Splunk Search

Ask a Question

Discussions

Thread Info

How to format the SPL as code?

Hi, I am working on a dashboard. i am creating a table to monitor the count, average response time and maximum res...

by Path Finder in

How don't we nullify the data?

A developer here wrote the following - |eval admin_activity=if((like(cmd_data, "%audit%") AND like(cmd_data, "%st...

by Motivator in

Can we Ignore timechart column if all rows having 0 values ?

Hi, How can we Ignore timechart column if all rows having 0 values. basically I am using trellis to display an...

by Builder in

How to use a lookup to compare multiple fields

I am trying to run a search from amazon. index=amazon-aws sourcetype="aws:description" source="*:ec2_instances" ...

by Engager in

sql query to splunk query

How I can Change this sql query to splunk query, I tried in different way but It is not giving proper result please h...

by New Member in

How to dynamically set an index based on a string in events with a fallback option?

I have some logs where there are events that are like this: Apr 5 21:16:33 myhost001.company.com key=value key2=...

by Communicator in

Logs are getting truncated after the forwarding has been setup into splunk

The data in event 1 is incomplete and the rest of it is getting populated into event2 and so on . If i am not wrong ,...

by Observer in

Failed to parse templatized search for field....

Hi. I wonder whether someone may be able to help me please. I'm using the query below: | multisearch [ searc...

by Motivator in

Lookup Table search wildcards

I have created a lookup table, service.csv host,service,resource "host1","fdl","all" "host2","finance","db" ...

by Contributor in

Return Timestamp from inner and outter search

Hi, I am trying to create a search that finds two sequential events. So far I have: index=wineventlog EventCo...

by Explorer in

Get a total for a multivalue field by multiple fields

Greetings, I'm trying to get multiple totals for multiple fields. My current query incorporates | stats count ...

by Communicator in

How can I extract a license file from existing license volume

Hi, I am trying to extract a license file from our current license pool. All I could see is the delete option for ...

by Path Finder in

XML Parsing Props.conf

Any help is appreciated in parsing the following xml data retrieved from DB connect input. We just need the Name and...

by New Member in

help with tstats and eval

Hi, I'm trying to count the number of events for a specific index/sourcetype combo, and then total them into a new...

by Champion in

How to search for data

Hello there, In our company we've been using Splunk for a while now but I think we use it not to it's full potenti...

by Explorer in

Do math on this period's numbers versus last period's

I'd like to build an alert that essentially says "if the count from this hour is more than twice, or less than half, ...

by New Member in

Multiple stat intervals over a large dataset/summary index

We have logging with user data for the requests each use does. We have created some averages and dashboards with this...

by Contributor in

How to get Stats from Search and Average?

This is probably quite simple and I am missing something.. i am using this search. index=sxxx sourcetype=sxxx hos...

by New Member in

use of tstats instead of stats

I am trying to iterate through 16million data and trying to use tstats instead of stats... please help me out in conv...

by Path Finder in

i am seeing this entry over 30000 times a minute - KLM\software\policies\microsoft\systemcertificates\disallowed\crls

this is one of the events i am seeing and we are trying to figure our why only 20-30 servers are doing this 08/20/...

by New Member in

Table view in dashboard

Hi i am trying to create a Dashboard. i need some assistance on creating a table format. i have some executions li...

by Path Finder in

Compare two fields to pull data

Hello, I currently have a search running on two different indexes pulling different fields. There is one field...

by New Member in

How to start transaction with the earliest event

I need to document a transaction that begins with a multithreaded process. The process creates multiple entries in an...

by Path Finder in

Find how many times source type stopped sending data with in a month?

Have to find a source type how many times it is not sending data to index within a month or some period of time Th...

by Path Finder in

get process time and group by status

Hello everyone I'm using this query `|eval Status = case (eventId="endProcess" ,"Completed" ,eventId="error","Termi...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to format the SPL as code?

How don't we nullify the data?

Can we Ignore timechart column if all rows having 0 values ?

How to use a lookup to compare multiple fields

sql query to splunk query

How to dynamically set an index based on a string in events with a fallback option?

Logs are getting truncated after the forwarding has been setup into splunk

Failed to parse templatized search for field....

Lookup Table search wildcards

Return Timestamp from inner and outter search

Get a total for a multivalue field by multiple fields

How can I extract a license file from existing license volume

XML Parsing Props.conf

help with tstats and eval

How to search for data

Do math on this period's numbers versus last period's

Multiple stat intervals over a large dataset/summary index

How to get Stats from Search and Average?

use of tstats instead of stats

i am seeing this entry over 30000 times a minute - KLM\software\policies\microsoft\systemcertificates\disallowed\crls

Table view in dashboard

Compare two fields to pull data

How to start transaction with the earliest event

Find how many times source type stopped sending data with in a month?

get process time and group by status

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

loadjob command not working

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions