Splunk Search

Discussions

Thread Info

How to get stats from log and display src,dest from another log having uniqueId is common

I have a set of logs... log1 is task startingtime log having taskbegin ,uniqueID, src ,dest and log2 is task endTime ...

by Explorer in

Regex command causing the search to not work - unknown search command

Hi People, I am trying to run a regex command to cut out a part of the REQ field, On regex 101 it is working fine...

by Explorer in

How to divide each line and data row?

ServiceTitle KPITitle ...

by Explorer in

Is there a way to recover a dataset?

Someone accidentally deleted a dataset - a lookup from the app's Datasets section. Is there a way to recover it? It's...

by Motivator in

Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search?

My search starts with this: tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id sho...

by Path Finder in

Field Alais created were not working

We have created several Field aliases based on different source and source types in our splunk query. Most of the...

by New Member in

Receiving "OR OR" error message

Hello, My colleague and I noticed an issue in the following SPL. If there is data, the SPL works. If there isn't any ...

by Builder in

How to convert base search query that uses stats into a timechart?

Hi, I want to display this query in my dashboard in two different charts. So this is my base search query: search ...

by Engager in

How to count one field multiple times with different condition?

Since I am new to Splunk is there is demo query for calculating this will be helpful,Basically, i want to count one f...

by Loves-to-Learn Lots in

How to fix this datamodel error ?

"Error decompressing zstd block: Corrupted block detected" This error appears when I search with datamodel but th...

by New Member in

How to use time picker to display the data in this query with appendcols?

Hi, I have this query: host="NETAPPA*" sourcetype="WinEventLog:Application" AND AppDomainName= "EcomSubscription.*...

by Engager in

Json parsing - event breaks

Below is my event : [ [-] { [-] created_at: 2019-08-28T13:48:48.722Z credibility_score: -5 email: swathi.nandig...

by Path Finder in

When searching a CSV import via a lookup, what should I do to work around the line limit?

Hi team! I import a CSV file via lookup and use this search. index=cesa_paloalto sourcetype="pan:traffic" type=...

by Path Finder in

how do you comment in splunk?

how do you comment in splunk? I have tried the below from the below ref, but cannot get it to work, (apologies I can...

by Motivator in

Query For Earliest Logon and Latest Log Offs

Hello! I need to build a Splunk query that displays the earliest log on and and latest log off times for a user in th...

by Explorer in

Redirect to dashboard using wildcard

I have a dashboard in my app located at myApp/local/data/ui/html/ticket_guru.html This file is returned when I hit: m...

by Explorer in

Can't make join to compare the presence of a field value

Hello, i'm trying to make a dashboard for a client, the dashboard consists basically in a table, which should show a ...

by Communicator in

How to build a dashboard to show critical devices without any overlap?

Hi Giuseppe, Thanks for your quick reply. See below my search: | inputlookup perimeter.csv | eval SplunkHost=lo...

by Engager in

How to sum 2 rows in a table?

Hi, In the logs i am analyzing, one of the field's value has changed (change is from '-' to '_'). For example if i...

by Explorer in

tstat count over nested fields using spath and groupby doesnt return result

I have a data set as follows, under index market-list { Resource: { Fruit: mango Type: sweet ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get stats from log and display src,dest from another log having uniqueId is common

Regex command causing the search to not work - unknown search command

How to divide each line and data row?

Is there a way to recover a dataset?

Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search?

Field Alais created were not working

Receiving "OR OR" error message

How to convert base search query that uses stats into a timechart?

How to count one field multiple times with different condition?

How to fix this datamodel error ?

How to use time picker to display the data in this query with appendcols?

Json parsing - event breaks

When searching a CSV import via a lookup, what should I do to work around the line limit?

how do you comment in splunk?

Query For Earliest Logon and Latest Log Offs

Redirect to dashboard using wildcard

Can't make join to compare the presence of a field value

How to build a dashboard to show critical devices without any overlap?

How to sum 2 rows in a table?

tstat count over nested fields using spath and groupby doesnt return result

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

Delay with search result when run via splunk API

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...