Splunk Search

Ask a Question

Discussions

Thread Info

Limited search join

Hello awesome community! I got help from here once before so I will try again. I have two indexes, Index A and In...

by Explorer in

on list of _time values how to get start and end times by specific date in splunk

my search query returns list of _time values for multiple dates and below is start and end times for a each date 20...

by Explorer in

Need help with the format of the fields in splunk query

I have the final result which looks like below: Host Date Total_1 Total_2 To_be_removed Prod 02-26-2021 456 784...

by Explorer in

Why is the field count double the amount of total events?

Hi there, I am new to Splunk and have sent some dummy JSON-data to Splunk. I notice that for example there are ...

by Explorer in

Find Largest Files of Linux Using Splunk

Hi everyone, On my Linux machine, which has Splunk Forwarder and Splunk Add-on for Unix and Linux installed, I'...

by Explorer in

Issue with Splunk Query Stats not brining in all values

Hi All,I have a log which has below lines in it: "Results":{"Elapsed":"0","Message":"No of Application to Obsol...

by Explorer in

help on subsearch wich truncate events

Hi I use the search below but I lose some events because I have the following message : [subsearch]: Subsearch pr...

by Motivator in

How do I add two rows with different identifiers and chart?

Hi, I have a table like this: Tag | Valueaa | 15.5bb | 20cc | 23 I want to chart the v...

by Explorer in

Can tables be used with top to display additional event fields

Goal is to return a table that displays the Top 10 (md5) hashes in recorded alerts received over a 60 days period. ...

by Path Finder in

How to make the values in a column the column names for a table?

Hi all, I would like to make the values of a column the column names for a table. Currently, I am using the com...

by Path Finder in

Work around if sub-search does not return data for a where clause.

Search: source=D:\XSP\importhelper source=IH_Daily\DebugImportHelper End | eval dayBuffer=strftime(now(), "%d") | ev...

by Path Finder in

Xml path extract field

<Shipment Action> <ShipmentLines> <ShipmentLine PrimeLine="2" /> <ShipmentLine PrimeLine="3"/> <ShipmentLine...

by Explorer in

How to combine search results in order to use Start Time and End Time from Event 1 in JMS Queue pending messages?

Hello, We are new to Splunk , learning and working customer requirments. You are requested to help on merging t...

by Observer in

How can I search for same values within a field

Hi, I have a field with multiple values, some of them share the same characters at the beginning of the values. ...

by Explorer in

Service logs count very less to a particular host

I'm having trouble writing a query which displays the action and host count where log count is below average on any h...

by Observer in

Hide Drop Down

Hi All,I want to always hide my drop down <input type="dropdown" token="TransactionID_filter" searchWh...

by Path Finder in

Count number of diefferent field values

Hi, My events contain a field named "fruit" that distinguishes, what kind of fruit the event is about. I would lik...

by Path Finder in

Evaluating content of a list of JSON key/value pairs in search

I have a search where 2 of the fields returned are based on the following JSON structure: "tags" : [ ...

by Engager in

Subtract Dates/Time

Hi, can somebody explain, why I dont get any results? index=... | eval Timestamp=strftime(_time,"%d-%m-%Y %H:...

by Path Finder in

Automated an Alert with a complicated search query

Hi, I want make a report(or Alert) each month to count the Total transaction success in 1 month and compare it to 3 m...

by Communicator in

Enlist size of files and directories in acsending order

Hi, Is there a way to enlist the size of files that are indexed using the local host and universal forwarders? ...

by Explorer in

How to translate mv field extraction from SPL to configuration files?

SituationI am trying to parse events with an unrestricted number of key value pairs that might also include empty va...

by Path Finder in

inputlookup to match a field value using a variable

Hello Splunk team, I'm trying to append columns based in a search of a field (Network = Network_CIDR) in Ashland-Netw...

by Explorer in

Rest search with input from inputlook

Hi, I'm bouncing my head against the wall for this (probably) simple question.. I've got a inputlookup "index...

by Path Finder in

Sending emails using sendemail and map command not sending empty emails

I have the following question regarding using the sendemail command together with the 'map' one. Using the below se...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Limited search join

on list of _time values how to get start and end times by specific date in splunk

Need help with the format of the fields in splunk query

Why is the field count double the amount of total events?

Find Largest Files of Linux Using Splunk

Issue with Splunk Query Stats not brining in all values

help on subsearch wich truncate events

How do I add two rows with different identifiers and chart?

Can tables be used with top to display additional event fields

How to make the values in a column the column names for a table?

Work around if sub-search does not return data for a where clause.

Xml path extract field

How to combine search results in order to use Start Time and End Time from Event 1 in JMS Queue pending messages?

How can I search for same values within a field

Service logs count very less to a particular host

Hide Drop Down

Count number of diefferent field values

Evaluating content of a list of JSON key/value pairs in search

Subtract Dates/Time

Automated an Alert with a complicated search query

Enlist size of files and directories in acsending order

How to translate mv field extraction from SPL to configuration files?

inputlookup to match a field value using a variable

Rest search with input from inputlook

Sending emails using sendemail and map command not sending empty emails

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions