Splunk Search

Ask a Question

Discussions

Thread Info

Combine a numerical field with a string field separated with a dash

Hello, I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the ex...

by Explorer in

Extracting a JSON boolean value

I've been unable to get a boolean value extracted from JSON written to Splunk. The data looks like this: build: ...

by Explorer in

Why do these seemingly identical searches return different results when sorted?

I have four versions of a nearly identical search. The last one returns a completely different result. What is it a...

by Path Finder in

Filtering a Field Extracted with Rex

Hello, I am having trouble with filtering fields extracted using rex as follows: rex max_match=0 field=sessions_a...

by Engager in

Separate rows for a string ?

I have a string like this below{ABC,DEF,GHI,JKL}i am able to show it as below in my result 1. ABC DEF GHI...

by Explorer in

How to search indexed JSON array output for objects that match a distinct name/value pair

I'm calling a REST API using curl on a UF to collect data from a remote DataPower appliance; the output is in JSON fo...

by Path Finder in

Case open count and trend history

We're using a REST API to connect to a case / monitoring system and retrieve any data newer than the last run. This d...

by Communicator in

Removing some results from stats count by function

Hi all, I'm a bit of a newbie to splunk but I was trying to create a dashboard using the stats count by function fo...

by Explorer in

time difference between two events

Hi I am using below query to get the details of alarms which has (one Warning and one OK status) or (one Critical a...

by Communicator in

Add several information on a point

Hi everyone, I'm looking for how to add information on a graphical point. My graph shows only an average and an...

by Explorer in

data joins

I've got a few different tables, all csv, that provide different information. The main events table includes a bunc...

by Explorer in

How to use data models in subsearch

I am trying to use data models in my subsearch but it seems it returns 0 results. | datamodel disk_forecast C_drive...

by Explorer in

"This search uses deprecated 'stats' command syntax."

Getting this informational message when running "stats count" commands: This search uses deprecated 'stats' com...

by Contributor in

How to extract count of specific event from nested JSON?

I have this data coming in every minute to monitor application performance: { "events": [ { "appId": "m...

by Explorer in

Unable to see data indexed 4 hours ago

Hi, Data was indexed 4 hours ago. At the time i was able to see the data when searching the relevant index. 4 hours...

by Loves-to-Learn in

deprecated 'stats' command syntax notification on a sample Splunk search

Running a sample search suggested by "Add sparklines to search results" in Splunk Documentation for the latest versio...

by Contributor in

Did anyonen else lose all of their "Splunk Answers" history?

I am aware that answers.splunk.com has changed engines and is now community.splunk.com. The migration announcement st...

by Observer in

Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor?

Is anyone aware of a dashboard visualization that will allow me to edit a lookup table in the UI? Rather than using L...

by Loves-to-Learn in

License Usage by Each Indexer

License Usage by Each Indexer : Need to find license usage by each indexer.

by Motivator in

How to pivot results table?

I got above result from my splunk query: index="cx_aws" source="notifications-service"|stats count by tokenValidator...

by Explorer in

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Hello! I've been playing around with the timechart command and spanning, however, there is an issue I'm having whe...

by Contributor in

Arithmetic operation on fields from different events

Consider the below types of events fields : OS transaction numbers Events: Win purch...

by Explorer in

Populating non-existent values where multiple timestamp comparisons exist.

We have the following SPL query which generates statuses (i.e. "Success", "Failure", "Warn") for various different "s...

by Communicator in

Key value field extraction from Cisco devices

Hi there, digging deeper into the REST API and XML parsing. When running an XML status command on our Ironport I ge...

by Explorer in

Checking when a field value has changed

Hi team, I have a highly simplified set of log entries similar to the sample data below: |makeresults |eval dummy=...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Combine a numerical field with a string field separated with a dash

Extracting a JSON boolean value

Why do these seemingly identical searches return different results when sorted?

Filtering a Field Extracted with Rex

Separate rows for a string ?

How to search indexed JSON array output for objects that match a distinct name/value pair

Case open count and trend history

Removing some results from stats count by function

time difference between two events

Add several information on a point

data joins

How to use data models in subsearch

"This search uses deprecated 'stats' command syntax."

How to extract count of specific event from nested JSON?

Unable to see data indexed 4 hours ago

deprecated 'stats' command syntax notification on a sample Splunk search

Did anyonen else lose all of their "Splunk Answers" history?

Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor?

License Usage by Each Indexer

How to pivot results table?

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Arithmetic operation on fields from different events

Populating non-existent values where multiple timestamp comparisons exist.

Key value field extraction from Cisco devices

Checking when a field value has changed

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...