Splunk Search

Ask a Question

Discussions

Thread Info

multiple stats count function in the same search component

@gcusello I have multiple count functions in the same search component. What does it mean by that? What is really ha...

by Communicator in

How to display media field

Hi everyone, I'm trying this search but apparently Splunk doesn't have the same logic as SQl. Can someone give me ...

by Explorer in

How to search the results produced by the multireport command?

I have the following search: index="main" |rename Proj_repo AS Project | multireport [ stats values(Project) AS Pr...

by Path Finder in

Using NOT and != would return the same results.

(T/F) Using NOT and != would return the same results. For me, the answer is false but quizlet says true. I say false ...

by Communicator in

Help with stats count between two urls

Hi all, hope there is a way to do the following. I am trying to find out how many events it takes for a user to go...

by New Member in

Help extracting totalCount out of nested JSON

{ [-] detailMap: { [-] critical: false result: 0 totalCnt: 5 txnCountWithIgnoredIRC: 0 wa...

by New Member in

Search terms are case sensitive or case insensitive.

Search terms are case sensitive or case insensitive? (components of search language)? For me, the answer is case s...

by Communicator in

categorize or classify dissimilar field values at search time?

The goal is to generate a new field "Category" and assign it an arbitrary value (e.g. "Error") depending on which reg...

by Contributor in

Correlating two alerts question

I have the following 2 alerts and need to correlate them. The first one is looks for an OS reboot. The second one loo...

by Explorer in

Why is the Splunk Enterprise 'WGet' link so slow?

I'm trying to automate the deployment of the Heavy Forwarder, as part of that i'm automatically fetching the Splunk H...

by New Member in

Create more efficient "IF"statement that looks at the last 30 days

| eval nessus = if(like(nessus, "%2019") AND relative_time(now(), "-30d@d") < strptime(nessus,"%m/%d/%Y"), 1, 0) ...

by Communicator in

Systemd support with Splunk does not work on SLES

When we set up Splunk to start under systemd it prompts us recursively for the root password even we're running Splun...

by Splunk Employee in

Is max_searches_per_cpu at 6 a good set-up?

On our primary search head max_searches_per_cpu is set to 6. I wonder if it’s a good effective set-up. Where can I fi...

by Motivator in

How to group events by time after using timechart span?

I'm using the following search with timechart span=1h to show how many events appear by the day and hour: |inputlo...

by Communicator in

How to assign a custom scoring scale based on device type? (eval related)

Hello, Currently we have a scoring for our systems that counts each server, router, switch, firewall, workstation,...

by Communicator in

How to find out who deleted savedsearches

We found there were some savedsearches deleted for some reasons. Is it a way to find out who deleted the savedsearche...

by Path Finder in

Splunk fetching node as jenkins master, instead of actual slave for pipeline job builds. why?

I am using jenkins's splunk plugin version 1.6.3(latest). I have configured no executor in master, so no possibility ...

by Engager in

Show me all events where field value not present?

Greetings good people, i may be over thinking things or didn't get enough sleep. I need to return results where a ...

by New Member in

Copy a row in a table

Hi, I am trying to conditionally add records to my table with a slight modification to the data. for example Date ID ...

by New Member in

Regex help to extract from json

Need help to extract the Phone number callForwardSelectiveDetails\":{\"description\":\"New Years Temp\",\"action\"...

by New Member in

Timechart does not work correctly with another user

I created several objects with my local splunk user and everything is working as expected. I need to share all items ...

by Explorer in

Why does count and dc behave differently?

I have written the query index="main" host="web_application" | stats count by status The result is: statu...

by Communicator in

How to sort a table by a time field in text format

Hello, Here's the problem. Dashboard - Time picker is used to select a date range. But this date range is not che...

by Builder in

What is the best way to count numbers of recipients in stanza?

I have a recipient field containing a list of recipient delimited by a comma. What is the best way to calculate the t...

by Path Finder in

Need help using Tstats getting count of a string in raw logs

I want to show the count of logs where a string appeared I have a string and need to know how many times it appea...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

multiple stats count function in the same search component

How to display media field

How to search the results produced by the multireport command?

Using NOT and != would return the same results.

Help with stats count between two urls

Help extracting totalCount out of nested JSON

Search terms are case sensitive or case insensitive.

categorize or classify dissimilar field values at search time?

Correlating two alerts question

Why is the Splunk Enterprise 'WGet' link so slow?

Create more efficient "IF"statement that looks at the last 30 days

Systemd support with Splunk does not work on SLES

Is max_searches_per_cpu at 6 a good set-up?

How to group events by time after using timechart span?

How to assign a custom scoring scale based on device type? (eval related)

How to find out who deleted savedsearches

Splunk fetching node as jenkins master, instead of actual slave for pipeline job builds. why?

Show me all events where field value not present?

Copy a row in a table

Regex help to extract from json

Timechart does not work correctly with another user

Why does count and dc behave differently?

How to sort a table by a time field in text format

What is the best way to count numbers of recipients in stanza?

Need help using Tstats getting count of a string in raw logs

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions