Splunk Search

Discussions

Thread Info

Query to get top 5 failures

I have events being sent to Splunk which will have the following fields MsgID, Status(Failure/Success) I need to get ...

by Observer in

aws cloudwatch-log-processor isnt sending the correct time

the default value is "item.timestamp", this send splunk the timestamp of the cloudwatch log, and not the eventTime. i...

by New Member in

How to add certain character to a search result (Number)?

I want to reformat any number of my search result to kWh ; as you see in pictures below for example 15 to 15 kWh.

by New Member in

Why is my SPL number of results different when appended?

Hello I have this SPL which returns like 40 000 records when run alone however when it's appended to another SPL whic...

by Explorer in

Extract new fields from the existing field

Hi, I have this log line: May 13 08:01:56 192.168.10.10 system_service: 192.168.10.10 05/13/2020:07:01:56 GMT : G...

by Explorer in

compare cell value in a raw

Hello i have a raw with 5 columns from the same type and i want to compare the value of the cells of this 5 column...

by Communicator in

Pass arguments for shell script in inputs.conf?

How to pass arguments to a script from inputs.conf? example: shell_script.sh server1 server2

by Motivator in

Timechart in Local Timezone

Hi I am trying to make a time chart visualisation but I want it to be in IST(Indian Standard Time). | eval receiv...

by Explorer in

Splunk Join Command not working as expected

Hello everyone, I am trying to join using "Table" as common field, here is my query. index=prod source=A | sta...

by Path Finder in

outputlookup to csv

Hi I am trying to add dynamic lookup file as the the date chosen by the user. And then use the same lookup file cr...

by Communicator in

Combine lockout event with last failed attempt event.

I am building out a report that lists all the lockouts during a given period of time. If I look at the Windows securi...

by Communicator in

Can I force all rows of a joined lookup table to be returned?

I log events from 30 devices every minute, and I'd like to be able to return a simple table of the count of events by...

by New Member in

How to force Splunk to use Python 3 for our app?

We build our own app that only works in Python 3. I would like to know how to force Splunk to use python 3 for this a...

by Engager in

How to rekey or merge consecutive json key : value pairs into a field?

So I have the following _json event that I need to wrangle into a more useful format. As you can see there are 2 key:...

by Builder in

Paring events in a table

I have events that happen in pairs. A request and a response from a server. What I would like to do is be able to eas...

by Loves-to-Learn in

How to find all the machines that are accessed or logged in as root?

I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which source...

by Builder in

Chart by hour using multiple fields

I am having trouble charting some data by hour and consoleID. Below is the search I used. I can use the stats functio...

by New Member in

Querying two indexes with same field name

I have two indexes indexA and indexB . IndexA contains userID and Salary , IndexB contains userID, Name i want to pri...

by New Member in

Chart and trellis

Hi All, Would like to know if something like this will work or will there be any other possible solutions. Char...

by Explorer in

need help to write regex for the below events

Attached are my events I want rex to extract the highlighted text from the events and the events are logged under the...

by Engager in

Dedup Field with event times as column headers

I have json data that comes in tracking ID's. An event is created when an ID is "created" and an event is created whe...

by Path Finder in

Search query to fetch the list of servers

Hi Splunkers! I'm trying to frame a query which fetches the list of servers that connects my deployment servers bu...

by Explorer in

How to get the Vcenter each VM since poweroff state,

Below query i am able to get the snap date. i need to capture correct date and timing. index=vmware-inv sourcetype...

by New Member in

How to display events which has logged at the same time as different events using tstats

Hi, There are 3 events that have been logged exactly at the same time say 2020-04-28 15:39:34. When the search qu...

by Explorer in

Replace no value with "0" (zero)

Hi all, Since a few days I am in a battle regarding the following and I am on the loosing edge here. So all help i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Query to get top 5 failures

aws cloudwatch-log-processor isnt sending the correct time

How to add certain character to a search result (Number)?

Why is my SPL number of results different when appended?

Extract new fields from the existing field

compare cell value in a raw

Pass arguments for shell script in inputs.conf?

Timechart in Local Timezone

Splunk Join Command not working as expected

outputlookup to csv

Combine lockout event with last failed attempt event.

Can I force all rows of a joined lookup table to be returned?

How to force Splunk to use Python 3 for our app?

How to rekey or merge consecutive json key : value pairs into a field?

Paring events in a table

How to find all the machines that are accessed or logged in as root?

Chart by hour using multiple fields

Querying two indexes with same field name

Chart and trellis

need help to write regex for the below events

Dedup Field with event times as column headers

Search query to fetch the list of servers

How to get the Vcenter each VM since poweroff state,

How to display events which has logged at the same time as different events using tstats

Replace no value with "0" (zero)

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions