Splunk Search

Discussions

Thread Info

Can a group be defined based on a list of variables

I have an xml file in a logging statement that I extracted 3 instances of the value . These values are correctly disp...

by Engager in

How to generate pie chart for internal app usage?

Hi All, I have logs from my SSO servers, where I need to show a few apps' usage with names and rest all other apps...

by Path Finder in

Aggregate the column data

i have a query that show the data in table form i have to merge the row Query : my search query || timechart span=...

by Explorer in

How to search for events that have null values for a field?

I have json log lines that sometimes contain a request object of the form { timestamp: ts_val, app: "my_app", requ...

by Explorer in

Rex question

Hello everyone, I am trying to extract several “NEW” fields from a field and I am having trouble doing so. The fie...

by Explorer in

How to club and display the results of two queries in a single dashboard

Hi i am having two search queries with a difference of only the time range. I want to show the results of both the qu...

by Explorer in

field extraction a specific match in a field

Hello, I have an issue with this type of log : [5/22/20 14:46:23:381 GMT] 0000009c ThreadMonitor 3 UsageInfo[Th...

by New Member in

Search for a string that occurs more than once

I'm trying to search for a string that occurs more than once. But the string contains wildcards and commas. Which ...

by Explorer in

Comparing even field with lookup field in tstats search?

Hi all, I'm quite new so pardon my bad exposition, I'll try my best to explain what i'm trying to achieve. Can ...

by New Member in

Inconsistent search results when searching data from a renamed sourcetype.

host= rbal index=winevent_s earliest=5/18/2020:7:3:0 latest=5/18/2020:7:5:0 sourcetype=WinEventLog OR sourcetype=XmlW...

by Splunk Employee in

How to use timechart to show increase in recent 7 days

hey, I cant use |timechart count span=1d to calculate recent 8 days count, search result as follow: _time ...

by Contributor in

Using the field of first search in second search.

Hi experts, Search 1: base search from JSON... | eval col1=strptime(taken_date,"%b %d %Y %H:%M:%S") | ...

by Explorer in

How to split search results into separate lines instead of concatenating?

Hi! I did a search like this: | tstats summariesonly=t count from datamodel=XZY WHERE field_ip="192.168.101" ...

by Engager in

Duplicate Extracted Fields (ingest through HEC)

Hi, I am seeing duplicate extractions for events in my Splunk instance. To give a background, I have a couple forward...

by Path Finder in

How to exclude all days of one month from a time range?

Here is the part of the search that I am working on, and trying to exclude certain numbers of days. However, where Da...

by Path Finder in

In a JSON Payload, parse out \n to newline

Hi! I'm trying to see if I can get a JSON Payload like this: {"log":"2020-05-28 06:52:34,671 GMT TRACE [com.xxx.os...

by Communicator in

Indirect field reference

I've got a lookup table with counts by date. This table is updated each night, and I would like to search by the date...

by Explorer in

Confused on Time modifiers in Searches

Hi, I must be missing something. I have a simple search using a time modifier: index=MyIndex earliest=-30m ...

by Contributor in

Salesforce logs are missing

Hello I have recently lost Salesforce logging . Its been working just fine and nothing was changed from Splunk si...

by Engager in

How to calculate diff of two values of same column

I have a table: Month Transactions Mar 2000 April 3000 I want to display the difference of April - May and also th...

by Explorer in

Why am I getting error "File has no line endings" when trying to upload my lookup CSV file?

Every time I try I try to upload my CSV, I receive the following message: Encountered the following error while tr...

by Path Finder in

How do I use the rex field to extract the last digit from the time value in my sample data?

[2015-11-05 00:48:03,058] [/172.21.21.171:57533] [K123456789] created event: 8 How do I use rex field to extract ...

by New Member in

Convert Seconds To Hours, Minutes, Seconds and Milliseconds

Hi, I wonder whether someone may be able to help me please. Using a solution I found here I'm converting a fiel...

by Motivator in

How to set up search so that the events tab matches the logs corresponding to the statistics tab?

I've got the following search to identify when a user has more than 20 auth failures. I'm trying to find a way to re...

by Explorer in

Fetch the last 30 days values based on date value from a field.

Hi Experts, In this search i want to fetch results only from last 30 days to current. taken_date is one of the fie...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can a group be defined based on a list of variables

How to generate pie chart for internal app usage?

Aggregate the column data

How to search for events that have null values for a field?

Rex question

How to club and display the results of two queries in a single dashboard

field extraction a specific match in a field

Search for a string that occurs more than once

Comparing even field with lookup field in tstats search?

Inconsistent search results when searching data from a renamed sourcetype.

How to use timechart to show increase in recent 7 days

Using the field of first search in second search.

How to split search results into separate lines instead of concatenating?

Duplicate Extracted Fields (ingest through HEC)

How to exclude all days of one month from a time range?

In a JSON Payload, parse out \n to newline

Indirect field reference

Confused on Time modifiers in Searches

Salesforce logs are missing

How to calculate diff of two values of same column

Why am I getting error "File has no line endings" when trying to upload my lookup CSV file?

How do I use the rex field to extract the last digit from the time value in my sample data?

Convert Seconds To Hours, Minutes, Seconds and Milliseconds

How to set up search so that the events tab matches the logs corresponding to the statistics tab?

Fetch the last 30 days values based on date value from a field.

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!