Splunk Search

Discussions

Thread Info

Splunk multiple field extraction

I have the below Splunk Event & need to extract multiple fields from the same : [TIMESTAMP=2021-02-19 ...

by Path Finder in

Why is the Dashboard Base Search is not working for all panels?

I did build a Dashboard with a base search and five panels, all based on the base search. Somehow, two of five panels...

by Engager in

Add a comment to a search?

I'm working on a really large search right now (on the order of 35 lines long). Is there a good way to insert a comme...

by Motivator in

Code to prepare a Comparison Result table.

Hi All, Need help in a Splunk code. Below is the data am having and a sample Table how the output looks like. Inp...

by Communicator in

Trigger an alert after comparing two search results

I have two search conditions that I need to trigger alerts from. I have a hundred hosts on a HA cluster. Sometimes ho...

by Explorer in

how to create hyperlink for a plain text that directs to search query on splunk dashboard

Hi , Please help on this @niketn the below 2 rows as single panel search by employeeid(hy...

by Explorer in

Extract Field Issue, but when using in a search.

My goal is to match whatever is after "Commit Description:" up until but not including the " after TASK0123456. I don...

by Loves-to-Learn in

Get the exception and Error in Splunk query

I am trying to build a splunk query to get the error summary from a log. I want to capture all the events where ther...

by Explorer in

Cascading replication of large bundles

Hello everyone I found a wierd bug in the cascading replication process. The shcluster captain says when he tries t...

by Explorer in

Field renaming of some but not all fields

While on a mission to eradicate 'join', I was showing someone how to replace a join statement with stats. However, ...

by SplunkTrust in

How to get an epoch time for $client_time.latest$

Hi, I have a dashboard with a dropdown form allowing users to select the time period they wish to analyse. I am l...

by Engager in

Extract Field with Backslash and Quotes

I'm trying to extract this field that has colon, backslash and quotes around it and its not yielding any result. Fi...

by Engager in

Using two lookup tables in one query

I am trying to create an alert that will utilize a search with data from two lookups. Basically, I want to: Take/re...

by New Member in

Memory usage

I need a query to find Memory usage more than 90 percent by hostname is it a good idea to do in splunk vs app dynam...

by New Member in

How to combine two queries into one?

I have two query that is exact same except the use of the lookup for each search. The one query includes data from a ...

by Explorer in

REST API: DBX: Specify time range

Need to run a dbxquery command via the REST API, and having trouble defining the search's time range in that context....

by Path Finder in

dnsrequest url or query help

Hi Splunk community, I am trying to determine the impact of removing Adobe Flash from our environment. I have don...

by New Member in

foreach and subsearch values

I am using a table of results a | b | c | search | d | e ===================================...

by Explorer in

Bandwidth usage from Firewall

I'm looking to create a bandwidth chart showing the bandwidth traffic our firewall over a time period and converting ...

by Engager in

Disable default sorting behavior

Context: existing Splunk installation I'm working with is not very robust when handling search requests due to sheer ...

by New Member in

Removing Single Fields From a List of Maps

Hi, I have an event json similar to:{"stages":[{"duration":12,"status":"Success","children":[{"test":"integration",...

by Engager in

Proper execution of subsearch help

So here is my existing query as it runs now sourcetype=snort[search sourcetype=snort |top limit=20 src| table src]|...

by Path Finder in

Multiple Timecharts by a field in single search

I wanted to create multiple timecharts in a single search. The scenario i am stuck in is something like this : inde...

by Engager in

Cataloging Report Notification Actions

I am looking to catalog which reports/alerts utilize which notification actions. I have a search currently that keys ...

by Engager in

<change> event firing before the user ever makes a change to the form input?

Hi all, hope all is well!I'm unsetting a token in the <change> block of a <query>. However, I'm finding that the <uns...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk multiple field extraction

Why is the Dashboard Base Search is not working for all panels?

Add a comment to a search?

Code to prepare a Comparison Result table.

Trigger an alert after comparing two search results

how to create hyperlink for a plain text that directs to search query on splunk dashboard

Extract Field Issue, but when using in a search.

Get the exception and Error in Splunk query

Cascading replication of large bundles

Field renaming of some but not all fields

How to get an epoch time for $client_time.latest$

Extract Field with Backslash and Quotes

Using two lookup tables in one query

Memory usage

How to combine two queries into one?

REST API: DBX: Specify time range

dnsrequest url or query help

foreach and subsearch values

Bandwidth usage from Firewall

Disable default sorting behavior

Removing Single Fields From a List of Maps

Proper execution of subsearch help

Multiple Timecharts by a field in single search

Cataloging Report Notification Actions

<change> event firing before the user ever makes a change to the form input?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!