Splunk Search

Discussions

Thread Info

Date difference in months

on my search index=raw_fe5_autsust Aplicacao=HUB Endpoint="*/" | eval RefUser=if(Mes!="", Mes, substr("...

by New Member in

Prevent users from table sorting (when clicking on its headers)

The question is really simple, not that sure about the answer though. I'm using Splunk 5.0.6 + Advanced XML panels to...

by Path Finder in

Display only weekdays in Time chart

Hi,Is it possible to display only weekdays in Time chart ? PS: I am not looking to discard the data for weekend. Just...

by Path Finder in

Syntax/use of subsearches

I have a query … index=blah "BAD_REQUEST" | rex "(?i) requestId (?P<requestId>[^:]+)" | table requestId | dedup req...

by Path Finder in

How to search based on variable? | search no = variable

Hello,How to search based on variable? If select contains "many", then search no IN (1 to 30), else search NO 7| e...

by Builder in

Dedup within span

Hi!I have an issue with a query and the dedup command. | eval service=case( (method="GET" AND match(uri, "...

by Engager in

Dedup is not working with mstats

We are streaming Dynatrace metric data into Splunk, for some reason we are seeing duplicate 'MessageDeduplicationId'....

by Explorer in

How to extract fields from a json in _raw?

I have an application which logs data in the following form: 2023-06-30T12:21:08Z DEBUG scalehandler Getting metric...

by Engager in

How to filter out a specific phrase in a Splunk search

I'm trying to search for a specific phrase with the search below but I only want result1, not result2. The issue here...

by Observer in

changing addtime=false on scheduled summary index - advanced edit has no effect

Hello,Why does changing addtime=false on scheduled summary index - advanced edit has no effect?Thank you for your hel...

by Builder in

How to return a single value from a subsearch into eval

Hi, I'm trying to calculate a value through some lookup statements and then put that value into a variable using e...

by Path Finder in

Find a common field with _introspection and _internal or _auit

Hi All, our SVC calculation is in _introspection and and our search name is in _internal and _audit. We need a comm...

by Observer in

How to search based on drop-down condition?

Hello,How to search based on drop-down condition?Thank you in advance! index = test | eval week_or_day_token =...

by Builder in

How to run 2 queries on an index and then merge it on a column

I have a single index which logs incoming request and completed request related details. There is a common indicator ...

by Explorer in

How to dynamically change background color of pie based on drop-down selection?

Hi.How can I change the background color of pie dynamically through drop-down selection ？Is it okay to look like this...

by Loves-to-Learn Everything in

How to extract multiple JSON array?

Thanks in Advance. 1.I have a json object as "content.List of Batches Processed{}" and Already splunk extract fiel...

by Builder in

Need rex

Sample Logs: <<< Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternal...

by Communicator in

How to avaiod multiple results while using transaction command?

Hi Guys, Thanks in Advance. I am using transaction command to fetch unique correlationId and i have multiple cond...

by Builder in

How do I assign value to list or array and use it in where condition?

How do I assign value to list or array and use it in where condition?Thank you in advance!!For example:I tried to sea...

by Builder in

How to create a timechart with min, max, average and count values?

I have written this query: index=index_name (log.event=res OR (log.event=tracing AND log.operationName=quer...

by New Member in

Plot data for two different time ranges in the same visualization?

Hi.I found old article on the subject and followed, but I do not see overlaying charts.My SPL-------------index=firew...

by Path Finder in

Looking to add a field from another searched index to a finished table

Currently, I have two tables Table1 hostnames vendors products versionshost1 ...

by Path Finder in

SPL Code for rule: Potential Raspberry Robin Traffic is generating too much traffic. Help correct!

| tstats allow_old_summaries=true summariesonly=t values(Web.dest_ip) as dest_ip, values(Web.http_referrer) as http_r...

by New Member in

Sankey diagram for order paths based on message field per orderId?

This seems like it should be simple, but all I ever get is a 2 column sankey visualization with the starting event th...

by Path Finder in

Case condition in like?

Thanks in Advance . I need to show status If the P_RETURN_STATUS is success then it SUCCESS,IF error then ERROR ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Date difference in months

Prevent users from table sorting (when clicking on its headers)

Display only weekdays in Time chart

Syntax/use of subsearches

How to search based on variable? | search no = variable

Dedup within span

Dedup is not working with mstats

How to extract fields from a json in _raw?

How to filter out a specific phrase in a Splunk search

changing addtime=false on scheduled summary index - advanced edit has no effect

How to return a single value from a subsearch into eval

Find a common field with _introspection and _internal or _auit

How to search based on drop-down condition?

How to run 2 queries on an index and then merge it on a column

How to dynamically change background color of pie based on drop-down selection?

How to extract multiple JSON array?

Need rex

How to avaiod multiple results while using transaction command?

How do I assign value to list or array and use it in where condition?

How to create a timechart with min, max, average and count values?

Plot data for two different time ranges in the same visualization?

Looking to add a field from another searched index to a finished table

SPL Code for rule: Potential Raspberry Robin Traffic is generating too much traffic. Help correct!

Sankey diagram for order paths based on message field per orderId?

Case condition in like?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown