Splunk Search

Ask a Question

Discussions

Thread Info

Grab json value with dynamic key from splunk

Hi everyone, I have a json data payload as below: { location: US all_results: { serial_a: { resul...

by Engager in

Need help with a query

How can I match the IPs from csv file with the CIDR ranges in another csv? If no CIDR matches, I want to return ...

by Communicator in

Splunk for DBA

I have been trying to create some analyzes in splunk for a few week now. Sometimes I succeed, sometimes I fail. I ap...

by Path Finder in

How can i Search field from two different file source and merge in to a single table ?

Bellow mentioned table is an example which having same index and sourcetype, but it have a different source. I nee...

by Explorer in

Help refining .csv lookup evals, data not outputting properly

hi! Working on adding a holiday table as a lookup to reference for alerts based on volume and want to alert on differ...

by Engager in

Configuration for TCP input and TCP Output

We have configured inputs.conf with tcp to fetch the logs from streaming and send logs to Splunk server via TCP outpu...

by Loves-to-Learn Lots in

Different event count from base search compared to summary index search of base search?

Can someone explain to me why when I run my base search, it has exponentially more Events in the same time frame comp...

by SplunkTrust in

Rex help

Hi, I have a search result with the field message.log, and the field contains this example pattern /opt/out/ins...

by Engager in

Making a table with Eval and Top results

Hello! I'm trying to separate the latency results with Eval by dividing in 3 categories and then showing the perce...

by Engager in

dropdown via js search splunk

Hello, I need your help for something. I want to get ...

by Path Finder in

Addtotals does not include 'Other'

When I add a limit to a timechart to reduce the number of visible series (improve dashboard performance) it changes t...

by New Member in

Percentage by field with search

I'm trying to get a percentage of a field, based on a condition (filtered by search) by another field. e.g. percen...

by Engager in

Extract field names from CSV header

Hi Team,my CSV file contains a field like bellow (1st line in CSV) How can i create transformation for field extracti...

by Explorer in

Taking Tutorial. Why are No Events Found?

I am taking the Pluralsight tutorial. I have followed all the steps very carefully in the "Demo: Getting Data into Sp...

by Observer in

Extract from Multiple Fields and Consolidate using Stats Count

Hi Team, I have two different fields (Ex. A and B). Value A will come for some results and B will come for some. W...

by Engager in

how to extract the message field into multiple fields from windows Message field

I want to extract the below field into two fields i want to extract the Name and version both as two fields can so...

by Engager in

how to exclude a events in the search query if the events is present in the other index

I have a scenario where events are coming from one index =sample field= status as status 1, 2, 3, 4 , and 5. I have t...

by Path Finder in

saved searches

How to get all saved searches with their names and their respective search

by Contributor in

saved search

I have a saved search but I don't know the name of that saved search how do I get it.

by Contributor in

How to count based upon relative_time ?

I think what I am trying to do is relatively easy ?I want to query looking back -8 hours then count the # of events t...

by Contributor in

Matching regular expressions in lookup table against field in index

I have a lookup table containing a list of regular expressions, and am trying see if there are matches against a fiel...

by Loves-to-Learn Lots in

traverse through each record and check whether that ticket breached SLA or not

Hi All, I have one set of output having 8 closed tickets for two consecutive months as a result of splunk query. I ...

by Explorer in

Location by Octet

I have a Linux Environment and SSH is a thing here. I need to show SSH log in with location. I got the map to work bu...

by Explorer in

Query to find records in different events

I have thousands of records (events), I would like to search field a if it exists in field b of other event (record)....

by Observer in

How obtain the sum of a multivalue field

In each of my events, I have a field named watched. The watched multifield contains the array of integers. Is it poss...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Grab json value with dynamic key from splunk

Need help with a query

Splunk for DBA

How can i Search field from two different file source and merge in to a single table ?

Help refining .csv lookup evals, data not outputting properly

Configuration for TCP input and TCP Output

Different event count from base search compared to summary index search of base search?

Rex help

Making a table with Eval and Top results

dropdown via js search splunk

Addtotals does not include 'Other'

Percentage by field with search

Extract field names from CSV header

Taking Tutorial. Why are No Events Found?

Extract from Multiple Fields and Consolidate using Stats Count

how to extract the message field into multiple fields from windows Message field

how to exclude a events in the search query if the events is present in the other index

saved searches

saved search

How to count based upon relative_time ?

Matching regular expressions in lookup table against field in index

traverse through each record and check whether that ticket breached SLA or not

Location by Octet

Query to find records in different events

How obtain the sum of a multivalue field

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions