Splunk Search

Discussions

Thread Info

Create static fields after matching the field value

I want to create one static field by looking status value = Issue hostm_nnamestatusAcpuOkBdiskOkCmemoryIssueDnetwok...

by Explorer in

Splunk Query

I would like to calculate the success rate of the Toup transaction via Channel( APP Or Web) in 4 API calls( E.g 4 Lev...

by Engager in

Field extraction using regex

Hi All, Can anbody help us with the Regex expression to extract the feild of Channel: values will be either APP or...

by Engager in

Group Events with pattern

Hi Splunk Experts,I've been trying to group "WARN" logs, but they have a pattern (Dynamic/ Argument values) in them. ...

by Contributor in

alternative to join that works with wildcards in lookups

I am trying to use a lookup of "known good" filenames that are within FTP transfer logs, to add extra data to files ...

by Explorer in

Deriving a date based upon past # of months

Hi All, I have a somewhat unusual requirement (at least to me) that I'm trying to figure out how to accomplish. In ...

by Engager in

Reference Manual for Custom User Interface "Manager XML"

When defining a custom modular input in an app, it is possible to design a custom user interface for setting up the p...

by Explorer in

Need solution with custom time field

I am working Service now logs in Splunk. The tickets data has one field called "sys_created" this field gives the tic...

by New Member in

Missing Data in the Dashboard Tile

Hi All We have created a dashboard to monitor CCTV and it was working fine. However suddenly data stopped populati...

by Path Finder in

How to get searches with time range as All Time?

Hello All, I need to search for SPLs having time range as All time. I used the below SPL:- ...

by Contributor in

Use time and field from subsearch as search criteria in main search

I have a subsearch [search index="june_analytics_logs_prod" (message=* new_state: Diagnostic, old_state: Home*)|spa...

by Path Finder in

How to compare the field values from last 48 hours with field values from today

Hi Splunkers, I'm trying to compare the policy names from Today with policy names from past 48 hours to see if ...

by Explorer in

Unknow command (__f!=v) in search log at job inspector

Hello, I've create a search which contains (...(CallerCountry="CN")). When I take a look in the search log in the...

by Path Finder in

fileSizeGB AND fileCount thresholds

Wondering if there are any industry best practices and/or recommendation for setting fileSizeGB AND fileCount thresh...

by New Member in

Table using regex

Below is my raw log [08/28/2024 08:14:50] Current Device Info ... *******************************************...

by Engager in

Adding asterisk to host list

I'm working on a dashboard in which the user enters a list of hosts. The issue I'm running into is they must add an ...

by Contributor in

Regex for string between to delimeters

Hello, Thank you for your help on this in advance, I just need to create a field in Splunk Search that contains th...

by Path Finder in

Forage Task Guide

The task guide for the Forage job sim states this: For example, to add “Count by category” to your dashboard, type...

by New Member in

Need a help with splunk query

HI Team, When i am trying to exclude one field by inserting condition sessionId!=X its not working . even though I ...

by Observer in

Extra data

I have never been one to understand regex, however I need to extract everything after the first entry (#172...) into ...

by New Member in

Handling nulls in a string

I've got this search index=my_index data_type=my_sourcetype earliest=-15m latest=now | eval domain_id=if(isnull...

by Contributor in

Simplifying/combining queries

Howdy, Im fairly new to splunk and couldnt google the answer I wanted to Here we go. I am trying to simplify my queri...

by Engager in

Split output of query into separate files

Running queries on really large sets of data, and sending the output to an outputlookup works well for weekly refresh...

by Explorer in

2 different lookups in if statement.

When I search I want something like this: if(ID =99): then lookup 1, else: lookup 2. What I have right now is s...

by Path Finder in

Join two indexes with the same field data

Good day, I have a query that I would like to add more information onto. The query pulls all users that accessed a AI...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create static fields after matching the field value

Splunk Query

Field extraction using regex

Group Events with pattern

alternative to join that works with wildcards in lookups

Deriving a date based upon past # of months

Reference Manual for Custom User Interface "Manager XML"

Need solution with custom time field

Missing Data in the Dashboard Tile

How to get searches with time range as All Time?

Use time and field from subsearch as search criteria in main search

How to compare the field values from last 48 hours with field values from today

Unknow command (__f!=v) in search log at job inspector

fileSizeGB AND fileCount thresholds

Table using regex

Adding asterisk to host list

Regex for string between to delimeters

Forage Task Guide

Need a help with splunk query

Extra data

Handling nulls in a string

Simplifying/combining queries

Split output of query into separate files

2 different lookups in if statement.

Join two indexes with the same field data

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions