Splunk Search

Ask a Question

Discussions

Thread Info

Using CSV field as time

I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T0...

by Explorer in

Why is the save button greyed out when attempting to modify a report/search?

Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the...

by Path Finder in

Get a Server Error running certain searches and unable to saving a report or alert for any search

Hi,We are using Splunk Enterprise 8.0.4.1 with a Search head and two indexing cluster. As a splunk administrator, ...

by Observer in

Eval statement based of 1 field using If

I have a bunch of storage clusters that we monitor, 60% of the envrioment uses normal GB, the other 40% uses GiB. I...

by Path Finder in

Use an intermediate universal forwarder

Hi at all, I need to send logs from many Universal Forwarders to an Indexer Cluster using an Intermediate Forwarder. ...

by SplunkTrust in

Search using MAP COMMAND

I have dropdown which has to execute the two different searches based on token picker I am trying to implement the...

by Contributor in

Cluster Command Based on Multiple Fields

Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can...

by Path Finder in

Comparing multiple values for a result

HI All, need your help in below query. I use below query to get below output. Query : index=nw_syslog| rex fie...

by Communicator in

Splunk SPL best practice

Will a parentheses Surrounded SPL queries make any difference? For Example:(index IN (“indexA*”,”indexB*”) source=”...

by Path Finder in

Delete redundant information in fields

Hallo, I would like to investigate the login behaviour of users. I use this search: I receive the followin...

by Engager in

matching two different events and create new table

Dear Folks, I've the below two different type of events, the matching attributes from first event to second event a...

by Loves-to-Learn Lots in

How to best track the frequency of repeating events

Hi, I'm after suggestions on how to best approach this problem. I want to track over time how often I am seeing a...

by Splunk Employee in

How to display the SLA status based on the SLA time

Hi Experts, I have data as shown below, Whenever we run the search, if the current time is greater than start time...

by Engager in

Create table with yxz

I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be v...

by Contributor in

Sort fieldnames

AccountName FAILURE SUCCESS IMPACT LOSS% Total Account120001490.111.3310804Account220812620.109.552043Account316301...

by Explorer in

Extract a ";" delimited field in table

My log sample looks like this: testServiceName,testTransName,DEVTEST,,,3375598402,15,754,5,2020-07-11 18:41...

by Path Finder in

How to group events by date?

Hi, I manage to get the view i want using below search command. May I know how to group the events by Month_Ye...

by New Member in

Compare Dates and exclude event if it is older

Hi, How do I compare dates and exclude the event if it is older? I have here my table from transaction command. I...

by Explorer in

Universal forwarders no longer sending data - SSL23 unknown protocol

Our universal forwarders can no longer connect to the indexer, seemingly after upgrading openssl to the newest versio...

by Engager in

Split one field values into multiple fields based on values

status success success failure failure error error I want output like status stat...

by Explorer in

Can i do an eval if match with a lookup table?

I have a field called lookup_key that contains either a host name or an IP address. I am trying to get a lookup on t...

by Engager in

Is there BOTSv3 writeup?

https://github.com/splunk/botsv3https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html I'm startin...

by Ultra Champion in

Extract Fields from JSON

Hi Everyone. Thanks in advance for any help. I am trying to extract some fields (Status, RecordsPurged) from a JSO...

by Path Finder in

stats count for different days in separate fields

Hi, I’m trying to get product count for yesterday and 7 days ago from yesterday in two separate fields, results ar...

by Explorer in

Cluster Command Max Cluster Size

Is there a way to set the maximum cluster size for the clusters generated by the "cluster" command?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using CSV field as time

Why is the save button greyed out when attempting to modify a report/search?

Get a Server Error running certain searches and unable to saving a report or alert for any search

Eval statement based of 1 field using If

Use an intermediate universal forwarder

Search using MAP COMMAND

Cluster Command Based on Multiple Fields

Comparing multiple values for a result

Splunk SPL best practice

Delete redundant information in fields

matching two different events and create new table

How to best track the frequency of repeating events

How to display the SLA status based on the SLA time

Create table with yxz

Sort fieldnames

Extract a ";" delimited field in table

How to group events by date?

Compare Dates and exclude event if it is older

Universal forwarders no longer sending data - SSL23 unknown protocol

Split one field values into multiple fields based on values

Can i do an eval if match with a lookup table?

Is there BOTSv3 writeup?

Extract Fields from JSON

stats count for different days in separate fields

Cluster Command Max Cluster Size

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions