Splunk Search

Discussions

Thread Info

TimeChart Syntax

Stuck again and not sure what I'm missing... I have the first two steps, but cannot figure out the syntax to use Time...

by Path Finder in

Joining and grouping indexes

below is my scenario described by Oracle DBA  I have two indexes INDEXAfieldAfieldBfieldC INDEXBfieldAfiel...

by Path Finder in

index data

Hello , How can I know the start time and the latest time coming of data of all index .meaning that when was the fir...

by Contributor in

How to convert raw csv data into table format

Hi Team, We have onboarded csv data into Splunk and each row in csv is ingested into _raw field . I need to bring t...

by Explorer in

Merging two columns as full join using append

Hi, I have the results of an append operation as follows: IDCol3col4col5a abcaabcNo axyzYes b abcb xyzbxyzNo bfg...

by Splunk Employee in

Splunk Report using outer and inner query for a SessionID & Date/Time

I have a logfile like this - 2024-06-14 09:34:45,504 INFO [com.mysite.core.repo.BaseWebScript] [http-nio-80...

by Path Finder in

Join operation doesn't return correct result

I have two query tablestable 1index="k8s_main" namespace="app02013" "EConcessionItemProcessingStartedHandler.createRm...

by New Member in

Macro expansion via SPL/REST

I have a search that returns all of my correlation searches for a given app. | rest splunk_server=local coun...

by Path Finder in

Adding and defining the value for a new Search Field.

How do I add a new field and set the value to seven days ago from the current date, snapped to thebeginning of the c...

by Path Finder in

Conditional Success/Fail

Hi all - I am trying to create what I would think is a relatively simple conditional statement in Splunk. Use Case...

by Explorer in

rex - Extracting a string

I want to exact a string 'GUID" from the log right after "customers". This regex expression works in https://regex101...

by Explorer in

showing chart based on Time and Transaction count

this is the log data i want a report like this: my current query is :index="webmethods_...

by Path Finder in

How to get exception data for multiple lines of Get and Update logs

Hi community, can anyone help me figure out the log which Get incorrect data after Update(both get and update will lo...

by Explorer in

How do I search for all events in the same "request" as a particular log line

My application is a backend web service. All events in a request contain the same value for a "req_id" field. I hav...

by Engager in

How to find difference of the time in days and hours respectively between Event time of the data and current time?

How to find difference of the time in days and hours respectively between Event time of the data and current time?For...

by Explorer in

How to count the same values over different fields together?

Lets say we have the following data set: Fruit_ID Fruit_1 Fruit_2 1 Apple NULL 2 Apple NULL 3 Apple NULL ...

by Path Finder in

SPL query help

Hi All, Need some help with SPL query to compare the data from same host on 2 different dates and give me a status ...

by Path Finder in

How can I group and aggregate and filter all events based on those aggregated attributes?

Coming from SQL, I want to do stuff like GROUP BY and HAVING ... The data is available with a transaction identifie...

by Loves-to-Learn in

Why is my search with "where NOT equals this OR this OR this" not filtering out results as expected?

| dedup _raw | where NOT MsgId=="AUT22673" OR MsgId=="AUT23574" OR MsgId=="AUT20915" OR MsgId=="AUT22886" What am...

by Communicator in

Filter a log using regex

I need to filter a part of a log using regex, I have the following log log: {dx.trace_id=xxxxx, dx.span_id=yyyyy, d...

by Loves-to-Learn in

How to query for MFA and SSO on network

Thank you everyone for taking the time to ready this. I am new in Splunk and interested in learning more. I have a pr...

by Explorer in

Search weekday during time, and include all weekend days

Hello, my current search is index=winsec source=WinEventLog:Security EventCode=6272 | eval date_hour = strfti...

by Explorer in

Turns stats into timechart with avg

I asked in a previous thread for help to get response time based on time differential between two events connected by...

by Path Finder in

How to find count of recipients by action where how many users received the email vs not for every event?

Hi,I have a search as below. I want to find count of recipients by action where how many users received the email vs ...

by Path Finder in

Error in 'eval' command: The expression is malformed. An unexpected character is reached at `\"%Y-%m-%dT%H:%M:%SZ\"), \`

Hello team , I am trying to create macro and than use in my splunk dashboard . The purpose is to get time of entere...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

TimeChart Syntax

Joining and grouping indexes

index data

How to convert raw csv data into table format

Merging two columns as full join using append

Splunk Report using outer and inner query for a SessionID & Date/Time

Join operation doesn't return correct result

Macro expansion via SPL/REST

Adding and defining the value for a new Search Field.

Conditional Success/Fail

rex - Extracting a string

showing chart based on Time and Transaction count

How to get exception data for multiple lines of Get and Update logs

How do I search for all events in the same "request" as a particular log line

How to find difference of the time in days and hours respectively between Event time of the data and current time?

How to count the same values over different fields together?

SPL query help

How can I group and aggregate and filter all events based on those aggregated attributes?

Why is my search with "where NOT equals this OR this OR this" not filtering out results as expected?

Filter a log using regex

How to query for MFA and SSO on network

Search weekday during time, and include all weekend days

Turns stats into timechart with avg

How to find count of recipients by action where how many users received the email vs not for every event?

Error in 'eval' command: The expression is malformed. An unexpected character is reached at `\"%Y-%m-%dT%H:%M:%SZ\"), \`

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions