Splunk Search

Ask a Question

Discussions

Thread Info

how to show other field related to filtered out results with stats count in one query

Hi there, I am not sure if I am missing out the obvious but I would pretty much like to be able to run stats count...

by Observer in

How to break out multiple key-value json fields with spath and mvexpand?

Hi, I am looking for a bit guidance breaking out multi-kv pairs in json logs. For example, I have json email log...

by Builder in

Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-group_10

Hi, I have this error message and it is stopping any data being shown in data summary, I can't add any data as .zip o...

by Explorer in

Splunk query to retrieve full stack traces

HI, me. Am trying to do analysis of stacktraces in splunk for our RDMS. Essentially we can extract the spid ...

by New Member in

Eval Input Token with Backslashes

Hi @ All, i know, ther are many diskussions about this topic, but nobody sent his solution MY CODE:<input type...

by Path Finder in

Lookup time-based not working with tstats

Hi, I'm trying to configure a time-based lookup (temporal lookup) but it doesn't seem to be working as expected. ...

by Loves-to-Learn Lots in

How to force my user to specify an index

Hi, So I've been facing some challenges with some of my users and I don't really know exactly how to tackle this.De...

by Path Finder in

Extract Http status from - event text -.. [2020-11-26T11:27:56.025047450Z] "PUT /sendmail HTTP/1.1" 400 203 252 "-"...

i am trying to extract http status from below event row text using search , but could not able to get status, event...

by Loves-to-Learn Lots in

Help with output csv by combining tokens from dashboard for the filename

Here is a sample of the search, can anyone help? The query works and returns data but errors out on the output filen...

by Explorer in

Hi Team , I need Field extraction of status Error and INFO status in logs .

ERROR [monki_HMCatalogSyncJob::de.hybris.platform.servicelayer.internal.jalo.ServicelayerJob] -[J= U= C=] (monki) (00...

by Explorer in

How to get the latest violator value and its month and the number of times it has violated

Hi, I have a below search result which shows Violators as red in color. Violators are more than 2 sec I wo...

by Communicator in

How to get the full directory path to a file? (e.g. dirname)

Similar to the Regex to find a directory in a path question, how does one find the full directory path to an file (e....

by Path Finder in

Regex to find a directory in a path

I have these paths as sources for an index (the paths are linux file system paths) /usr/local/myfiles1/myfacilityA...

by Explorer in

How do I compare search results from two different time periods?

I have shown the queries I made with set diff and eval below. My aim is to compare the report of 07:00 to 07:00 of th...

by Path Finder in

How to replace join command with any other alternative command for the below query?

index=105261-cli sourcetype=show_processes_cpu pid=0| dedup deviceId| fields deviceId, idle, fiveMinutes| eval cpuLoa...

by Engager in

search optimization: getting values with tstats for fields that are sometimes NULL

Search optimization question for y’all: We have an accelerated data model to try to drive improved performance for so...

by Contributor in

creating a correlation search for data exfiltration via email using datamodel

Hi all, I am trying to create a correlation search query for "data exfiltration via email" using email datamodel ...

by New Member in

Is there a SPL query pattern that can perform hierarchical counting?

Is there a SPL query pattern that can perform "hierarchical counting" beyond the two levels of depth outlined in thes...

by Engager in

List of events from transactions starting with A

Hi all, I am using data from 3 different indexes. They contain events which can be attributed to specific transacti...

by Loves-to-Learn Everything in

How to count filled and blank cells in excel spreadsheet by writing splunk query?

I need help on splunk query that will count both filled and empty cells in excel spreadsheet differently and give th...

by Path Finder in

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

Like the title says - how are individual searches in a multisearch handled? Are they distributed across any/all ava...

by Builder in

How to extract multiple hostname from one regex search in globalprotect logs?

Hi everyone, I'm trying to create a simple list with all the devices found on the logs from globalprotect. The dea...

by Explorer in

List of all indexes containing access logs

Hello all, and thanks for the assistance ahead of time. How can I produce a list of all Splunk index names for indexe...

by Engager in

Extract multiple words in a filed

Hi, I have some syslog logs and I need to extract the first words of a field values. The field value starts like th...

by Communicator in

Transaction command - Way to change from timestamp to a different field?

Good morning all, I'm leveraging the transaction command in order to gather statistics around the duration of my re...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to show other field related to filtered out results with stats count in one query

How to break out multiple key-value json fields with spath and mvexpand?

Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED___default-autolb-group_10

Splunk query to retrieve full stack traces

Eval Input Token with Backslashes

Lookup time-based not working with tstats

How to force my user to specify an index

Extract Http status from - event text -.. [2020-11-26T11:27:56.025047450Z] "PUT /sendmail HTTP/1.1" 400 203 252 "-"...

Help with output csv by combining tokens from dashboard for the filename

Hi Team , I need Field extraction of status Error and INFO status in logs .

How to get the latest violator value and its month and the number of times it has violated

How to get the full directory path to a file? (e.g. dirname)

Regex to find a directory in a path

How do I compare search results from two different time periods?

How to replace join command with any other alternative command for the below query?

search optimization: getting values with tstats for fields that are sometimes NULL

creating a correlation search for data exfiltration via email using datamodel

Is there a SPL query pattern that can perform hierarchical counting?

List of events from transactions starting with A

How to count filled and blank cells in excel spreadsheet by writing splunk query?

Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads?

How to extract multiple hostname from one regex search in globalprotect logs?

List of all indexes containing access logs

Extract multiple words in a filed

Transaction command - Way to change from timestamp to a different field?

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions