Splunk Search

Discussions

Thread Info

search a result and then a field value create array and pass 1 by 1 in another search query at same time

Hi All, is this doable that a search request give a list of results in that a filed will have order id those are l...

by New Member in

How to trim URL after the last "/"

I'm trying to trim the URL's for a particular search, where it removes everything after the last "/". In other words:...

by New Member in

How to set a custom value if extraction found a match

Hello All, I have a log file where I am trying to extract one match, and If I find that match I have to put as "Fi...

by Path Finder in

Searching two different records with one common field

Hi, I have two different records: [2019-07-22 10:32:03.819930 -0500] rprt s=2tuw17mc0b cmd=env_rcpt value=ken@gmail.c...

by Contributor in

What end of anchor parameter to use for the Symantec event?

I am trying to figure out what end of the anchor parameter to use for the Symantec event. Here is a snippet of th...

by Influencer in

Creating an alert with field value count within a transaction

I am trying to create an alert for the below search that would go off if within the event there are 10 times where Ev...

by Path Finder in

Create custom search command in windows environment

I created a custom search command on windows, but the following error message is displayed and I can not execute it. ...

by Explorer in

Splunk combine timechart result from two queries

Have the following queries query 1 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "Transa...

by New Member in

Real-time table in dashboard is not real-time, until you sort it

Hi there, I have a real-time table in one of my dashboards that doesn't update when you first load the page. If yo...

by Motivator in

CRL logs not being properly displayed

I'm running CRL expiration checks and using splunk to read the logs to track the last check run and when they are nex...

by Engager in

How to write "| stats count" to field?

How to I must a write result from stats count to field? Example ideas... | inputlookup lookup | stats count(eval(f...

by Engager in

How to get total and sub search total per unique field value?

I'm trying to chart the exception rate of various apps that we run, and would ideally be generating a table that look...

by Engager in

How to avoid changing timezone to get proper results?

Hi all, Generating some calls logs from different timezones America , ASIA, UK and so on. So I am running a search w...

by Path Finder in

How to use tokens in same search query?

Hello, I'm trying to pass values of field to other field. Is there a best way to do it? Query: index=alerts...

by Path Finder in

Getting Search Results using Java REST API

Am i right to say that the results derived from the Splunk search is returned as XML by default? I was using the Java...

by Communicator in

How to run a search and retrieve elements from a Splunk API in java

Hi. I am trying to run a search from a Splunk API in java, store the results with fields host, sourcetype, source in ...

by New Member in

How to clear SearchManager results once processed with on('data')

I have a modal dialog that pops up and shows a table of results. When I click OK on that, I do some processing on the...

by SplunkTrust in

Field search needs unnecessary wildcard character *

I am doing search on data coming from fluentd k8s. On top of that data , I wanted to filter on basis of field. ...

by New Member in

Join a search by field across indexes

I have two different indexes, with the common field being username. One index that contains phishing history data...

by Explorer in

Fields extraction from TXT file with fixed position varrying event formats in each line

I need to monitor a text file. Each line in this file is considered an event. There are three different types of even...

by Builder in

How to create static baseline on chart without showing data for baseline

I created a baseline by adding eval field as shown below: | eval BaseLine=1000|fields _time, ResponeTime, BaseLine...

by Communicator in

Help with eval and wildcards

Hi, I'm trying to use eval for hosts, and need to use wildcards. I tried the following, but it's not working. How ...

by Champion in

How to combine multiple queries and then use the final result in one final query?

DON'T GET INTIMIDATED BY THE LENGTH OF THE QUESTION. I'm getting account numbers from the first three queries. I wan...

by Explorer in

group by from fields

I have events similar to these: component, technology, mydate silva, java, 06/20/2019 souza, java, 06/20/2019 silv...

by New Member in

lookup value based on current search results

New to Splunk and having a difficult time returning the correct results. The below query works... meaning that it con...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search a result and then a field value create array and pass 1 by 1 in another search query at same time

How to trim URL after the last "/"

How to set a custom value if extraction found a match

Searching two different records with one common field

What end of anchor parameter to use for the Symantec event?

Creating an alert with field value count within a transaction

Create custom search command in windows environment

Splunk combine timechart result from two queries

Real-time table in dashboard is not real-time, until you sort it

CRL logs not being properly displayed

How to write "| stats count" to field?

How to get total and sub search total per unique field value?

How to avoid changing timezone to get proper results?

How to use tokens in same search query?

Getting Search Results using Java REST API

How to run a search and retrieve elements from a Splunk API in java

How to clear SearchManager results once processed with on('data')

Field search needs unnecessary wildcard character *

Join a search by field across indexes

Fields extraction from TXT file with fixed position varrying event formats in each line

How to create static baseline on chart without showing data for baseline

Help with eval and wildcards

How to combine multiple queries and then use the final result in one final query?

group by from fields

lookup value based on current search results

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions