Splunk Search

Ask a Question

Discussions

Thread Info

Splunk ServiceNow Integration "snowincident" Command

Hi Everyone! Does the "snowincident" command always create an incident upon being called? I want to use this in an ...

by Path Finder in

match between field with delimited num values and a number field

Hello, am trying to run a query like below: basequery | where match(stringFieldConsistingOfNumsDelimitedBy#...

by Explorer in

Unable to get data on statistics using stats

Hi , I am trying to run a splunk query and i am able to generate the required filed . however i am facing difficul...

by Explorer in

Stats with Join

I have set of hosts that are installed with different versions of software but logging to the same index, and I need ...

by Loves-to-Learn Lots in

Multiple field values combined into two different fields

Hello SplunkersI have the following field: Message The Message fields have the following values: 1,2,3,4,5,6,7,8,9...

by Communicator in

replacing values with "*****"

I have a field "users" that spits out the result "*****" I want to replace the ***** with an IP address its actual...

by Explorer in

view default index

How can I view the default index of a user? In other words, if user runs a search within splunk search app and does...

by Path Finder in

How to extract values of a particular field for a json event.

I have an event which is in json and it has a repeating field say "message" Example: { "Message":[ { "messa...

by Explorer in

How to find all alerts with a specific alert action?

I'm trying to find all the saved alerts that have a certain action. I've found this search: |rest/servicesNS/-/-/sa...

by Explorer in

Merging 2 stats from one search query

Hi guys, This little (?) thing's has been wrecking my head all weekend. I'm trying to merge 2 stats commands, or s...

by Path Finder in

How to extract json values

I have an event in json which has key pairs like: { "timestamp": 157281937, "message":"abc\xyz\pqr\efg", } ...

by Explorer in

Jenkins JSON test results into table by build

I'm wondering if the following table structure is possible (without custom JS). Raw events are from Jenkins plugin....

by Path Finder in

[Need Help] how to reverse the time scale and corresponding count in x axis from timechart.

Hi team, I have below query index=*bizx_application AND sourcetype=perf_log_bizx AND AutoSaveForm OR SaveFormV2 ...

by Path Finder in

Rename the existing Correlation search?

Hi Splunkers, Whats the best way to rename the existing correlation search.?

by Path Finder in

Joining data from multiple events with stats

Hoping someone can help me to join data in the same index across multiple events. Here is the event data indexevent...

by Engager in

Getting a comma separate string from values function within stats command

When I extract the list of values of a field in stats command, the values appear in separate lines making the output ...

by Engager in

Error extracting username when using the | rex field= statement

I have a user field where the name may or may not be prefixed with DOMAIN\ as shown below: DOMAIN\CWIX-USER-SC-4a.r...

by New Member in

Combine 3 queries using a common field

Hi I have 3 queries as below and all 3 of them have a common field "loaderId". I used join to combine their resul...

by Explorer in

Searching local directories

I am trying to add and search data directly from my local file directory in splunk. I went to setting > data inputs >...

by New Member in

How to extract value from a string

Hi everyone I need to extract value from a string before a specific character "_X" Where X is any integer P...

by Explorer in

Subsearching within time frame

Hi everyone, I'm new to Splunk. I've got this search query: host="..." earliest=-30d latest=now | stats distinct_...

by Engager in

Lookup table for search exclusions using a combination of multiple fields

I have an alert to discover logins from accounts on servers and workstations. Some of these logins are normal and so ...

by Path Finder in

How to i match the latest date value in lookup file?

Hi,I am a newbie to SPL and would like some help.I want to find the latest date field in my lookup file file. My te...

by Path Finder in

escape backslash in dynamic search

hi there, i created a dashbord with drilldown values with backslash. how can i escape those backslash to ged valu...

by Engager in

Combine and count results from two queries without join command

So, if I have an index=abc with fields a,b Also, I have index=xyz with fields b,c Now I want to count the results...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk ServiceNow Integration "snowincident" Command

match between field with delimited num values and a number field

Unable to get data on statistics using stats

Stats with Join

Multiple field values combined into two different fields

replacing values with "*****"

view default index

How to extract values of a particular field for a json event.

How to find all alerts with a specific alert action?

Merging 2 stats from one search query

How to extract json values

Jenkins JSON test results into table by build

[Need Help] how to reverse the time scale and corresponding count in x axis from timechart.

Rename the existing Correlation search?

Joining data from multiple events with stats

Getting a comma separate string from values function within stats command

Error extracting username when using the | rex field= statement

Combine 3 queries using a common field

Searching local directories

How to extract value from a string

Subsearching within time frame

Lookup table for search exclusions using a combination of multiple fields

How to i match the latest date value in lookup file?

escape backslash in dynamic search

Combine and count results from two queries without join command

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!