Splunk Search

Ask a Question

Discussions

Thread Info

pass value of field from one search to another when using appendpipe

**I have a below search query:** | inputlookup splunk_report_test.csv | where report_type="upcoming_offers" | looku...

by Communicator in

how to avoid breaking event order of multi value field

Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when sh...

by Explorer in

How to returns 0 or null if no results with tstats over time?

First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, in...

by Engager in

Filter multisearch results after matching on _time

Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at simi...

by New Member in

Search result Not consistent

Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from th...

by New Member in

There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps?

I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle...

by Explorer in

How to use rex to perform field extraction from the end of the field as opposed to the beginning

I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple l...

by Explorer in

Index feed is having low throughput

Dear All, I am a SplunkAdmin and we are facing significant data low throughput in some of the indexes. There are m...

by Explorer in

Is it possible to run a search within an eval if statement?

Hello, I am wondering if it possible to do a search within an "if" statement. I have tried what I have in the sea...

by New Member in

Splunk Other category when group by

Hi, I have saved search below Queryone and want to classify anything not falling under regx pattern for APIFamily in ...

by Explorer in

Splunk group by value with pattern matching

I have saved search below FirstQuery which group by values with pattern matching and want to classify anything not fa...

by Explorer in

Search query: Unique values based on time

Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows wi...

by Path Finder in

Create a query to compare Asset Inventory to see if an Asset exists between data pushes?

I am trying to create a dashboard that will showcase, between data pulls, the assets that no longer exists in the ind...

by New Member in

Convert a string in ISO 8601 to local time zone (accounting for DST)

I have a string from a complex JSON event providing an ISO 8601 date/time in UTC. I want to convert it to the local t...

by New Member in

How to run a parameterized map command as a savedsearch report?

Hi everyone, I have the following dummy search saved as a report: | makeresults count=1 | eval test="Hello" | ...

by New Member in

Timechart mouse over

Is it possible to have a mouse over hover in a dashboard with several timecharts that will highlight the exact time o...

by Path Finder in

Return value based on missing field

I want to make a search that will return a count of session_id based on the following fields logged_out, logged_in I ...

by Path Finder in

regex field extraction

I have an event that is in an HTML tag format, I'd like to extract data within it in a specific manner, as follows: <...

by Path Finder in

[help]eval expression for dynamic field is invalid

Hi Team, I have below appendpipe clause | appendpipe [| eventstats first(eval("step3".mvindex(list_behavior,2))...

by Path Finder in

Query - SPlunk _internal Index

Hi, I was trying to get amount of data getting indexed in particular index per day and analyze it as a trend. I us...

by Explorer in

How to search any column and count if a search string is matched

I have a saved search of the following format ServerName Metric1 Metric2 Metric3 Metric4 Server1 Error Error GREEN GR...

by Loves-to-Learn in

Working out % change of field value based on events logged 1 day apart

Hi, Apologies for the unclear title. I could not think of a logical description for the problem statement. I have ...

by Explorer in

How to find missing values from a field

Hi, My database has two data sources. Data source 1 sends a string with a list of expected values, so the field m...

by Explorer in

Combine stats count results

Hello all, I feel kind of dumb even asking this question, but I've been up and down these forums looking for an an...

by Explorer in

Splunk not sorting Dates properly across year

1/5/2020 1/12/2020 6/16/2019 6/23/2019 6/30/2019 7/7/2019 7/14/2019 7/21/2019 7/28/2019 8/4/2019 8/11/2019 8/18/2019 ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

pass value of field from one search to another when using appendpipe

how to avoid breaking event order of multi value field

How to returns 0 or null if no results with tstats over time?

Filter multisearch results after matching on _time

Search result Not consistent

There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps?

How to use rex to perform field extraction from the end of the field as opposed to the beginning

Index feed is having low throughput

Is it possible to run a search within an eval if statement?

Splunk Other category when group by

Splunk group by value with pattern matching

Search query: Unique values based on time

Create a query to compare Asset Inventory to see if an Asset exists between data pushes?

Convert a string in ISO 8601 to local time zone (accounting for DST)

How to run a parameterized map command as a savedsearch report?

Timechart mouse over

Return value based on missing field

regex field extraction

[help]eval expression for dynamic field is invalid

Query - SPlunk _internal Index

How to search any column and count if a search string is matched

Working out % change of field value based on events logged 1 day apart

How to find missing values from a field

Combine stats count results

Splunk not sorting Dates properly across year

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions