Splunk Search

Discussions

Thread Info

How to filter out the event log based on the Message attribute which is having space

Here is my event log sample below [LOG LEVEL=INFO] [LOGGER=WIFI_ACCESS_INFO] [INTERFACE ID=WIFI_ACCESS] [STEP=START] ...

by New Member in

how to display 2 numbers on in the same Single Value panel

I want to show the number of successes and failures in a single value panel. How should I do this? splunk version:...

by Contributor in

How to join fields from other index with comparing fields

Hello, Cloud you give me some tips. Search Query S1 index=S1 | bla bla bla | stats value(dstIP) value(dstPort)...

by Observer in

Strange behaviour when using dedup.

I have this query which when I run, index=*aws_config* resourceType=TERM("AWS::EC2::Volume") | search ARN="arn:aw...

by Explorer in

Sendemail query: How to send email to individual owners with servers details, who's status is shown as "MISSING"?

Hello, I have a resultant data like this: Server Name Status Location Owner Email Id A-Z1 ...

by Explorer in

How can I use a combination of map and sendemail to include spaces in the field values?

I have a search that uses the values in temp.csv file to generate an email for each row with specific values. Let'...

by New Member in

Passing search time restrictions from main search to subsearch and modifying it

Let's say that I want a search to run the main search under the time picker selection and then run a join over one da...

by Motivator in

how to reverse the data in transaction ?

Hi, I have some issue with transaction command. It works fine. but sometimes endswith pattern appear and startswith p...

by Path Finder in

Splunk Conditional Statement

I am using below query where my A (0012ABC) Component is an alphanumeric and B is a string (ab) but its considering A...

by New Member in

field extraction after brackets value

hi i have log file like below need to extact the section after first "]" to "[" or "." or ":" 2020-04-24 23:59:59,...

by Motivator in

Executing main search only if subquery satisfies the condition

I have two searches which I am running by joining with appendcols and passed the result of subquery to main query. ...

by Path Finder in

Account_Name " - " ?

I wanted to ask if anyone knew what this Account_Name "-" is ? I am seeing it in my attempted logins for disabled acc...

by Communicator in

Average Stats intervals

Hello, I am trying to get around the inefficiency of the transaction command by using stats. My goal is to correla...

by Explorer in

How to make column values as headers in dashboard

I have a table that looks like... CUSTOMER ADDRESS CONTACT A 10 A Road (111)-222-3334 30 C Road (222)333-4444 B 20 B ...

by Loves-to-Learn in

Is there a way to sort and table Data for multi-value fields based on numeric values?

I have two multivalue fields that are obtained off JSON object. One field has Name, one field has (numeric) Value. ...

by Explorer in

simplifying a (field extraction error) dashboard?

Possible to use the results of the same search in multiple panels on the same dashboard, and with different visualiza...

by Contributor in

A way to import an externally trained model into Splunk?

Hi, I have a data model trained outside of Splunk using the K-means algorithm and sampled data-set. I haven't t...

by Path Finder in

how to create a record if missing

exmaple below column1:column2 1:10 2:15 4:30 5:40 in this example, column1 is missing "3", i would like to crea...

by Builder in

need help with UI based lookup wildcard/CIDR

I recently noticed that the UI for lookup definitions now has an advanced checkbox. If I select that I get the option...

by Builder in

How to add a conditional where based on the field existence?

mvexpand metrics | spath input=metrics | rename "cityCode" as pcc | where if($selected_pcc|s$="all",like(pcc,"%"),lik...

by New Member in

Data Model acceleration not working for 1 out of 5 event datasets

I have one data model accelerated which contains 5 event datasets with simple fields conditions. Now when I try to ju...

by Contributor in

How to check total logs size in MB being sent by a host

Hey Guys, Our Netflow monitoring system shows that most of the bandwidth is being consumed by port 9997 coming fro...

by Explorer in

Eval expression field not working in data model.

Here is my attempt to create a new field eval in datamodels (no results): Here is the same data, just not usi...

by Communicator in

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

Hi, I have the following rest call on a new 6.4 environment, and it's coming back with error: curl: (56) Failur...

by Champion in

Extract the name of the current running alert search

Hello, I have several alerts running on minute base and would like to know within the SPL of the currently running...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter out the event log based on the Message attribute which is having space

how to display 2 numbers on in the same Single Value panel

How to join fields from other index with comparing fields

Strange behaviour when using dedup.

Sendemail query: How to send email to individual owners with servers details, who's status is shown as "MISSING"?

How can I use a combination of map and sendemail to include spaces in the field values?

Passing search time restrictions from main search to subsearch and modifying it

how to reverse the data in transaction ?

Splunk Conditional Statement

field extraction after brackets value

Executing main search only if subquery satisfies the condition

Account_Name " - " ?

Average Stats intervals

How to make column values as headers in dashboard

Is there a way to sort and table Data for multi-value fields based on numeric values?

simplifying a (field extraction error) dashboard?

A way to import an externally trained model into Splunk?

how to create a record if missing

need help with UI based lookup wildcard/CIDR

How to add a conditional where based on the field existence?

Data Model acceleration not working for 1 out of 5 event datasets

How to check total logs size in MB being sent by a host

Eval expression field not working in data model.

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

Extract the name of the current running alert search

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions