Splunk Search

Discussions

Thread Info

Help with conditional event count.

Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } ...

by Explorer in

How to write a search to get the week number of the month from the given _time?

We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So...

by Explorer in

How to join multiple condition

In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER2)Updating DB...

by Engager in

How to use conditional search

Hi All,I have a main search where name1 filed will have multiple valuesI need to run sub search based on the value of...

by Observer in

mvmap command after migrate from 9.0.5 to 9.3.1

Mvmap has different results on different versions left screen is 9.3.1 version right is 9.0.5 if field wi...

by Loves-to-Learn in

Apply a trendline to a chart of Unique User Sessions span 30

I've got to be close. But having issues trying to figure out how to get a distinct count of user sessions to show up ...

by Explorer in

AWS Config data in Splunk

I am trying to query AWS config data in Splunk to identify the names of all S3 buckets in AWS. Is there a way to writ...

by Explorer in

Two syslogs usually together but need to report when only one is seen

I have two log messages "%ROUTING-LDP-5-NSR_SYNC_START" and "%ROUTING-LDP-5-NBR_CHANGE" which usually accompany each ...

by New Member in

Correlating values in different index

Hi, I have two indexes - "cart" and "purchased" . In "cart" index there is a field "cart_id" and in "purchased" the...

by Engager in

Export Logs from Zabbix to Splunk Dashboard via API on Button Click

Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix ...

by Engager in

How Do I Exclude Data Based On An Event?

Hello Everyone, I am hoping someone can help me out as I have exhausted everything I can think of and cannot seem ...

by Observer in

expiry notification use case

Hi All, I have designed a splunk query: | inputlookup Expiry_details_list.csv | lookup SupportTeamEmails.cs...

by Explorer in

Results from Collect command not writing to index?

Hi everyone, I recently took over a project by someone who is no longer with my employer. He made several schedule...

by Path Finder in

how to find difference of two field value(string) and assign it to new field

HI all I have a scenario where i have to find the difference of two field value (string) for example fileda="raj"...

by Explorer in

Can a search string dynamically build commands, and then run them?

My use case: I want to create a timechart of the number (count) of requests to a system, split by "connection type": ...

by Builder in

calculate percentage in a chart over day

Hi,I am using a search Mysearch |eval Guest=if(sid=22,BOT,Others) | convert timeformat="%Y-%m-%d" ctime(_ti...

by Engager in

Trying to check and set values conditionally but below query is giving error

Trying to check and set values conditionally but below query is giving errorError :- Error in 'eval' comma...

by Explorer in

Convert duration time to number integer

I have this search, where I get the duration and I need to convert it to integer:Example: Min:Sec to Whole 00:0...

by Path Finder in

SPL OPTIMZATION

Hey guys, so I was wondering if anyone had any idea how to optimize this query to minimize the sub searches. My b...

by Explorer in

Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in result

index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.Splu...

by Explorer in

Time after stats command

Hey, I want to add _time column after stats command but I couldn't select the best command. Forexample; ...

by Engager in

splunk query issues

Hey team, I have one requirement i.e have to Create a splunk dashboard to report the # of Logins , # of Logouts T...

by New Member in

How to rename fields when using 2 queries with OR

Hello, I have 2 queries where indices are different and have a common field dest_ip which is my focus(same field na...

by Explorer in

where with empty subsearch result raises an error message

Dear experts Based on the following search: <search id="subsearch_results"> <query> search index="iii" sear...

by Path Finder in

Detection from Splunk logs for specific events, such as exceeding X number of failed logins over Y time

Hi all, I have this use case below: Need to create a splunk alert for this scenario: Detections will be created f...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with conditional event count.

How to write a search to get the week number of the month from the given _time?

How to join multiple condition

How to use conditional search

mvmap command after migrate from 9.0.5 to 9.3.1

Apply a trendline to a chart of Unique User Sessions span 30

AWS Config data in Splunk

Two syslogs usually together but need to report when only one is seen

Correlating values in different index

Export Logs from Zabbix to Splunk Dashboard via API on Button Click

How Do I Exclude Data Based On An Event?

expiry notification use case

Results from Collect command not writing to index?

how to find difference of two field value(string) and assign it to new field

Can a search string dynamically build commands, and then run them?

calculate percentage in a chart over day

Trying to check and set values conditionally but below query is giving error

Convert duration time to number integer

SPL OPTIMZATION

Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in result

Time after stats command

splunk query issues

How to rename fields when using 2 queries with OR

where with empty subsearch result raises an error message

Detection from Splunk logs for specific events, such as exceeding X number of failed logins over Y time

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static