Splunk Search

Ask a Question

Discussions

Thread Info

How to pivot results table?

I got above result from my splunk query: index="cx_aws" source="notifications-service"|stats count by tokenValidator...

by Explorer in

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Hello! I've been playing around with the timechart command and spanning, however, there is an issue I'm having whe...

by Contributor in

Arithmetic operation on fields from different events

Consider the below types of events fields : OS transaction numbers Events: Win purch...

by Explorer in

Populating non-existent values where multiple timestamp comparisons exist.

We have the following SPL query which generates statuses (i.e. "Success", "Failure", "Warn") for various different "s...

by Communicator in

Key value field extraction from Cisco devices

Hi there, digging deeper into the REST API and XML parsing. When running an XML status command on our Ironport I ge...

by Explorer in

Checking when a field value has changed

Hi team, I have a highly simplified set of log entries similar to the sample data below: |makeresults |eval dummy=...

by Explorer in

xyseries drops result with duplicate timestamp

I have this data _timeEventCodeMessage2020-06-16T19:48:53+00:004136Too late now2020-06-16T19:49:53+00:001234I don't...

by Splunk Employee in

If / Then Conditional.

Heres what i'm trying to accomplish: requestID status123456 errored321654 ...

by Loves-to-Learn in

What exactly does dedup_splitvals do?

Hi, I can't grasp the concept of dedup_splitvals. I was writing search for a pie chart on my dashboard, something l...

by Loves-to-Learn in

How to reformat search results?

Helloi got result like below from the splunk queryABC123DEF456GHI789But i want to show like belowABCDEFGHI

by Explorer in

Add certain feilds to an existing query to filter the count

Below is my existing query : i want to add ceratin common feilds with different value for the respective ind...

by Communicator in

Splunk

HelloI have a log like this:ABC=true,DEF=false,GHI=false,JKL=trueI want to show only ABC and JKL in the result,becaus...

by Explorer in

Multivalued field extraction

This is the search i am using to extract key/value from the field "RID" with multivalued "DEF" | rex max_match=0 f...

by New Member in

Using blacklist on Windows TA and XML events

Hi, ive successfully blacklisted the windows event 4658 with this line_ blacklist2 = $XmlRegex="<EventID>4658<\/Eve...

by Path Finder in

Enabling 'Insecure Login' within web.conf

Hi guys, I'd like to be able to allow 'insecure' logins for my dashboards to be used with an internal signage solut...

by Path Finder in

Spath field extract with period

Hi All, I am trying to extract fields using spath command. I noticed that fields with period in it cannot be extrac...

by Explorer in

Dynamic Search Query Based on Field Value

I'm trying to create a search that always looks for the responses from the latest version of my app. The `version` fi...

by Engager in

Is there any online regex tool to create regular expressions for given sample data ?

by Motivator in

How to a merge value and a field name from two multi value fields?

Hello, I have a Field with Oracle SQL_BIND and a second field with the SQL_TEXT, the SQL_BIND contains the values whi...

by Loves-to-Learn Lots in

How do I convert a timestamp from one timezone to another (inline)?

I have an issue where logs contain timestamps in zulu and the server uses local time for its index. I need to calcul...

by Contributor in

Retain columns in lookup table but not creating duplicates

I have a saved search which runs every month and looks at my vulnerability events and outputs the results into a look...

by Path Finder in

Extracting data from a search table

Hello, I have a raw data file from which I am trying to extract data and create a dashboard out of it. From this ra...

by Explorer in

Custom Cell Renderer intermittently working.

Hello I have noticed that in some of my dashboards, especially the more complicated ones with multiple sub searches t...

by New Member in

Regex Expression to find errors not matching

Can someone show me what the regex expression for the below extract would be? & can you show me how you arrived to th...

by Contributor in

Splunk query to edit lookup file

Hi Guys, I have a .csv lookup file that maintain the 'inactive' accounts list. can anyone help me with a query to r...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to pivot results table?

How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"?

Arithmetic operation on fields from different events

Populating non-existent values where multiple timestamp comparisons exist.

Key value field extraction from Cisco devices

Checking when a field value has changed

xyseries drops result with duplicate timestamp

If / Then Conditional.

What exactly does dedup_splitvals do?

How to reformat search results?

Add certain feilds to an existing query to filter the count

Splunk

Multivalued field extraction

Using blacklist on Windows TA and XML events

Enabling 'Insecure Login' within web.conf

Spath field extract with period

Dynamic Search Query Based on Field Value

Is there any online regex tool to create regular expressions for given sample data ?

How to a merge value and a field name from two multi value fields?

How do I convert a timestamp from one timezone to another (inline)?

Retain columns in lookup table but not creating duplicates

Extracting data from a search table

Custom Cell Renderer intermittently working.

Regex Expression to find errors not matching

Splunk query to edit lookup file

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions