Splunk Search

Discussions

Thread Info

Unable to see data indexed 4 hours ago

Hi, Data was indexed 4 hours ago. At the time i was able to see the data when searching the relevant index. 4 hours...

by Loves-to-Learn in

deprecated 'stats' command syntax notification on a sample Splunk search

Running a sample search suggested by "Add sparklines to search results" in Splunk Documentation for the latest versio...

by Contributor in

Did anyonen else lose all of their "Splunk Answers" history?

I am aware that answers.splunk.com has changed engines and is now community.splunk.com. The migration announcement st...

by Observer in

Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor?

Is anyone aware of a dashboard visualization that will allow me to edit a lookup table in the UI? Rather than using L...

by Loves-to-Learn in

License Usage by Each Indexer

License Usage by Each Indexer : Need to find license usage by each indexer.

by Motivator in

How to pivot results table?

I got above result from my splunk query: index="cx_aws" source="notifications-service"|stats count by tokenValidator...

by Explorer in

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Hello! I've been playing around with the timechart command and spanning, however, there is an issue I'm having whe...

by Contributor in

Arithmetic operation on fields from different events

Consider the below types of events fields : OS transaction numbers Events: Win purch...

by Explorer in

Populating non-existent values where multiple timestamp comparisons exist.

We have the following SPL query which generates statuses (i.e. "Success", "Failure", "Warn") for various different "s...

by Communicator in

Key value field extraction from Cisco devices

Hi there, digging deeper into the REST API and XML parsing. When running an XML status command on our Ironport I ge...

by Explorer in

Checking when a field value has changed

Hi team, I have a highly simplified set of log entries similar to the sample data below: |makeresults |eval dummy=...

by Explorer in

xyseries drops result with duplicate timestamp

I have this data _timeEventCodeMessage2020-06-16T19:48:53+00:004136Too late now2020-06-16T19:49:53+00:001234I don't...

by Splunk Employee in

If / Then Conditional.

Heres what i'm trying to accomplish: requestID status123456 errored321654 ...

by Loves-to-Learn in

What exactly does dedup_splitvals do?

Hi, I can't grasp the concept of dedup_splitvals. I was writing search for a pie chart on my dashboard, something l...

by Loves-to-Learn in

How to reformat search results?

Helloi got result like below from the splunk queryABC123DEF456GHI789But i want to show like belowABCDEFGHI

by Explorer in

Add certain feilds to an existing query to filter the count

Below is my existing query : i want to add ceratin common feilds with different value for the respective ind...

by Communicator in

Splunk

HelloI have a log like this:ABC=true,DEF=false,GHI=false,JKL=trueI want to show only ABC and JKL in the result,becaus...

by Explorer in

Multivalued field extraction

This is the search i am using to extract key/value from the field "RID" with multivalued "DEF" | rex max_match=0 f...

by New Member in

Using blacklist on Windows TA and XML events

Hi, ive successfully blacklisted the windows event 4658 with this line_ blacklist2 = $XmlRegex="<EventID>4658<\/Eve...

by Path Finder in

Enabling 'Insecure Login' within web.conf

Hi guys, I'd like to be able to allow 'insecure' logins for my dashboards to be used with an internal signage solut...

by Path Finder in

Spath field extract with period

Hi All, I am trying to extract fields using spath command. I noticed that fields with period in it cannot be extrac...

by Explorer in

Dynamic Search Query Based on Field Value

I'm trying to create a search that always looks for the responses from the latest version of my app. The `version` fi...

by Engager in

Is there any online regex tool to create regular expressions for given sample data ?

by Motivator in

How to a merge value and a field name from two multi value fields?

Hello, I have a Field with Oracle SQL_BIND and a second field with the SQL_TEXT, the SQL_BIND contains the values whi...

by Loves-to-Learn Lots in

How do I convert a timestamp from one timezone to another (inline)?

I have an issue where logs contain timestamps in zulu and the server uses local time for its index. I need to calcul...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unable to see data indexed 4 hours ago

deprecated 'stats' command syntax notification on a sample Splunk search

Did anyonen else lose all of their "Splunk Answers" history?

Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor?

License Usage by Each Indexer

How to pivot results table?

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Arithmetic operation on fields from different events

Populating non-existent values where multiple timestamp comparisons exist.

Key value field extraction from Cisco devices

Checking when a field value has changed

xyseries drops result with duplicate timestamp

If / Then Conditional.

What exactly does dedup_splitvals do?

How to reformat search results?

Add certain feilds to an existing query to filter the count

Splunk

Multivalued field extraction

Using blacklist on Windows TA and XML events

Enabling 'Insecure Login' within web.conf

Spath field extract with period

Dynamic Search Query Based on Field Value

Is there any online regex tool to create regular expressions for given sample data ?

How to a merge value and a field name from two multi value fields?

How do I convert a timestamp from one timezone to another (inline)?

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk App for Anomaly Detection End of Life Announcement

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions