Splunk Search

Ask a Question

Discussions

Thread Info

Why is my newly created field extraction not showing up in the fields sidebar?

I've seen similar questions to mine asked, but none of the advice has solved my issue. I created a new field extra...

by Explorer in

Need Help with query

Trying build a time chart for Top 10 CPU consuming Processes for a Linux host for a given timeframe. in...

by Path Finder in

I'm trying to search between 2 indexes that correlates field value to return back certain fields.

I'm trying to search between 2 indexes that correlates field value to return back certain fields. For example index...

by Path Finder in

Why search can return 200 result but stats count by host shows 0 result

I used query index=testindex _raw=* and successfully returned 200+ result. However, when I added stats index=testin...

by Engager in

Find values for specific distinct counts

Hello all! I was hoping to take a distinct count and show either the count, or if the count is 1, show the value th...

by Explorer in

way to run mulitple fields against a lookup, with OR statement

I am trying to run two fields against one column using a lookup. This SPL does not work, but conveys what I am try...

by Path Finder in

Duplicate Entries in Table

While using the table for bro conn data, I am getting duplicate data; however, if I use mvdedup, I get all the desire...

by Path Finder in

Multivalue fields difference on multiple records

Hello folks, I am having a hard time getting the difference between two fields of the same record, where the search...

by Explorer in

Merging TWO Timecharts overlay-One on Top of One Another

I have the following search. index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="...

by Communicator in

Exclude statusCodes that are Not Three Digits

I'm trying to pick up the status codes for a given api, 4XX and 5XX. I've typically done this with something like th...

by Explorer in

Trouble With Ticker Not Populating

Hello, This is a follow up post to my recent post on "Trouble with Hidden Panel Passing Value". I am having an issu...

by Path Finder in

how to find the earliest and latest event in an index?

I simply looking for the fist event in an index and the last... to determine how long it took to index x data. any...

by Contributor in

Combining different searches into one search with different sources to produce one table view?

Hello I wanted to request some assistance with the topic of combining different searches from the same index and sa...

by Path Finder in

Create Search using REST/JSON

I can successfully create a search job with the help of the docs using a Curl command: curl -u "userName" -k https:...

by Engager in

Panels take time to change

Hi All, I am trying to display panel-One when selected One from the dropdown option, and panel-Two when selected Tw...

by Explorer in

Is there a setting to increase the "results per page" value when you show source?

When I go to show source on an event, the maximum number of results I can display is 1000 (the "Results per page" dro...

by Motivator in

Need to create trellis view

Hi, I have the below table: File_System Disk_Usage \logs 41 \opt ...

by Contributor in

Splunk search bug on all data index but work well on few data

Hi all, I'm creating couple of events with command : | streamstats window=2 list(PI_Event_Status) as status...

by Engager in

How to extract value using rex?

Hello, please, can you tell me how transform and extract value Timeout from next log: [Error] POS Card Validation...

by Path Finder in

Query to find devices are Commissioning and Decommissioning

Need Query which we can track to find which Log sources are Commissioning and Decommissioning in SPlunk and generate ...

by Engager in

Extract distinct values from an response array that has partial text using RegEx

I have an array that would be presented in an API response which is being logged in Splunk and the array format is li...

by Observer in

Splunk TA for Symantec Brightmail

Anyone have TA for Symantec brightmail.

by New Member in

help for retrieving events during the week only

hi I use this search in order to retrieve events between 9h and 17h Now I also want to catch the events only betw...

by Motivator in

How to have field populate once

Hello Splunk Community, I have encountered a easy, yet tricky situation. I was told chart command works just like ...

by Communicator in

csv file exclude

Hi, I will create an alert that tracks Windows (event id = 4726 - A user account was deleted) events.I have a user ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my newly created field extraction not showing up in the fields sidebar?

Need Help with query

I'm trying to search between 2 indexes that correlates field value to return back certain fields.

Why search can return 200 result but stats count by host shows 0 result

Find values for specific distinct counts

way to run mulitple fields against a lookup, with OR statement

Duplicate Entries in Table

Multivalue fields difference on multiple records

Merging TWO Timecharts overlay-One on Top of One Another

Exclude statusCodes that are Not Three Digits

Trouble With Ticker Not Populating

how to find the earliest and latest event in an index?

Combining different searches into one search with different sources to produce one table view?

Create Search using REST/JSON

Panels take time to change

Is there a setting to increase the "results per page" value when you show source?

Need to create trellis view

Splunk search bug on all data index but work well on few data

How to extract value using rex?

Query to find devices are Commissioning and Decommissioning

Extract distinct values from an response array that has partial text using RegEx

Splunk TA for Symantec Brightmail

help for retrieving events during the week only

How to have field populate once

csv file exclude

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions