Splunk Search

Discussions

Thread Info

Finding Events Between Other Events

I might be confusing myself by making this harder than it is... Say I have a log where the events are: LOGINACTIO...

by Observer in

Eliminating "duplicate" rows

I am trying to construct an alert for someone when there is a duplex-mismatch on our network switches. When it happen...

by Builder in

Input lookup and matadata truncates the logs

Hi All, Can you please help me with my problem? I would like to check all the hosts in the CSV file which are for s...

by Explorer in

Need the output of list of usernames and timestamp of the event in the splunk string

Need the output of list of usernames and timestamp of the event in the splunk string for below event. We ...

by Explorer in

combine events from index and inputlookup

Hello, I would like some help I am trying to combine 2 events from my index and 2 event coming from a lookup file...

by Path Finder in

Filtering search results

I'm a new user of Splunk 6.5.7. I have a search but only want results for 288 specific customerIDs. This would be a ...

by Engager in

Split Multiple data in column with mutliple delimiter

Hello ! I am sorry if the issue has already been addressed. Several topics talk about it but I haven't been able t...

by Explorer in

Eval based on multivalue field and _time

I have a set of results with _time, many single value fields, and a multivalue field which contains a large set of ep...

by Communicator in

Get source logs from pod

Hello,I'm really a newbie with Splunk and just started to use it.First, can someone recommend me good tutorials about...

by New Member in

How can I avoid browser freeze when searched records are long with no newlines

When I do some searches I get records which are very long and have no newlines. The browser (Firefox in my case) effe...

by Explorer in

Why is my newly created field extraction not showing up in the fields sidebar?

I've seen similar questions to mine asked, but none of the advice has solved my issue. I created a new field extra...

by Explorer in

Need Help with query

Trying build a time chart for Top 10 CPU consuming Processes for a Linux host for a given timeframe. in...

by Path Finder in

I'm trying to search between 2 indexes that correlates field value to return back certain fields.

I'm trying to search between 2 indexes that correlates field value to return back certain fields. For example index...

by Path Finder in

Why search can return 200 result but stats count by host shows 0 result

I used query index=testindex _raw=* and successfully returned 200+ result. However, when I added stats index=testin...

by Engager in

Find values for specific distinct counts

Hello all! I was hoping to take a distinct count and show either the count, or if the count is 1, show the value th...

by Explorer in

way to run mulitple fields against a lookup, with OR statement

I am trying to run two fields against one column using a lookup. This SPL does not work, but conveys what I am try...

by Path Finder in

Duplicate Entries in Table

While using the table for bro conn data, I am getting duplicate data; however, if I use mvdedup, I get all the desire...

by Path Finder in

Multivalue fields difference on multiple records

Hello folks, I am having a hard time getting the difference between two fields of the same record, where the search...

by Explorer in

Merging TWO Timecharts overlay-One on Top of One Another

I have the following search. index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="...

by Communicator in

Exclude statusCodes that are Not Three Digits

I'm trying to pick up the status codes for a given api, 4XX and 5XX. I've typically done this with something like th...

by Explorer in

Trouble With Ticker Not Populating

Hello, This is a follow up post to my recent post on "Trouble with Hidden Panel Passing Value". I am having an issu...

by Path Finder in

how to find the earliest and latest event in an index?

I simply looking for the fist event in an index and the last... to determine how long it took to index x data. any...

by Contributor in

Combining different searches into one search with different sources to produce one table view?

Hello I wanted to request some assistance with the topic of combining different searches from the same index and sa...

by Path Finder in

Create Search using REST/JSON

I can successfully create a search job with the help of the docs using a Curl command: curl -u "userName" -k https:...

by Engager in

Panels take time to change

Hi All, I am trying to display panel-One when selected One from the dropdown option, and panel-Two when selected Tw...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Finding Events Between Other Events

Eliminating "duplicate" rows

Input lookup and matadata truncates the logs

Need the output of list of usernames and timestamp of the event in the splunk string

combine events from index and inputlookup

Filtering search results

Split Multiple data in column with mutliple delimiter

Eval based on multivalue field and _time

Get source logs from pod

How can I avoid browser freeze when searched records are long with no newlines

Why is my newly created field extraction not showing up in the fields sidebar?

Need Help with query

I'm trying to search between 2 indexes that correlates field value to return back certain fields.

Why search can return 200 result but stats count by host shows 0 result

Find values for specific distinct counts

way to run mulitple fields against a lookup, with OR statement

Duplicate Entries in Table

Multivalue fields difference on multiple records

Merging TWO Timecharts overlay-One on Top of One Another

Exclude statusCodes that are Not Three Digits

Trouble With Ticker Not Populating

how to find the earliest and latest event in an index?

Combining different searches into one search with different sources to produce one table view?

Create Search using REST/JSON

Panels take time to change

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions