Splunk Search

Discussions

Thread Info

How to combine two queries into one?

I have two query that is exact same except the use of the lookup for each search. The one query includes data from a ...

by Explorer in

REST API: DBX: Specify time range

Need to run a dbxquery command via the REST API, and having trouble defining the search's time range in that context....

by Path Finder in

dnsrequest url or query help

Hi Splunk community, I am trying to determine the impact of removing Adobe Flash from our environment. I have don...

by New Member in

foreach and subsearch values

I am using a table of results a | b | c | search | d | e ===================================...

by Explorer in

Bandwidth usage from Firewall

I'm looking to create a bandwidth chart showing the bandwidth traffic our firewall over a time period and converting ...

by Engager in

Disable default sorting behavior

Context: existing Splunk installation I'm working with is not very robust when handling search requests due to sheer ...

by New Member in

Removing Single Fields From a List of Maps

Hi, I have an event json similar to:{"stages":[{"duration":12,"status":"Success","children":[{"test":"integration",...

by Engager in

Proper execution of subsearch help

So here is my existing query as it runs now sourcetype=snort[search sourcetype=snort |top limit=20 src| table src]|...

by Path Finder in

Multiple Timecharts by a field in single search

I wanted to create multiple timecharts in a single search. The scenario i am stuck in is something like this : inde...

by Engager in

Cataloging Report Notification Actions

I am looking to catalog which reports/alerts utilize which notification actions. I have a search currently that keys ...

by Engager in

<change> event firing before the user ever makes a change to the form input?

Hi all, hope all is well!I'm unsetting a token in the <change> block of a <query>. However, I'm finding that the <uns...

by New Member in

How to enable the Lookup Updater in canary app

By upgrading to splunk v8.0.5, I can no longer use the lookup updater that was previously possible with Sideview Admi...

by New Member in

Splunk split events to extract text

I have multiple events in Splunk like below : Exception:100 : *** Error 3006 Logons are disabled., Job=ABCException...

by Path Finder in

Filtering events where extracted field is not in the lookup file

Hello, I am extracting a lot of values during search (using eval & split as recommended here), one of them being `use...

by Path Finder in

table with custom width for column

I have around 15 columns in table , where i want to have fixed column width for 3columns with 30px and other remainin...

by Builder in

foreach and subsearch

I am using a table of results a | b | c | search | d | e =============================================== ...

by Explorer in

Number of events not stable in time

Hello, I wonder if you have any suggestion as to why, over time, results of a stats count may vary for a past t...

by Communicator in

Help with table results

Hi Splunk community, I am trying to determine the impact of removing Adobe Flash from our environment. I have don...

by New Member in

how to remove duplicates in appended queries

I used the below query, here some applications are like appname and some like appname.application. So I added app1...

by Communicator in

Geolocation Issue: 1 datamodel, 2 queries, 2 different results

The problem: when running two different queries, within one data model that utilize a geo ip lookup and query the ex...

by Explorer in

How to count specific data separated by pipe character ?

Hi, I have below data and would like to get count by country code. Is it possible to get it ? |21/02/2021 12:36:2...

by New Member in

Remove duplicate value from fields

I'm trying to remove the duplicates in a field as described below EVENT_No | Fieldname1 ...

by Loves-to-Learn in

Adding a blank row to the output

Hi Team How can we add a blank row to the output. I have a search followed by some outputs in table format. I w...

by Engager in

Intergrate data between two indexes

Hi, I have a search as such but it don't show the results I want (index="index1") OR (index="index2") |sear...

by Communicator in

how to get the zero valued details also in stats table?

Hi team, I prepared a stats query and it is working fine. But I need to know the Application names which are n...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine two queries into one?

REST API: DBX: Specify time range

dnsrequest url or query help

foreach and subsearch values

Bandwidth usage from Firewall

Disable default sorting behavior

Removing Single Fields From a List of Maps

Proper execution of subsearch help

Multiple Timecharts by a field in single search

Cataloging Report Notification Actions

<change> event firing before the user ever makes a change to the form input?

How to enable the Lookup Updater in canary app

Splunk split events to extract text

Filtering events where extracted field is not in the lookup file

table with custom width for column

foreach and subsearch

Number of events not stable in time

Help with table results

how to remove duplicates in appended queries

Geolocation Issue: 1 datamodel, 2 queries, 2 different results

How to count specific data separated by pipe character ?

Remove duplicate value from fields

Adding a blank row to the output

Intergrate data between two indexes

how to get the zero valued details also in stats table?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions