...

by Path Finder in

Drilldown to URL on single column

Hi, I am trying to enable drill-down on only single column present in table in my dashboard named "Training_Link"....

by Explorer in

Move values in columns to top independently?

Hi, I'm a bit stuck with a data transformation. I got it to a point where all the columns and values are in the rig...

by Loves-to-Learn Lots in

How to compare the values of dynamic column?

Hello Splunkers, My search executes monthly, over a period of 3 months data, since march is going on my last 3 mont...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with CSV - Special Case

Detect spikes in log activity

Time Modifier to an earlier day of the week

Find records between dates entered in text boxes

How to execute a saved search using Splunk's REST API

Lookup returns all events

Query for Users, Roles, AD Groups and Indexes.

Anything wrong is with join query?

writing to csv using java sdk affect performance?

Using earliest with custom time field

Compare output of a search to a lookup values

External command based lookup 'X' is not available because KV Store initialization has failed. Contact yo

Top 10 Splunk Users

field values with "invisible" characters?

Drilldown not working, even when using <![CDATA]]>

Toggling alerts on/off

Multiple values field extraction with colon delimiter

Extract field from group with minimum timestamp

Eval If Else with calculations

The search job terminated unexpectedly.

how to make time_token.earliest in readable format

Combine two search queries to display count

Drilldown to URL on single column

Move values in columns to top independently?

How to compare the values of dynamic column?

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!