Splunk Search

Discussions

Thread Info

Extracting fields from a large text field

Currently, I have a field called pluginText which is the following (italicized words are anonymized to what they repr...

by Path Finder in

Calculating duration from a number

I am trying to find the duration for a time span. The "in" and "out" numbers are included in the data as type: number...

by Engager in

How to find matching data from two indexes

Hi all, thank in advance for your time!I have a problem writing a properly working query with this case study:I need ...

by New Member in

Sharding searches / mcollect

We have several summary searches that collect data into metric indexes. They run nightly and some of them create quit...

by New Member in

How to fetch the count with details.

Hi All,I have one log that is ABC and it is present in sl-sfdc api and have another log EFG that is present in sl-gcd...

by New Member in

could not create search - No Search query provided

i am using below to load colur in drop downlist . Data loading propertly. but it always shows - Could not create sear...

by Path Finder in

Data Summary is not showing host at all

Data Summary is not showing host at all even I already added UDP with ip address on port 514.

by Path Finder in

Splunk Search to find the list of CIM Mapped indexes

Below are the CIM Macros where i am using and there are different indexes mapped in individual macros. I want to ge...

by Contributor in

Timechart removes 0 values when searching for over 2 days

Hi, I have this search for example: index=test elb_status_code=200 | timechart count as total span=1s | stats co...

by Engager in

Could you kindly assist me?

I'm looking to craft a query (a correlation search) that would trigger an alert in the event that an internal system...

by Loves-to-Learn Lots in

return _raw of a large file

I am using the | fields _raw to show the entire content of the source file as a single event. It works for most of m...

by Observer in

How to call Splunk API using Postman?

curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com/services/...

by Engager in

Why am I getting inconsistent search results using export with the Splunk Python SDK?

I've written a search that creates a stats table with a medium sized result with around 5 cols and 100k+ rows. When I...

by Engager in

How to compare 2 columns between 2 lookups?

Hi, need help to get difference records between 2 lookups with same column name. ex: lookup 1 has the data below: ...

by Builder in

output of time field in splunk

Hi All, I have time field having time range in this format in output of one splunk query: TeamWorkTimings 09:00...

by Explorer in

Distinct count by multiple conditions chart

Hi Assuming a sample of data from this example: | makeresults count=5 | eval f1=random()%2 ...

by Engager in

How to exclude result from query?

Hi Guys, In my scenario i need show error details for correlation id .There are field called tracePoint="EXCEPTION"...

by Builder in

Need help decuple only time from below record

My apologiesi was using "eventTimestamp" instead of "@timestamp" in my rex command i just realized and its workin...

by Explorer in

SPL Question: Using Lookup field values in a tstats search

Hi all, getting to grips with SPL and would be forever grateful if someone could lend their brain for the below: ...

by Path Finder in

Made a new splunk searchhead, all searches are failing.

My environment consists of 1 search head, 1 manager, and 3 indexers. I added another search head so that I can put en...

by Explorer in

Splunk access to External users

Hello Splunkers, My Splunk instance is configured with default SAML authentication. Now i wanted to add users from ...

by Communicator in

Somehow unable to fetch Time , Earlier it was working

=========================================== Query used index=* namespace="dk1017-j" sourcetype="kube:container:kafk...

by Explorer in

How to seperate succefully login attempt from invlaid Login id

Hi Team Can anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to e...

by Path Finder in

Splunk cheatsheet

I am planning to provide basic splunk session to my team.Can you help if any cheatsheet available online which I can ...

by Explorer in

is it possible to have expression in case command for argument Y?

is it possible to have expression in case command for argument Y? case(x,y) |eval test=case(x=="X", 'a+b') The...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extracting fields from a large text field

Calculating duration from a number

How to find matching data from two indexes

Sharding searches / mcollect

How to fetch the count with details.

could not create search - No Search query provided

Data Summary is not showing host at all

Splunk Search to find the list of CIM Mapped indexes

Timechart removes 0 values when searching for over 2 days

Could you kindly assist me?

return _raw of a large file

How to call Splunk API using Postman?

Why am I getting inconsistent search results using export with the Splunk Python SDK?

How to compare 2 columns between 2 lookups?

output of time field in splunk

Distinct count by multiple conditions chart

How to exclude result from query?

Need help decuple only time from below record

SPL Question: Using Lookup field values in a tstats search

Made a new splunk searchhead, all searches are failing.

Splunk access to External users

Somehow unable to fetch Time , Earlier it was working

How to seperate succefully login attempt from invlaid Login id

Splunk cheatsheet

is it possible to have expression in case command for argument Y?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions