Splunk Search

Ask a Question

Discussions

Thread Info

Comparing the 2 string fields

Is there any function to find degree of similarity between 2 string I want to compare current incident short_desc...

by Engager in

Is it possible to find the most common value of a field per user?

Hi, Is it possible to find out the most common value of field=A for every user? I would expect something like t...

by Motivator in

Splunk search for 2 deferent log line from 2 deferent sources

Hello Forum I am facing problem related with 2 lines search my logs has information like this 1: data receive...

by Loves-to-Learn in

Calculate Average in same field

I like to take sum the "count" where "Core Content" field's first 2 max values, Finally divide them by total count....

by Explorer in

Calculating sum from 2 tstats

Hi guys,I'm hoping for a bit of a help.My total_bytes and src_zone aren't populating. I tried few things at groupby s...

by Path Finder in

Compare several fields from 2 indexes

I have two indexes: INDEX1 and INDEX2. In these indexes have the same fields: FIELD1, FIELD2, FIELD3 but they can hav...

by Explorer in

How to compare values in fields from 2 indexes?

I have 2 indexes: index1 and index2. I need to compare values in both indexes and show only differences in fields. In...

by Explorer in

help on a pie slice with drilldown

Hi I use the search below in order to display a pie chart and to change the label of each pie slice ...

by Motivator in

How to group values using wildcard

index=**** Name=GOKI|stats count by SK SO This is the result that I get now. SK SO COUN...

by New Member in

Conditional Macros

Hi, In view of this answer it is not possible to put a macro in a yew, but is it still valid? https://community.s...

by Engager in

How to search inside file contents of uploaded events?

Hoping someone can help, reasonably new to Splunk. I have a number of Splunk events that are uploaded small text f...

by Explorer in

count by wildcard in field value

Hi, I've following issue: Ive a dataset containing data likeOrder number = 12345Description = "AB: jdkjsd"planned_d...

by Loves-to-Learn in

How do you calculate the difference between two date/time with seconds.

I am trying to calculate difference between two dates including seconds. But i am unable to find any logs. Please h...

by Contributor in

How to pass a variable as the output column name in the lookup command?

Hello, Having trouble understanding lookups. Any help would be appreciated. If I have a table with ID and User c...

by Explorer in

Need some help on rex command - User agent

Hi I have created the below rex command based on user agent using regular expression " regex101.com". The below re...

by Path Finder in

Seeking help to create a dashboard for Antivirus alerts in splunk

Hi community, Need your help..! is there any possibility that we can create a dashboard for AV related issues or no...

by Path Finder in

way to use case insensitive fields - Not Value

Mydata is like below where the customerNumber can come like CustomerNumber or customernumber or CUSTOMERNUMBER AND ...

by Explorer in

Extract IP address from event log

Hi! Need help with this please. I have to extract the IP address from this: src=45.141.87.33:53402:X19 value ...

by Engager in

Correlate events across Sources

Hey all! I've seen similar Splunk Help answers similar to mine but I'm having some issues with getting it to work ex...

by Explorer in

Alternatives to mvexpand for decreasing memory usage

Hello! I have some JSON events that each look something like this: { "id": 12345, "steps": [ { "stepName": "A",...

by Observer in

Haversine Issue

Hello, I am working with a GPX file and installed the haversine app to calculate the distance between lat/lon coor...

by Explorer in

Inputlookup command not working

Hi all, I have been trying to use a search in order to compare two results. One is my lookup and one with an ldapse...

by Communicator in

How to fetch relevant data from the different log lines based on a unique ID ?

Hi There, I need to fetch some data based on a unique ID from the different log lines can you ple...

by Explorer in

Missing seconds in Realtime query with 10ms span on python-sdk

Hi, i'm trying to get Splunk realtime results using splunk's python-sdk. Everything works well, but in the results,...

by Explorer in

Rename the Values in the Json fields

Hi, Could someone please help me with the rename of the string Values in the fields. I want to remove the spaces ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Comparing the 2 string fields

Is it possible to find the most common value of a field per user?

Splunk search for 2 deferent log line from 2 deferent sources

Calculate Average in same field

Calculating sum from 2 tstats

Compare several fields from 2 indexes

How to compare values in fields from 2 indexes?

help on a pie slice with drilldown

How to group values using wildcard

Conditional Macros

How to search inside file contents of uploaded events?

count by wildcard in field value

How do you calculate the difference between two date/time with seconds.

How to pass a variable as the output column name in the lookup command?

Need some help on rex command - User agent

Seeking help to create a dashboard for Antivirus alerts in splunk

way to use case insensitive fields - Not Value

Extract IP address from event log

Correlate events across Sources

Alternatives to mvexpand for decreasing memory usage

Haversine Issue

Inputlookup command not working

How to fetch relevant data from the different log lines based on a unique ID ?

Missing seconds in Realtime query with 10ms span on python-sdk

Rename the Values in the Json fields

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions