Splunk Search

Discussions

Thread Info

Finding when difference between servers greater than 50%

I am using the below query (server names replaced) to find when there is a greater than 50% difference in volume betw...

by Engager in

Splunk rest api services/search/v2/jobs/export to search multiline command

Hi , i am trying to execute multiline splunk commands as below using rest endpoint services/search/v2/jobs/export...

by New Member in

Need help to combine queries

Query1: index=app-index source=application.logs "Initial message received with below details" |rex field= _raw...

by Communicator in

Splunk containerized. I receive: "Error while sending public key to search peer" when i try to add a search peer

hi everybody. I have three Splunk instances in three docker containers on the same subnet . I have mapped port 8089...

by New Member in

Adding and average into a simple Dashboard. I assume this is difficult.

index=mainframe sourcetype=BMC:DEFENDER:RACF:bryslog host=s0900d OR host=s0700d | timechart limit=50 count(event) BY ...

by Engager in

Aggregated HTTP Status Code per URL per a time bin/bucket

Hi,I have the following fields in logs on my proxy for backend services _time -> timestampstatus_code -> http statu...

by Engager in

EPS in flat file with universal forwarder

Hi Team, what is the Events-per-second (EPS) in flat file with universal forwarder?

by Loves-to-Learn Lots in

Correlation Search for brute force

HI, I need to upgrade my correlation search for Excessive Failed Logins with Username, | tstats summarieson...

by Explorer in

Need help using tag in a query

HI If I replace, for example, src=10.0.0.1 with my tag containing src=10.0.0.1 in the query, it doesn't work. Plea...

by Explorer in

Fields are missing

Here is the sample log: {"date": "1/2/2022 00:12:22,124", "DATA": "[http:nio-12567-exec-44] DIP: [675478-7655a-567...

by Communicator in

Custom command description field location

Hello, I'm using Splunk Enterprise 9.1.2 on my local Linux machine (in a docker container). When documenting ...

by Loves-to-Learn Everything in

How to compare and calculate comparison flag for two fields

Hi, I have below scenario. My brain is very slow at this time of the day!I need an eval to create Status field as in ...

by Builder in

Macro Expansion - Possible Bug

Hi all! I've got an issue with macro expansion taking an excessively long time when you use the keyboard shortcut - ...

by Path Finder in

Not all fields showing up

index=test-index (data loaded) OR ("GET data published/data/ui" OR "GET /v8/wi/data/*" OR "GET data/ui/wi/load/succes...

by Path Finder in

Compare search results

Hello, I have these two results, I need to compare them and tell me when they are different, could you help me. ...

by Path Finder in

To find the count of specific fields

Hi Team I want to know if it is possible to find the count of specific fields and show them in different columns. ...

by Path Finder in

Join two searches together by host

I am trying to join two searches together to table the combined results by host. First search below is showing num...

by Path Finder in

How to extract a value from fields when using stats()?

Thanks in AdvanceHi Guys, I need to extract limited values from fields: Query : index="mulesoft" applicatio...

by Builder in

Search command. -

Hi I am not sure about this value risk score. How do i create dashboard tile for this fields

by Path Finder in

Query missing on each host

Good Morning, I'm working in a query to see which application is missing on each host. Can you help me, please?...

by Explorer in

Extracting fields from a large text field

Currently, I have a field called pluginText which is the following (italicized words are anonymized to what they repr...

by Path Finder in

Calculating duration from a number

I am trying to find the duration for a time span. The "in" and "out" numbers are included in the data as type: number...

by Engager in

How to find matching data from two indexes

Hi all, thank in advance for your time!I have a problem writing a properly working query with this case study:I need ...

by New Member in

Sharding searches / mcollect

We have several summary searches that collect data into metric indexes. They run nightly and some of them create quit...

by New Member in

How to fetch the count with details.

Hi All,I have one log that is ABC and it is present in sl-sfdc api and have another log EFG that is present in sl-gcd...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Finding when difference between servers greater than 50%

Splunk rest api services/search/v2/jobs/export to search multiline command

Need help to combine queries

Splunk containerized. I receive: "Error while sending public key to search peer" when i try to add a search peer

Adding and average into a simple Dashboard. I assume this is difficult.

Aggregated HTTP Status Code per URL per a time bin/bucket

EPS in flat file with universal forwarder

Correlation Search for brute force

Need help using tag in a query

Fields are missing

Custom command description field location

How to compare and calculate comparison flag for two fields

Macro Expansion - Possible Bug

Not all fields showing up

Compare search results

To find the count of specific fields

Join two searches together by host

How to extract a value from fields when using stats()?

Search command. -

Query missing on each host

Extracting fields from a large text field

Calculating duration from a number

How to find matching data from two indexes

Sharding searches / mcollect

How to fetch the count with details.

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions