Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

extract string between backward slash and quote

{\"reference_id\":\"REF1\",\"sub_reference_id\":\"sub_ref_1\"} required output : table of reference_id, sub_referen...

by Observer in

Trying to do a Top command per hourly intervals

Hi There, I have a search that shows the top 2 Id's that have the most payments processed in each country. I'm tryi...

by Engager in

dynamically assigned maxspan in transactions

Hi I am searching for an option to dynamically assign value for MAXSPAN in a transaction. The value should come as ...

by Explorer in

SPL querry

I have a lookup with server details and OS details(details are in the below table), and the index with CR no., Date, ...

by Engager in

Strategy to search entire estate for unique servers writing to audit.log

Is there a way to get the last time a host touched a file, within a certain period, e.g. earliest=-24h? We got a re...

by Observer in

SPlunk not sending alerts

Hi, My splunk instance is not sending email alerts for a new alert th Can soat i just setup. I am getting other ale...

by Loves-to-Learn Everything in

Identify missing events based Lookup list of values

Hey Team I have events which contains a field "job_code". index=default source=jobfeed I have a lookup (jobs....

by Explorer in

Configuration initialization for Path took longer than expected|warning

WARN [Indexer] Configuration initialization for C:\Program Files\Splunk\var\run\searchpeers\Seachheadbundle took long...

by Explorer in

A column from mstats becomes empty after join command

Hi, I'm trying to create a dashboard which shows various stats for a list of servers. It will pull it's data from s...

by Explorer in

Set token from dropdown

Hi, I have a dropdown with dynamic query <input type="dropdown" token="clientId" searchWhenChanged="true"><label>...

by Explorer in

Issue adding a symbol after a field value

The following previous splunk thread works fine: https://community.splunk.com/t5/Archive/Insert-sign-for-each-resul...

by Communicator in

Get multiple name/value from JSON file

Hi everyone, I've been trying several day to create a query that can give me the list of name/value inside the JSO...

by Explorer in

Splitting up data into multiple columns

Hello i am using the following search host=XXX sourcetype=ZZZ http_status=500 OR http_status=502 "HighCostAPI"| st...

by Explorer in

Can I have a subsearch that returns a list of sources for the main search to use?

Hello, I'm working on a splunk alert that monitors processes. If a process has been running for a long time I want ...

by Explorer in

Extract values from field conditionally on other field value

Hi Splunkers, Below is my issue: Having multiple xml files, I need to monitor all the files and extracted the val...

by Contributor in

Show multiple machines for lockouts

Hi all, A past consultant of ours wrote the following correlation search to detect excessive user account lockouts:...

by Engager in

three queries that produce tables, need to combine the results into one table

Need some help with and advance joining of 3 queries I have three queries that produce tables, I need to combine t...

by Engager in

Creating drilldown to new tab for auto search without adding custom search

I am trying to make it so if a user clicks on any cell in a Dashboard showing a Statistics table, that will result in...

by Engager in

There are 2 timestamp formats in a log file

<Jan 10, 2021 6:58:06 PM CST> <Info> <WorkManager> <BEA-002942> <CMM memory level becomes 0. Setting standby thread p...

by Loves-to-Learn Lots in

Functionality of keepevicted not clear

I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still no...

by Path Finder in

Splunk Search

Discussions

extract string between backward slash and quote

Trying to do a Top command per hourly intervals

dynamically assigned maxspan in transactions

SPL querry

Strategy to search entire estate for unique servers writing to audit.log

SPlunk not sending alerts

Identify missing events based Lookup list of values

Configuration initialization for Path took longer than expected|warning

A column from mstats becomes empty after join command

Set token from dropdown

Issue adding a symbol after a field value

Get multiple name/value from JSON file

Splitting up data into multiple columns

Can I have a subsearch that returns a list of sources for the main search to use?

Extract values from field conditionally on other field value

Show multiple machines for lockouts

three queries that produce tables, need to combine the results into one table

Creating drilldown to new tab for auto search without adding custom search

There are 2 timestamp formats in a log file

Functionality of keepevicted not clear

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Regex Condition for JSON

Splunk Eventgen | Count of events generated

Why does stats via python SDK export returns mult...

Problem at Encoding - Jirra Issues Collector

Chart With time as the data points

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >