Splunk Search

Ask a Question

Discussions

Thread Info

Coalesce function not working with extracted fields

Hi, I am using below simple search where I am using coalesce to test. index=fios 110788439127166000 | eval che...

by Explorer in

Search performance benefit from field inclusion versus exclusion

Hi all, First, I do apologise if this is clearly answered in Answers or Documentation; I have spent some time in b...

by Explorer in

How to create a regex expression to mask the input?

Hi, Can someone help with regex expression to mask the below kind of pattern. I need this pattern of text to be maske...

by Explorer in

What is the root cause of the message preventing saving a search: "Error in 'SearchParser': The search specifies a macro.."

What is the root cause of the message preventing saving a search: Error in 'SearchParser': The search specifies...

by Motivator in

Splunk Field Extraction

I have indexed few sample logs in to the Splunk.. 2020-02-15T10:41:54.305Z servername.com sev="INFO" msg_details=...

by Path Finder in

How to make pattern of error events?

Hello, I want create a pattern for similar error message without discarding all the events.. Let's say, I have events...

by Explorer in

help on eval field which returns any results

link textHi I have an issue with the field MemoryUsageI have no results in | eval MemoryUsage = round((TotalMemory...

by Motivator in

Splunk Data Fabric Search(DFS) basics

Data Fabric Search - DFS overview Data Fabric Search (DFS) is the new search platform that leverages the distributed ...

by SplunkTrust in

How to compare 2 field values and exclude matching results from the final output / count

Below is my search output for the SPL i am running. ` db_1 oracle_test db2_bio oracle_890 n88888 n7777 server_...

by Path Finder in

Can I chart values without aggregation?

I'm trying to chart values where there are multiple values per comparison_category. Splunk doesn't seem to like it un...

by Champion in

Feature request: enhance mapping.choropleth functionality?

Currently, choropleth maps have an annoying feature where if you're using sequential coloring of geometries, the mini...

by Path Finder in

How to create a search to find non-integrated hosts with lookup?

Hello, I need to make a query to find from a list of hosts, which ones are still not integrated or sending data to th...

by Communicator in

Display time graph based on peak events over time || based on the log occurence i need to plot the graph over time

I have a use case where i need to plot the time graph, which shows the events count based on time. I must be able to ...

by New Member in

Create an alert based on CPU being at 95% for a span of 10 minutes

I'm having issues creating an alert that looks at lets say 100 different hosts, but I need to get an alert if one or ...

by Explorer in

Why using regex to remove a particular field is not working?

I am using the below query and I was able to not get the results which had messages like "Optional.of(The following i...

by Path Finder in

How to alert user when the Processor Time exceeds a certain limit for a given certain time

Hello , I want to check for whether my processor has exceeded a certain % for a certain given time and then I want to...

by Explorer in

Unable to dynamically set "charting.data.count" in a splunkjs ChartView and have it re-render. What's wrong?

I am creating a Javascript app outside of Splunk, and trying to dynamically reset the number of points that get chart...

by Communicator in

Splunk Lookup Table Search

I'm trying to implement CSV based lookup's in Splunk, the sample csv looks like below We get the hostnames from Lo...

by New Member in

How can I "reverse-search" a lookup so the first match from the bottom is returned, or: can I prepend an entry to my lookup?

Hi, I need to lookup some values from a lookup with an id, and I have multiple values per id with more coming in f...

by SplunkTrust in

input lookup aaa.csv fieldA=staff and fieldA=contractors |stats count

Hi, How can I extract 2 values from fieldA in a lookup and ignore the rest then count as total

by Communicator in

Splunk SPL Query to Sigma File Conversion

Hi All, I am not able to find any solution of how to convert any Splunk SPL Query to Sigma File. I want to write a...

by Path Finder in

update data / lookup

Hello everyone, I would like to get some help. I have a LDAP in my organization, containing data of users, their a...

by New Member in

My results for my query are only giving last 3 days results when it should return for last 7 days, last 30 days

Hi, I have given a query to return me a list of details as below , however the results for all of 30 days are not pop...

by New Member in

help to values many fields in timechart command

hi i use the search below for displaying a timechart as you can see, the timechart is sorted by host `toto` ...

by Motivator in

Combine field and match conditions

I am trying to set 2 tokens based on field and match but I think if 1st condition is matched, 2nd is not evaluated so...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Coalesce function not working with extracted fields

Search performance benefit from field inclusion versus exclusion

How to create a regex expression to mask the input?

What is the root cause of the message preventing saving a search: "Error in 'SearchParser': The search specifies a macro.."

Splunk Field Extraction

How to make pattern of error events?

help on eval field which returns any results

Splunk Data Fabric Search(DFS) basics

How to compare 2 field values and exclude matching results from the final output / count

Can I chart values without aggregation?

Feature request: enhance mapping.choropleth functionality?

How to create a search to find non-integrated hosts with lookup?

Display time graph based on peak events over time || based on the log occurence i need to plot the graph over time

Create an alert based on CPU being at 95% for a span of 10 minutes

Why using regex to remove a particular field is not working?

How to alert user when the Processor Time exceeds a certain limit for a given certain time

Unable to dynamically set "charting.data.count" in a splunkjs ChartView and have it re-render. What's wrong?

Splunk Lookup Table Search

How can I "reverse-search" a lookup so the first match from the bottom is returned, or: can I prepend an entry to my lookup?

input lookup aaa.csv fieldA=staff and fieldA=contractors |stats count

Splunk SPL Query to Sigma File Conversion

update data / lookup

My results for my query are only giving last 3 days results when it should return for last 7 days, last 30 days

help to values many fields in timechart command

Combine field and match conditions

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Best Strategies to Optimize Observability Costs

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...