Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to achieve stats count eval chart?

Dear Splunk community: I have the following search query: <BASIC_SEARCH> | chart count by path_template, h...

by Path Finder in

How to find a alert/dashboard running from a query in the jobs page?

Hi all. I have a running query I see on the jobs page on Splunk but I cannot find the related alert/dashboard it's...

by Explorer in

What is the different between line exist in file and events of Splunk?

Hi I've index a 12MB file in splunk but have different between line of file and event of splunk file = 114...

by Motivator in

How to make a field extraction with field with and without ':'?

Hi, I am struggeling with field extractions. I have two fields that I want to extract. But the problem is som...

by Path Finder in

How to calculate difference between multiple fields?

Hi Splunk experts - I have an unusual math problem on my hands and I'm not sure how to deal with it. We are trying to...

by Communicator in

Alerts that go on waiting status causes next alerts to not trigger?

Hello, We have several alerts which occasionally go in status waiting (correponding jobs) and stay like ...

by Builder in

How to use "original" search value if map has no result?

Hi Splunkers, I use many alerts where the result contains the username. Then a map search looks for this user, in ...

by Path Finder in

How to calculate through bin command ?

Hi all, I would like to use bin command to make the demo data sets into 10 bins according to Exe_time and list Subs...

by Path Finder in

Can I use lookup for whitelisting based on 2 columns?

I have to whitelist fields based on 2 columns in a lookup, but the second column has multiple values. So we have to...

by Explorer in

Compatible issue with the app Whois- are there any alternatives?

Hi, I am looking for alternative app like WHOIS app(excute a whois lookup on the given domain/given ip) from splun...

by Path Finder in

How to count hits per minutes?

My search is not working. I want to get Hit per minutes like this But my search dont have any about that:

by Explorer in

Using wild card in table column formating

I want to change the column cell background based on the value, but I also want to use a wild card. Example Field v...

by Explorer in

How to combine index queries from different field names?

I have two indexes: IndexA has a `thisId` field. IndexB has fields `otherId` and `name`. I want to write a q...

by Explorer in

Why do match and like not working for some users?

Hello Splunkers!!We have a dashboard which works on the loadjob. When users try accessing the dashboard, they are get...

by Path Finder in

How to extract, kv pair from jvm_cmd value & print those in Splunk search?

raw event {... "jvm_cmd":"bin/java -Dp -Dp1=v1-Dp2=v2 -Dq -Dp3=v3 ..."} How to extract, kv pair from jvm_cmd va...

by Engager in

How to marry lookup table and index data?

Hello Champs I've index data table change records errors B221205A1090B221205B14800B221205C33360B221205D25818...

by Engager in

How to send alert via nlp and bot?

Hi Need to send alert like machine investigate something and after that send alert. I mean something like gptchat ...

by Motivator in

How to fetch the list of errors and their details while running SPL which does not allow users to fetch data?

Hi All, I need your help to determine the details of issues which affect users while running SPL. The details may...

by Communicator in

How to extract same fields from different logs?

Hi all, I need to extract some fields for authentication events from different log types, here below some example:...

by Communicator in

Why is search history retention inconsistent between search heads?

I have two Splunk Enterprise environments, both at 9.0.2. For users in one environment, search history goes back only...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to achieve stats count eval chart?

How to find a alert/dashboard running from a query in the jobs page?

What is the different between line exist in file and events of Splunk?

How to make a field extraction with field with and without ':'?

How to calculate difference between multiple fields?

Alerts that go on waiting status causes next alerts to not trigger?

How to use "original" search value if map has no result?

How to calculate through bin command ?

Can I use lookup for whitelisting based on 2 columns?

Compatible issue with the app Whois- are there any alternatives?

How to count hits per minutes?

Using wild card in table column formating

How to combine index queries from different field names?

Why do match and like not working for some users?

How to extract, kv pair from jvm_cmd value & print those in Splunk search?

How to marry lookup table and index data?

How to send alert via nlp and bot?

How to fetch the list of errors and their details while running SPL which does not allow users to fetch data?

How to extract same fields from different logs?

Why is search history retention inconsistent between search heads?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...