Splunk Search

Discussions

Thread Info

capability required to edit objects via rest api

While sending a rest api request to change the owner of a knowledge object i am getting the following error "You do n...

by Explorer in

How to get count of field values?

Hi All, How to count field values.The field extracted and showing 55 .When i use below query: | stats ...

by Builder in

search results using data from two indexes

I have a wineventlog index to alert on locked accounts (EventCode=4740), but want to limit this based on certain user...

by Explorer in

incorrect use of eval?

Hi, I'm new to Splunk, so I apologize if this question seems naive. While experimenting with calculated fields, I f...

by Engager in

Data model

Hi, how can I rewrite the following search using tstats and datamodel Network_Traffic? index=*pan* sourcetype="p...

by Observer in

Simple source and Destination lookup

I am looking to write a simple search that tells me if a host or hosts are reaching out to a specific IP address. So...

by Engager in

based on drop down list value

the below are two different drop down list as we have different host and index.Based on the index selection i do set/...

by Path Finder in

Counts of events with request_times in certain ranges

I'm trying to figure out how to query all of the events from an Apache log and produce a report with counts of the nu...

by Explorer in

setting up Line Break in props.conf for compiled year month and date

I have a log the needs the props.conf setup but the year month and date is complied into one with no spaces or separa...

by Loves-to-Learn Everything in

Splunk integration with OpsGenie to send alert- Is OpsGenie not supported?

Hi, I am sure this question must have asked multiple times and infact I've come across multiple posts but I am still ...

by Path Finder in

how to retrieve the value from json input using splunk query

Hi All, I have the below json format. REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumbe...

by Path Finder in

how to retrive channel code from this json request

REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumber":"5000654224"},"equipment":{"serialNumber"...

by Path Finder in

Help with SPL and REX for 2 separate ID's in 1 event

I have an Event where I can extract the 2 different ID's but how do I show that id 1 gave access to id 2? Sample ev...

by Path Finder in

How to get 1st 3 count

Query: |mstats sum(error.count) as Count where index=metrics_data by provider errorid errorname |search errorn...

by Communicator in

chart with where

Please help me on the below items: #1) | chart count(WriteType) over Collection by WriteType | sort Collectio...

by Path Finder in

How to get the nested objects from my JSON data field?

I want to get the values from the path field but I can't extract this alone as data.initial_state.path would output e...

by Path Finder in

2 values for "User" field being shown.

Hi all! I'm currently trying to create a RDP session analysis dashboard. I'm using sysmon eventlogs, specifically ...

by Engager in

Need event extraction

I want to extract all the key value pairs from this event dynamicallyCan someone help with the query INFO 2024-04...

by Engager in

How to use tokens in a report?

Hello,I am in need of some help from the community. Is it possible to create a token in a schedule report and create...

by Engager in

how to replace value with another field values

Hi, we could see message ="executed" for started state field. so, would like to replace with same massage where state...

by Path Finder in

Querying AD accounts and email addresses

I am able to pull my AD users account information successfully except for their email addresses. What am I doing wro...

by Engager in

How to map values in case statement?

Hi All, I am using case statement to map values instead of other values. But i am not getting the values.I am getti...

by Builder in

How to get latest transactionId ?

Hi All, I am trying to get count of enabled and disabled from field. Then i want to show the field values based on ...

by Builder in

How to transpose based on regex data to get the counts

Hi, I am new to Splunk. I am trying to figure out how to extract count of errors per api calls made for each clien...

by Explorer in

skip first 10 lines of search results

_raw= line 1 line 2 line 3 line 4 line 5 line 6 how to define another new field "copyofraw" to contain...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

capability required to edit objects via rest api

How to get count of field values?

search results using data from two indexes

incorrect use of eval?

Data model

Simple source and Destination lookup

based on drop down list value

Counts of events with request_times in certain ranges

setting up Line Break in props.conf for compiled year month and date

Splunk integration with OpsGenie to send alert- Is OpsGenie not supported?

how to retrieve the value from json input using splunk query

how to retrive channel code from this json request

Help with SPL and REX for 2 separate ID's in 1 event

How to get 1st 3 count

chart with where

How to get the nested objects from my JSON data field?

2 values for "User" field being shown.

Need event extraction

How to use tokens in a report?

how to replace value with another field values

Querying AD accounts and email addresses

How to map values in case statement?

How to get latest transactionId ?

How to transpose based on regex data to get the counts

skip first 10 lines of search results

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions