Splunk Search

Ask a Question

Discussions

Thread Info

Extract values from field conditionally on other field value

Hi Splunkers, Below is my issue: Having multiple xml files, I need to monitor all the files and extracted the val...

by Contributor in

Show multiple machines for lockouts

Hi all, A past consultant of ours wrote the following correlation search to detect excessive user account lockouts:...

by Explorer in

three queries that produce tables, need to combine the results into one table

Need some help with and advance joining of 3 queries I have three queries that produce tables, I need to combine t...

by Engager in

Creating drilldown to new tab for auto search without adding custom search

I am trying to make it so if a user clicks on any cell in a Dashboard showing a Statistics table, that will result in...

by Engager in

There are 2 timestamp formats in a log file

<Jan 10, 2021 6:58:06 PM CST> <Info> <WorkManager> <BEA-002942> <CMM memory level becomes 0. Setting standby thread p...

by Loves-to-Learn Lots in

Functionality of keepevicted not clear

I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still no...

by Contributor in

Combining 2 regex searches to a single one breaks the output results | Shows complete event instead of regex filtered

I have an index cloud_stats on which I need to create a daily error count by source report, so that we can work on th...

by Engager in

What's Wrong With This Query?

Hoping to filter a search based on a list of values from a subquery where in both cases it's matching against a rex'd...

by Engager in

Match fields in different searches and send alert

Hi, I have two searches Search 1 = index="appv" sourcetype="AppV-User" *PUT /package* Search 2 = index=...

by Path Finder in

Filter search by subsearch values

Hi,What's the best way to filter a search against a set of unique id's in a subsearch? Currently, approaching it as...

by Engager in

Find the most common individual characters in a field

Hi longtime splunker, first time poster so my goal here is to find the most common and uncommon characters in a fie...

by New Member in

field value appears to be null

I'm running a search (below) that has results that sometimes in certain fields will display in the gui as empty (null...

by Explorer in

Splitting field then searching each result

We are monitoring users who are deleting tables in our system. We have a field "user_query" which I want to parse by ...

by Explorer in

extract a value from raw field

Hi , There is a way to extract a value from field even there is no = between Key and Value? After extracting I want...

by Explorer in

Timecharts and how to avoid "no results found inspect"

I'm trying to avoid "no results found. inspect" message when my query returns 0 value. I just want an empty chart to ...

by Contributor in

Start time and End Time of Multiple Autosys Job runs for the same Jobname.

Hello Folks, I am having some Autosys Job that runs multiple times in a day, having status lifecycle of Starting, ...

by Explorer in

timechart returning no results

Helloim trying to count the number of events of each alert the alerts are saved in a lookup file which looks like thi...

by Communicator in

How to merge two field as sourcetype?

Hi, I wanna merge two fields into sourcetype as below: props.conf [source::/path/to/folder/*]sourcetype = coale...

by Path Finder in

How do I remove the chart on the top of the PDF?

I'm running a report on Splunk 6.x and would like to remove the chart on the top of my PDF that is rendered?

by Splunk Employee in

Need to get response time and tps in a single dashboard

Hi Team, I would like to get response time and transaction per second in one graph timechart. Kindly help with the ...

by Explorer in

IIS logs

I am learning Splunk and playing with different log types. So far I have exported the CSV files and played around. I ...

by New Member in

Python SDK - mTLS support

Hi,I want to Authenticate a client(written in Python) to Authenticate against Splunk using mTLS.I can use splunklib.c...

by New Member in

conditional search via based on total count

Hello, Here is my search output. I want see , if Count of "Down" > "Up" criteria. Than I can understand, interface...

by Explorer in

Search peer intermittently reported down

Quite often I saw this warning from dashboard panels.I have no cue what happened with following message. The search p...

by Explorer in

Calculating Average and Standard Deviation of a Type of Log per Week returns wrong results if searching for all Types

Hi all, I'm new here, so please let me know if I'm doing anything wrong. Otherwise, the below is my issue. Say for ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract values from field conditionally on other field value

Show multiple machines for lockouts

three queries that produce tables, need to combine the results into one table

Creating drilldown to new tab for auto search without adding custom search

There are 2 timestamp formats in a log file

Functionality of keepevicted not clear

Combining 2 regex searches to a single one breaks the output results | Shows complete event instead of regex filtered

What's Wrong With This Query?

Match fields in different searches and send alert

Filter search by subsearch values

Find the most common individual characters in a field

field value appears to be null

Splitting field then searching each result

extract a value from raw field

Timecharts and how to avoid "no results found inspect"

Start time and End Time of Multiple Autosys Job runs for the same Jobname.

timechart returning no results

How to merge two field as sourcetype?

How do I remove the chart on the top of the PDF?

Need to get response time and tps in a single dashboard

IIS logs

Python SDK - mTLS support

conditional search via based on total count

Search peer intermittently reported down

Calculating Average and Standard Deviation of a Type of Log per Week returns wrong results if searching for all Types

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions