Splunk Search

Discussions

Thread Info

How to handle sub-search with no results and error in search command: "Unable to parse the search"?

Why am I not getting results from this search? Error in 'search' command: Unable to parse the search: Comparator '=' ...

by Loves-to-Learn in

how to combine 2 rows into 1 in a statistic results (table) ?

Hi everyone, I would like to know if there is any way to merge or combine the results of two or more rows into one si...

by Explorer in

How to calculate the percentage and create an alert condition that triggers for a drop of 5%.

My Search has the below format data. A single host has multiple parameters consists of LED 1..to.20 for each TV an...

by Explorer in

How to post a bulletin message that is visible for everyone via Splunk WebUI?

I am trying to post a bulletin message via the Splunk WebUI. Strangely enough it does not seem to be visible to anyon...

by Path Finder in

Splunk Alert when search result drop below defined threshold possibile?

Hello fellow splunkers, i want to create an alert for the following search. The search creates a statistics matrix wh...

by Path Finder in

How to chart total runtime for the last 15 days for a job running overnight?

I have to report out my job logs which spans from night 9PM to Morning 10AM. I have a field called total_run_time and...

by Explorer in

Is it possible to extract the field name itself from the logs

I have a data source where the log format is the same but one attribute changes for various logs. I want to extract t...

by New Member in

Difference in columns as output of 2 different searches

Hello , I have data from 2 diff source with same fields as shown below : index= sourcetype= source= test.txt devi...

by Path Finder in

Bar + line in chart?

I have two types of events, where the important data looks like this: [ { "acknowledged": false, "time":...

by New Member in

Calculating 5xx error and getting alerted

Hi all, Well i have a data and i want to get alerted when we hav spike in 5xx errors corresponding to endpoints. A...

by Path Finder in

How can I count which different lines

My Data as followingAA || Disabled || Region11@abc.com || Yes || HK12@abc.com || No || US13@abc.com || No || US14@abc...

by Explorer in

how to match value in events using Rex

Hi experts, please help me with regular expression to match the value in each event at search time as shown below ...

by Path Finder in

Re design fields and values

I have fields as shown below: _time field1 field2 2020-05-12 40-35-32 ...

by Path Finder in

sort not working as expected

I used the following query where I used '-' just beside "Total bytes" without space. As per my understanding, if we h...

by Communicator in

Help with segmenters.conf search.

I tried to segment the log below using \s but it does not work, even after modifying segmenters.conf and props.conf. ...

by Explorer in

o365:management:activity field extractions

Has anyone had any success writing field extractions for O365 based events collected via the API? The messages tha...

by Builder in

How to get list of users for specific search,How to get list of users for message

Hi All, I am very new to splunk, wanted to get the list unique users for below criteria. I need query to get th...

by Engager in

Separate multiple same name Multivalue fields

We are trying to alert on O365 service messages data. Under the "Messages" multivalue field, we are trying to pull th...

by Path Finder in

How to restrict one group to see only 1 log file in Splunk

I have the following from a client: I was about to make is for a new AD group “Splunk_CAPS_CAS_Payments” so that they...

by Path Finder in

how to add a new column to existing inputlookup

Hi Experts, Hi have existing inputlookup file like test.csv which contains 3 fields like host source sourcetype, i...

by Path Finder in

How to do log analysis using splunk

I am working on approach to upload logs to splunk,I have set of queries to query in logs and extract the values.How t...

by New Member in

Extract an value from logged sentence

Hi, I'm trying to make a Splunk panel display a value from a log that gets added to every 4 minutes. I need to be abl...

by Explorer in

regex only first occurrance

logs source=/api/docker/docker-snapshot-demo/v2/pdap/pdap-validator-router/manifests/1.0.aws source=/api/docker/docke...

by New Member in

Get fields associated with the earliest event in a search

Hi all, I am still a Splunk novice but I am looking for some help using the earliest command. I am calculating a ...

by Explorer in

Splunk Regular Expression

Hello, Attached here the list of roles we have. But my regular expression is showing results of only RSI -...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to handle sub-search with no results and error in search command: "Unable to parse the search"?

how to combine 2 rows into 1 in a statistic results (table) ?

How to calculate the percentage and create an alert condition that triggers for a drop of 5%.

How to post a bulletin message that is visible for everyone via Splunk WebUI?

Splunk Alert when search result drop below defined threshold possibile?

How to chart total runtime for the last 15 days for a job running overnight?

Is it possible to extract the field name itself from the logs

Difference in columns as output of 2 different searches

Bar + line in chart?

Calculating 5xx error and getting alerted

How can I count which different lines

how to match value in events using Rex

Re design fields and values

sort not working as expected

Help with segmenters.conf search.

o365:management:activity field extractions

How to get list of users for specific search,How to get list of users for message

Separate multiple same name Multivalue fields

How to restrict one group to see only 1 log file in Splunk

how to add a new column to existing inputlookup

How to do log analysis using splunk

Extract an value from logged sentence

regex only first occurrance

Get fields associated with the earliest event in a search

Splunk Regular Expression

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions