Splunk Search

Discussions

Thread Info

Parsing string with whitespaces as json object

Hi, I am completely new to splunk and have to parse field that looks like this:params="['field1: value1', 'field2: va...

by Engager in

How to compare current month count to a 3 months average?

Hello Splunkers. i need your help in creating a search that would count number of values for a field in a mon...

by Path Finder in

How to convert splunk dashboard panel with dynamic token in reports?

Hi All, I have a Splunk dashboard with dynamic token, Here a simplified example of my setup. In the dashboard $new_...

by Builder in

injecting indexed file within a search

Hello, I'm still new to SPLUNK and still learning so apologies for any incorrect naming  I have a search in ...

by Loves-to-Learn Everything in

Trying to get values from multiple filters (not sure if that's correct terminology)

Hey all, I'm new to Splunk and only have basic knowledge of Python/Scripting and RegEx. I'm trying to build my han...

by New Member in

how to find the value where the two lines meet (line chart)

Hi I have the table x, y1, y2 and plot them in the line chart. how can I find the value where the two lines cross...

by Path Finder in

Tranpose on specific structure events

hello i have a list of events structured with the following fields : guid (uniqueid), property (name of a property...

by Explorer in

Splunk search performance using TERM() function

Hello, I'm Splunk Newbie. This is a post that I found while looking for improvement of Splunk's search performance,...

by Path Finder in

Dashboard inherited inputs

Hey all, I'm building new dashboard that contains 2 multiselect values: Site: USA, Romania, Turkey.... (only coun...

by Explorer in

Add row in table if value not present in the field

I have table as below DateOut AirlineBag TypeTotal Processed01/05/2024IXLocal10001/05/2024IXTransfer12002/05/2024B...

by Engager in

Time token returning NAN error

I have a time picker & a time dropdown which has static values. <panel id="pqr"> <input type="time" token="t...

by Path Finder in

SingleId color change in dashboard

Hi, I tried to add a piece of code to change the color of values based on certain condition, but it is not reflecting...

by Explorer in

Splunk Query when attribute having dot seperator

not able to search with any attribute which are having .(dot) like env.cookieSize NOT WORKING -----------------...

by New Member in

Showing/counting event that there's not

Hi all, we've a procedure that's writes index only where there's a KO: So I've a sequence of events like these: ...

by Path Finder in

not receiving any outcomes for CIDR IPs

Hello community,I aim to compare the 'src_ip' referenced below with the CIDR IP ranges in the lookup file 'zscalerip....

by Loves-to-Learn Lots in

When using Transaction command startswith and endswith,if field value is same for both ,null is shown for endswith

Hi All,I am using transaction command to group events and get stop time of a device. | transaction sys_id startswith=...

by Explorer in

rename a field

Hi All, I am trying to rename a data but it is giving me error. I am doing in this way. | rename "Data Time s...

by New Member in

CBS Token authentication failed. Add-on for Microsoft Cloud Services

Hi, I got the following error message when trying to connect to an eventhub, Error occurred while connecting to e...

by Explorer in

Splunk Query Issue

index=abc sourcetype=abc | timechart span=1m eval(count(IP)) AS TimeTaken Now I want to get 95th percentile of ...

by Explorer in

Single Value visualisation for a timechart with sparkline and showing the group by field

Hi expert, My SPL looks something like: index=<> sourcetype::<> | <do some usual data manipulation> | timec...

by Explorer in

Splunk Query To Evaluate Absence Of A Signature In the Logs

Hi Splunk Community,I need to build an alert that will be triggered if a specific signature is not present in the log...

by Path Finder in

Is it possible to let splunk recognize fields automatically with this layout

Hi, I have a json-file in splunk with an arguments{}-field like this field1=[content_field1] field2=[cont...

by Contributor in

How to get a Full Encoded Command from a Notable

We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists th...

by New Member in

searching for events in a source based on value of another source

I have two sources that I'd like to combine/join or search on one based on the other. Source 1 - has two fields na...

by Path Finder in

How to add multiple field in a single search

Hi How to write spl search query by adding multiple field in single search Field 1 - contain data like auth...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Parsing string with whitespaces as json object

How to compare current month count to a 3 months average?

How to convert splunk dashboard panel with dynamic token in reports?

injecting indexed file within a search

Trying to get values from multiple filters (not sure if that's correct terminology)

how to find the value where the two lines meet (line chart)

Tranpose on specific structure events

Splunk search performance using TERM() function

Dashboard inherited inputs

Add row in table if value not present in the field

Time token returning NAN error

SingleId color change in dashboard

Splunk Query when attribute having dot seperator

Showing/counting event that there's not

not receiving any outcomes for CIDR IPs

When using Transaction command startswith and endswith,if field value is same for both ,null is shown for endswith

rename a field

CBS Token authentication failed. Add-on for Microsoft Cloud Services

Splunk Query Issue

Single Value visualisation for a timechart with sparkline and showing the group by field

Splunk Query To Evaluate Absence Of A Signature In the Logs

Is it possible to let splunk recognize fields automatically with this layout

How to get a Full Encoded Command from a Notable

searching for events in a source based on value of another source

How to add multiple field in a single search

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions