Splunk Search

Ask a Question

Discussions

Thread Info

Default Log format for splunk

I see some post about rules for splunk logs. But I don't find a list of rules. My applications logs a lot of lines...

by Explorer in

fetch todays filename and check with last 30 days filename for splunk alert

Hi, I want to create alert based on file received. Everyday at randomly we used to receive files. ex. file name...

by Path Finder in

Can you help me with my splunk search?

I am trying to write a splunk search to pull what rules a particular user is hitting. This search is helping with tha...

by Loves-to-Learn in

Log events are being dropped when applying a condition

Hello Everyone, I have built a Splunk query (shared below) recently & I noticed that when apply search condition App_...

by Loves-to-Learn in

splunk match between different sourcetypes

I'm trying to create a search where I take a small list of IPs from sourcetype A and compare them against a larger se...

by Observer in

Struggling with rex

Hoping to find a solution here for my rex query (new to rex) I have an event that looks like this time="2...

by Engager in

Calculate average time taken for transactions.

Field1=Start Field2=Finish Field1 and Field2 have multiple events with values Start and Finish for a given uid ...

by Engager in

TimeChart Syntax

Stuck again and not sure what I'm missing... I have the first two steps, but cannot figure out the syntax to use Time...

by Path Finder in

Joining and grouping indexes

below is my scenario described by Oracle DBA  I have two indexes INDEXAfieldAfieldBfieldC INDEXBfieldAfiel...

by Path Finder in

index data

Hello , How can I know the start time and the latest time coming of data of all index .meaning that when was the fir...

by Contributor in

How to convert raw csv data into table format

Hi Team, We have onboarded csv data into Splunk and each row in csv is ingested into _raw field . I need to bring t...

by Loves-to-Learn Everything in

Merging two columns as full join using append

Hi, I have the results of an append operation as follows: IDCol3col4col5a abcaabcNo axyzYes b abcb xyzbxyzNo bfg...

by Splunk Employee in

Splunk Report using outer and inner query for a SessionID & Date/Time

I have a logfile like this - 2024-06-14 09:34:45,504 INFO [com.mysite.core.repo.BaseWebScript] [http-nio-80...

by Path Finder in

Join operation doesn't return correct result

I have two query tablestable 1index="k8s_main" namespace="app02013" "EConcessionItemProcessingStartedHandler.createRm...

by New Member in

Macro expansion via SPL/REST

I have a search that returns all of my correlation searches for a given app. | rest splunk_server=local coun...

by Path Finder in

Adding and defining the value for a new Search Field.

How do I add a new field and set the value to seven days ago from the current date, snapped to thebeginning of the c...

by Path Finder in

Conditional Success/Fail

Hi all - I am trying to create what I would think is a relatively simple conditional statement in Splunk. Use Case...

by Explorer in

rex - Extracting a string

I want to exact a string 'GUID" from the log right after "customers". This regex expression works in https://regex101...

by Explorer in

showing chart based on Time and Transaction count

this is the log data i want a report like this: my current query is :index="webmethods_...

by Path Finder in

How to get exception data for multiple lines of Get and Update logs

Hi community, can anyone help me figure out the log which Get incorrect data after Update(both get and update will lo...

by Explorer in

How do I search for all events in the same "request" as a particular log line

My application is a backend web service. All events in a request contain the same value for a "req_id" field. I hav...

by Engager in

How to find difference of the time in days and hours respectively between Event time of the data and current time?

How to find difference of the time in days and hours respectively between Event time of the data and current time?For...

by Explorer in

How to count the same values over different fields together?

Lets say we have the following data set: Fruit_ID Fruit_1 Fruit_2 1 Apple NULL 2 Apple NULL 3 Apple NULL ...

by Path Finder in

SPL query help

Hi All, Need some help with SPL query to compare the data from same host on 2 different dates and give me a status ...

by Path Finder in

How can I group and aggregate and filter all events based on those aggregated attributes?

Coming from SQL, I want to do stuff like GROUP BY and HAVING ... The data is available with a transaction identifie...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Default Log format for splunk

fetch todays filename and check with last 30 days filename for splunk alert

Can you help me with my splunk search?

Log events are being dropped when applying a condition

splunk match between different sourcetypes

Struggling with rex

Calculate average time taken for transactions.

TimeChart Syntax

Joining and grouping indexes

index data

How to convert raw csv data into table format

Merging two columns as full join using append

Splunk Report using outer and inner query for a SessionID & Date/Time

Join operation doesn't return correct result

Macro expansion via SPL/REST

Adding and defining the value for a new Search Field.

Conditional Success/Fail

rex - Extracting a string

showing chart based on Time and Transaction count

How to get exception data for multiple lines of Get and Update logs

How do I search for all events in the same "request" as a particular log line

How to find difference of the time in days and hours respectively between Event time of the data and current time?

How to count the same values over different fields together?

SPL query help

How can I group and aggregate and filter all events based on those aggregated attributes?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions