Splunk Search

Discussions

Thread Info

What Cron schedule can we use to run report on first Monday of each month?

Please help share the exact cron schedule that can be used here. Existing posts are not helping Thanks

by Explorer in

Superset of data fragments / Compress diagonal data with extra obstacles

I have three tables. Each has one or more ID fields (out of ID_A, ID_B, ID_C) and assigns values Xn, Yn, Zn to these ...

by Path Finder in

Need help on a query

|msats sum(count-error) as Failed where index=metrics_index by service errorNumber errortype Results...

by Communicator in

Compare 2 source types within the same index and find the Gap

Hello, How do I compare 2 source types within the same index and find the Gap. For Example: index=compare sourcetyp...

by Motivator in

strptime works when using makeresults, but not with actual results

I have a dataset of user data including the user's LastLogin. The LastLogin field is slightly oddly formatted but ver...

by Path Finder in

applying current time multiple times (per specific event)

Hello Everyone I'm trying to calculate the "time_difference" between one column and another in Splunk. The problem ...

by Engager in

Need Help on Splunk query

open the "Search & Reporting" application, and find through SPL searches against all data the password utilized durin...

by Observer in

How to include the country in the PIE chart

Hi Can anyone help me with below query I have created a pie chart based on the error message, however i am not ...

by Path Finder in

How to compare pervious hour events with present hour

I want to compare pervious hour data with present hour data and get the percentage using below query. |mstats s...

by Communicator in

Why is field missing in piechart?

Hi All, Need your support in resolving an issue in a pie chart. I can see the below-mentioned results in statistic...

by Builder in

Adding data to the table from subsearch

Hey, I have a problem preparing a Splunjk query. Could you assist me? I have a simple query that returns a table wi...

by Engager in

How to show Total time elapsed time in splunk dashboard?

Hi Guys, I am using timeline visualization in my Splunk dashboard to show total elapsed time. But in some times its...

by Builder in

How to get TOP 3 values from STATS list()

Hello Everyone, I am trying to get the top 3 max values of a field "elapseJobTime" for all the instances associate...

by Explorer in

Search Query Help!

Hello, I am looking for my search results for only 6pm to 9pm over the last 90 days. How can I achieve this with the ...

by Communicator in

Require to extract info from messages and create table

Below I provided a sample trace where we have message with below format Error_Request_Response for URI: {}, an...

by Engager in

How to show two json response in single field?

Hi Guys, I want to show two field values into single column in a table .query and sample logs given below. ...

by Builder in

Using input file but only want select results returned

I have a dashboard where I have 4 multi select boxes and a input file with all possible results for each app. When t...

by Explorer in

How can I use login and logout events for specific UserIDs to determine concurrent users at a given time?

These are the fields I'm using - Body, ATNVersion, operatingsystem, osversion, MID

by Loves-to-Learn in

How to create graph based on Std deviation & Avg

Hi Can anyoine suggest me how to create Avg & Std Dev graph from the fields

by Path Finder in

Need help to calculate percentage.

|mstats sum(Transactions) as Transaction_count where index=metrics-logs application=login services IN(get, put, delet...

by Communicator in

All Time Search Earliest Workload

<search> <query>index="ourIndex" sourcetype=$stype$ABC AND Is_Service_Account="True" OR Is_Service_Account="False" ea...

by Engager in

extract part from url

https://www.nike.com/in/t/air-max-90-lv8-shoes-5KhTdP/FD4328-102 https://www.nike.com/in/t/air-max-dn-shoes-FtLNfm/...

by New Member in

Splitting a field after combining fields

So, I have two indexes and sourcetypes with the following fields: index1 and sourcetype1: aip = 34.465.45.234 ...

by Path Finder in

How to detect xz-lib CVE-2024-3094 with Splunk® Enterprise

How to detect CVE-2024-3094 with Splunk?

by SplunkTrust in

How to find out failed durable searches

Good day All, We have enabled the searches as durable searches. In our environment due to any one or other activit...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What Cron schedule can we use to run report on first Monday of each month?

Superset of data fragments / Compress diagonal data with extra obstacles

Need help on a query

Compare 2 source types within the same index and find the Gap

strptime works when using makeresults, but not with actual results

applying current time multiple times (per specific event)

Need Help on Splunk query

How to include the country in the PIE chart

How to compare pervious hour events with present hour

Why is field missing in piechart?

Adding data to the table from subsearch

How to show Total time elapsed time in splunk dashboard?

How to get TOP 3 values from STATS list()

Search Query Help!

Require to extract info from messages and create table

How to show two json response in single field?

Using input file but only want select results returned

How can I use login and logout events for specific UserIDs to determine concurrent users at a given time?

How to create graph based on Std deviation & Avg

Need help to calculate percentage.

All Time Search Earliest Workload

extract part from url

Splitting a field after combining fields

How to detect xz-lib CVE-2024-3094 with Splunk® Enterprise

How to find out failed durable searches

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...