Splunk Search

Discussions

Thread Info

splunkd_ui_access logs

Im trying to create some dashboards to make reading _internal logs easier. I'm trying to figure out what all for the ...

by Communicator in

How to extract a csv data fields message data into fields?

I have a field message that whenI run the search index=example123 host=5566 |search "*specials word*" I table ...

by Communicator in

[Advice/Help] Lookup Table search taking long

Hello All, Can ya'll give me advice on why my query taking so long? In a dashboard it just times out and regular v...

by Engager in

Field from Automatic Lookup (KV Store) not usable

I have a KV Store with replicate turned on, a lookup definition with WILDCARD(match_field), and an automatic configur...

by Contributor in

How to join two queries and show not contain value

Good day, I am pretty new to Splunk and want a way to join two queries together.Query 1 - Gives me all of my assets ...

by Path Finder in

Want To extract values from query output and create a table

Here is the my output data. i want to create a table for path and responsetime . can you please help. Expecting out...

by Loves-to-Learn Everything in

Emulating FULL OUTER JOIN

Hi, I have to tables: ID name 1..A 2..B ID Error 1..bla1 1..bla2 so Id like a table which is like...

by Communicator in

BIN - incorrect buckets

In my case there is an index with field OP which has a duration TT . Of course there are a lot of records with differ...

by Path Finder in

Reuse token across different indexes/ searches

Hi Based on a Multiselect reading from index="pm-azlm_internal_prod_events" sourcetype="azlm" I...

by Path Finder in

Find all assets in splunk

Hi, I am new to Splunk and would like to build a dashboard to find all hosts in environment. This should query all lo...

by Path Finder in

Field that exist is not showing in search report

Hello all, I have a query which creates a table similar to the following: | table S42DSN_0001 S42DSN_0010...

by Engager in

unable to use loadjob to access field value of a previous savedsearch

I am trying to get value of a field from a previous scheduled savedsearch in a new field using loadjob, however unabl...

by Explorer in

Log Analysis Request for IP Address Values

I need to perform an analysis based on a lookup file named checkin_rooms.csv, which includes a column confroom_ipaddr...

by Explorer in

Help optimising search

Hi - I am currently looking to optimise the search below as it is using a lot of search head resource: in...

by Observer in

How can I filter all events on one field by a value in another field?

We pull weekly vulnerability reports from Splunk associated with our Qualys data. I am trying to filter out all reco...

by Path Finder in

Line breaking odd issue

I'm working with a 9.1.2 UF on Linux. This is the props.conf [stanza] # # Input-time operation on Forwarde...

by Contributor in

How get data lookup from other remote peer?

Hi all, Can Splunk get data lookup from remote peer server ?The problem is, because we have many Splunk servers, s...

by Explorer in

How to Find Unique Buildings Present in One Search but Not in Another

Hi Splunk Community, I have a query that retrieves building data from two sources and I need assistance in identif...

by Explorer in

Need to calculate difference between two epoch timestamps from different searches

Hi Community, I need to calculate the difference between two timestamps printed in log4j logs of java application fro...

by Explorer in

how to get data last 15minutes data from last 7 days time range saved search?

I have a saved search which is scheduled for every 17mins with time range of last 7 days. instead of getting results ...

by Engager in

How to export to CSV when fields have commas

My data has a tables{}.values{} containing a list of lists. Within each list there is data. Sample data below. When I...

by Path Finder in

How to generate a baseline on a timechart using a value from a lookup table

I have a search that captures a specific product code, calculates the total number of units attributed to the product...

by Path Finder in

Using basesearch with subsearch

I nabbed some searches from our license server/monitoring console and placed them in the search head cluster so that ...

by Builder in

Splunk Query Help!

I Have Service_names (A, B ,C ,D, E, F, G, H, I J, K, L , M) but want (C ,D, E, F, G, H, I J, K, L , M ) servic...

by Communicator in

Splunk Search help!

I Have ServiceNames (A, B ,C ,D, E, F, G, H) but want (C ,D, E, F, G, H ) ServiceNames combined results and renam...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

splunkd_ui_access logs

How to extract a csv data fields message data into fields?

[Advice/Help] Lookup Table search taking long

Field from Automatic Lookup (KV Store) not usable

How to join two queries and show not contain value

Want To extract values from query output and create a table

Emulating FULL OUTER JOIN

BIN - incorrect buckets

Reuse token across different indexes/ searches

Find all assets in splunk

Field that exist is not showing in search report

unable to use loadjob to access field value of a previous savedsearch

Log Analysis Request for IP Address Values

Help optimising search

How can I filter all events on one field by a value in another field?

Line breaking odd issue

How get data lookup from other remote peer?

How to Find Unique Buildings Present in One Search but Not in Another

Need to calculate difference between two epoch timestamps from different searches

how to get data last 15minutes data from last 7 days time range saved search?

How to export to CSV when fields have commas

How to generate a baseline on a timechart using a value from a lookup table

Using basesearch with subsearch

Splunk Query Help!

Splunk Search help!

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!