Splunk Search

Discussions

Thread Info

Sourcetype not same in index & tstats

I am trying to create a query using tstats from datamodel Malware, one of the sourcetype 'abc' that i want to includ...

by Loves-to-Learn Lots in

Results on daily basis with rangemap

My Query : --- | stats count by "response time" | rename "response time" as "time_taken" | rangemap field=time_taken ...

by Engager in

How to input a file and retrieve output in splunk dashboard?

Hi Team, I have a query that executes in my dashboard. I want to provide the input as a CSV file(with list of IDs) an...

by Explorer in

Help with Stats count expression??

Hi Everyone, I'm newer-ish to splunk. I'm doing a search similar to this in splunk : index=mfa sourcetype=lexus Su...

by Explorer in

count events by day when stats has multiple BY clause

Goal - I am searching for "number of actions per unique customer" metrics from API metric logs.below is my query. Be...

by Observer in

Maniupulating _time to remove 0 values from line chart

I have a line chart in which I'm trying to monitor response time for a certain network call. I want to see the averag...

by Observer in

Eval JSON_EXTRACT Issues

All, I'm working on extracting some key info out of an Ansible HEC collector. I'm hoping to use json_extract stuff...

by Explorer in

Extracting fields from nested JSON event

I have a very complex nested JSON event and need to extract 2 fields. I've managed it with less complicated ones but ...

by Motivator in

How to correlate an event using two different indexes?

I'm trying to create a query that will provide me with events that use two indexes. The results are to show events wh...

by Explorer in

Extracting new fields from data in another field

Hi gurus, I am new to Splunk but have this task that I'm stumped on: I have a query that looks like this: i...

by Engager in

Spl

Hello Splunkers, Can you please guide me, my assignment_group column is not populating. Any issues i have done whil...

by Motivator in

Reporting

Hi Splunkers!Hope you guys are doing good. I'm working on a usecase where I have to show daily chart of overall resul...

by Path Finder in

get data by time

hi all, in my original search im getting data by folloing command: | stats range(_time) as timetaken by Cor...

by Path Finder in

Using regex to extract multiple values between tags

The event contains a 'before' and 'after' list of permissions and users SIDs, I can get splunk to extract the entire ...

by Path Finder in

regex expression look behind issue

I have the following string: "userEmail":"someString/ab-cde-fgh-2020.domain.com@DOMAIN.COM" ABC DEF, "user...

by Observer in

How can I split (delimit) and select only certain value?

IP Field in IIS log is like below. 100.30.24.56,+11.44.66.778,+120.33.44.15,12.567.89.666 I want to get only the ...

by Engager in

Trick : alert even if no result

Hello guys, found out we can set up triggered alert if "greater than or equal to 0", had to use additional stats co...

by Motivator in

I am not able to open a ticket from you submit ticket option its giving 404

support ticket I want to open but I am getting this,

by Observer in

Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH.

Hello, I have a problem where fields are not showing on the Field Sidebar when i run a search against certain index...

by Path Finder in

Another Join Question - Searches With Matching sourcetype but Different index

I have read through almost every Join label topic on the Splunk Community page and I don't seem to see one that fits ...

by Path Finder in

Execute a Search if the condition is met else not

Hi Splunkers, I am writing on SPL in the report which has lookup. And if the lookup has less number of rows the...

by Explorer in

How to compare two fields from two different index and display results with match or No-match?

I am running 2 different Index and have to compare each value in field 1 from 1st index with the values in field2 fro...

by Loves-to-Learn Lots in

Is there a REGEX character limit on field replacement in transforms.conf?

I have data that is in json format but I only want to keep the value of the MESSAGE field from it. I created a transf...

by Path Finder in

Is there a way to format a string when it's used to fillnull?

I have created a dashboard that is monitoring the number of events received at corporate to the number of events repo...

by Path Finder in

How to match string and apply stats count on a stats count table

I have a requirement to fetch stats count from raw data logs. Sharing you the query and results. Query : index="bw6...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Sourcetype not same in index & tstats

Results on daily basis with rangemap

How to input a file and retrieve output in splunk dashboard?

Help with Stats count expression??

count events by day when stats has multiple BY clause

Maniupulating _time to remove 0 values from line chart

Eval JSON_EXTRACT Issues

Extracting fields from nested JSON event

How to correlate an event using two different indexes?

Extracting new fields from data in another field

Spl

Reporting

get data by time

Using regex to extract multiple values between tags

regex expression look behind issue

How can I split (delimit) and select only certain value?

Trick : alert even if no result

I am not able to open a ticket from you submit ticket option its giving 404

Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH.

Another Join Question - Searches With Matching sourcetype but Different index

Execute a Search if the condition is met else not

How to compare two fields from two different index and display results with match or No-match?

Is there a REGEX character limit on field replacement in transforms.conf?

Is there a way to format a string when it's used to fillnull?

How to match string and apply stats count on a stats count table

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!