Splunk Search

Discussions

Thread Info

get the last element of repeating json payload

I have a repeating j son payload appearing in my logs.I am interested in capturing the last payload from the logs.rig...

by Observer in

Help with timewrap Command

Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below qu...

by Explorer in

Splunk query for UPtime and Downtime?

Hi Folks, Can anyone please help in forming the query for internal splunk components up and downtime reporting, i ...

by Path Finder in

join/append two queries

Hi, I have two different queries, I want to join two columns. Below is my query: `macro`msg="Finish imp...

by Explorer in

Group by and sum

Hello - I am a Splunk newbie. datetimeSrc_machine_nameCol1Col31/1/2020Machine1Value1Value21/2/2020Machine1Value...

by Engager in

Regex search through splunk

Is there a method to do "AND" while writing regex instead of "OR" . As when i write a reg and add to regex _raw="expr...

by Explorer in

How to calculate uptime percentage based on my data?

Lets say my data is like this: 8/27/12 10:30:00.000 AM server=test1 and status=Down 8/27/12 10:29:00.000 AM server...

by Explorer in

Splunk Search

Hello is there a length limit in the search.? I have been using NOT operator in my query extensively due to error c...

by New Member in

When running the delete dups search, I'm reaching the 10k limit. How do I increase it?

I'm trying to delete dups using this method here: https://community.splunk.com/t5/Splunk-Search/How-to-delete-duplica...

by Observer in

Check multiple hosts for existence

I have list of around 100 hosts that are sending data to index and I would love to return a table with hostname and s...

by Path Finder in

After 10000 records in lookup, new records are not getting appended. Any solution?

Hi, I have used the below saved search to append the data every 15 mins into the lookup file. I use the lookup file...

by Path Finder in

Looking to rewrite a join across several indexes with somewhat unusual relationships

(I am reposting this question from email, with permission from the person who emailed) I need to basically join 3 i...

by SplunkTrust in

Using fireall logs to find hosts that do not use a specific protocol

I have the following query for PAN firewall logs: index=pan app=ssl | stats count by src This would give me a l...

by Path Finder in

Summary Index - Eval Issue - Need both combined & segregated data

Hi Splunk Experts I've created a summary index where it contains 6 eval cases, for example: eval 1=case(match(som...

by Explorer in

How to show data from different regions as Today's

Hi Splunkers, I have different queries that get the age of a ticket only counting the business hours. I need to do ...

by Explorer in

Splunk is not working. localhost refused to connect.

This site can’t be reached localhost refused to connect. Did you mean http://localhost8000.com/? Search Google for lo...

by New Member in

How to find last of A and first of B in one query?

Considering the following two messages: sourcetype="PCF:log" cf_app_name=app1 msg="launch processing starte...

by Explorer in

read (or get) file data without monitoring

how can i read or get data from .txt file without monitoring(indexing) the file data.

by Explorer in

timechart to display calculated values

Trying to display Percentages on Timechart , but it's not working. Base search | fields APP Usage_kb | eval Usa...

by Communicator in

Correlate one field with other field to locate repeated value

aid SHA abc 12345 12345 ...

by Explorer in

The values of the table are made to come to the start of the column instead of filling zeros

Hi, I am writing a search to create 3 columns of data P,F and C based on Teams. The table which I expect is this ...

by Path Finder in

TimeChart Display query result in text format

Hello, I have a timechart with multiple fields, I want to append existing query or add new query to display one...

by Explorer in

How can I merge search results from two different indexes based on common fields?

Hi everyone, I'd be eternally grateful if someone could help point me in the right direction here. I'm trying to ou...

by Path Finder in

How to pass list string as an arguments to Splunk macro

Hi Splunk experts, I am a new face here. I have a task for multiple alerts creating. I am wondering is it possible ...

by Path Finder in

Retain special characters at the end of field value

I have an ID among other things that is extracted by Splunk DB Connect from a mySQL database. Whats special with the...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

get the last element of repeating json payload

Help with timewrap Command

Splunk query for UPtime and Downtime?

join/append two queries

Group by and sum

Regex search through splunk

How to calculate uptime percentage based on my data?

Splunk Search

When running the delete dups search, I'm reaching the 10k limit. How do I increase it?

Check multiple hosts for existence

After 10000 records in lookup, new records are not getting appended. Any solution?

Looking to rewrite a join across several indexes with somewhat unusual relationships

Using fireall logs to find hosts that do not use a specific protocol

Summary Index - Eval Issue - Need both combined & segregated data

How to show data from different regions as Today's

Splunk is not working. localhost refused to connect.

How to find last of A and first of B in one query?

read (or get) file data without monitoring

timechart to display calculated values

Correlate one field with other field to locate repeated value

The values of the table are made to come to the start of the column instead of filling zeros

TimeChart Display query result in text format

How can I merge search results from two different indexes based on common fields?

How to pass list string as an arguments to Splunk macro

Retain special characters at the end of field value

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions