Splunk Search

Discussions

Thread Info

Creating a lookup file to provide data to a dashboard search with time stamps

I have an application that generates a value that I pull the highest value for each day. Right now the entire app log...

by New Member in

How to dynamically utilize the number of field values?

Greetings Everyone! I'm in need of a second, third, etc. set of eyes. I'm attempting to create a search for a dyna...

by Communicator in

Why does multiple eval statements cause only last to be run?

I am trying to create a low volume type of alert based on one sourcetype for multiple Channels that have very differe...

by Path Finder in

How to compare two searches and find a missing values in each search

Hello, I try to compare the Active Directory (AD) logs with the antivirus (AV) logs in order to find two things: -...

by Communicator in

Why is the field alias not working in custom app?

We created a custom app for our Exchange message trace logs and I have the following field alias defined in the custo...

by Influencer in

Splunk search fails with content that contains a hyphen (-)?

We're running into something weird where searches may fail. We think it is due to dashes index="kubernetes" pod="p...

by Explorer in

How to re-run a relative time search on click of the submit button?

How to re-run a relative time search of the last 15 minutes on click of the submit button and refresh with the update...

by Path Finder in

Change Pie Chart Color

Hello guys! Can anyone help me changin' the color for this search: index=main sourcetype=file | stats count by REQ...

by Contributor in

How to schedule a report without it running

I have a report I want to schedule, the results are populating a dataset. I want to set this to run every Sunday with...

by Contributor in

How do you expand multiple fields from a transaction?

I'm trying to mvexpand multiple fields from a transaction, particularly a time and uri_path from an Apache-style acce...

by Path Finder in

How to extract spaced delimited field with values containing spaces?

I have a space delimited field that may contain quoted values that also include spaces. For example: Value1 Value2...

by New Member in

Splunk non uniform event sampling

Hi Splunk community I wanted to know if Splunk event sampling can be customized such that there is sampling for ev...

by Path Finder in

Filter Json events sending only interesting fields to indexer

Hello Splunkers, I have an heavy forwarder that receives millions of events in json format. In order to save space an...

by Path Finder in

Left Outer join - only rows from the left table , in splunk

Is it possible to implement LEFT OUTER JOIN where only rows from the left table are fetched (NOT the Common values)? ...

by Path Finder in

help on where condition

hi I need to add a where condition on the field 'Time period with no info' below But the where command doesn't wor...

by Motivator in

Why does using the same lookup table on two input fields returns NONE?

Hello, I have data with internal and external IP addresses. Every event has either an internal source or destination ...

by Path Finder in

How to pass application token name value to filename variable in the excel.py?

we want to override the application token value with default excel report name (splunk_report.xls). BTW, we are using...

by New Member in

How to combine two fields into one field?

Hello everyone, I have created some fields but now I want to combine the fields, Ex: I have created fields like A B C...

by Explorer in

Splunk Search results as CSV- python

I am trying to get the results as CSV file with the help of this page https://www.splunk.com/blog/2011/08/02/splunk-r...

by Explorer in

I want IPs for Splunk Cloud indexers for firewall rules. How can I get a list?

I basically took the list if fqdn in outputs.conf and ran “host inputs1.example.splunkcloud.com” for each one.. then ...

by Splunk Employee in

Timechart results, max value for time

Hi all, I am counting distinct values of destinations with timechart (span=1h). I am trying to take those values...

by Contributor in

Field extraction from pre-defined text

I have a text file in below format. We are monitoring this file in Splunk. This file has like entries in new lines wi...

by Builder in

How to merge the two events by creating new field??

Hello everyone, I have created some fields A, B, C but now I want to combine the fields, Ex: I have created fields li...

by Explorer in

Props.conf extract not working

Hi folks, Recently onboarded a new sourcetype configured with search time extractions. Regex works when tested on ...

by Explorer in

SPL-Search based on mutiple values

Hello, i'm searching for a certain condition and wrote the query below .It works but not quite what I'm looking fo...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Creating a lookup file to provide data to a dashboard search with time stamps

How to dynamically utilize the number of field values?

Why does multiple eval statements cause only last to be run?

How to compare two searches and find a missing values in each search

Why is the field alias not working in custom app?

Splunk search fails with content that contains a hyphen (-)?

How to re-run a relative time search on click of the submit button?

Change Pie Chart Color

How to schedule a report without it running

How do you expand multiple fields from a transaction?

How to extract spaced delimited field with values containing spaces?

Splunk non uniform event sampling

Filter Json events sending only interesting fields to indexer

Left Outer join - only rows from the left table , in splunk

help on where condition

Why does using the same lookup table on two input fields returns NONE?

How to pass application token name value to filename variable in the excel.py?

How to combine two fields into one field?

Splunk Search results as CSV- python

I want IPs for Splunk Cloud indexers for firewall rules. How can I get a list?

Timechart results, max value for time

Field extraction from pre-defined text

How to merge the two events by creating new field??

Props.conf extract not working

SPL-Search based on mutiple values

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions