Splunk Search

Ask a Question

Discussions

Thread Info

How to build a search to have a table with specific fields

Hi , I'm trying to have Splunk knowledge inventory. Could you help me in building the search to have the table with ...

by Path Finder in

How to find top content by some other field and also show content name?

I have data in index "main" and sourcetype "app" and fields "content_name" and "os". So how can I create Top content...

by New Member in

How to join two searches with specific times

I am trying to list failed jobs during an outage with respect to serverIP The first search(Search1) gives us the ...

by Engager in

Timechart - Is it possible to portray more than one value on the same stacked timechart?

I have a stacked column in a timechart that currently displays the count for each value in it. See https://imgur.com/...

by Builder in

Using join, earliest, table and latest.

I am a new splunk user and I want to create a stats table showing different findings of an event using fields. Howeve...

by New Member in

Why same search query shows two different results when executed via different apps? (No Macros used.)

Exact same query when run via search app returns 0 Statistics but shows correct stats when run via cloud monitoring a...

by Path Finder in

How to give space in tittle between words while using "raiseticket" in a Splunk search

Hi , I am writing a search which creates a Central Station Incident if satisfies my condition. While doing so...

by New Member in

Comparing avg of last couple of week days transactions with current week day

sourcetype="busevt" OR sourcetype="sysout" TransactionId=TID* AND TransactionId!=TIDearliest=-2w@w1 latest=@h+h | ev...

by Contributor in

How to extract a field name as a value?

My apologies if there is an obvious answer to this question, but I have been searching Splunk answers and the documen...

by Engager in

How to excuse a 'foreach' sequentially

Hello here is an example of the code I use: index="Test" | append [search (type="1") | stats distinct_count(I...

by New Member in

How to parse and extract OU data

I am trying to parse and extract the field data from AD distinguishedName field using regex, but I'm not having too m...

by Observer in

How to compare two field values, and dynamically create new field based on search result

Hi All, I am new to Splunk, I am looking for dynamic field creation based on a comparison between two fields value...

by Engager in

Help with subsearch

I have this search 1: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA Account_Name=A* ...

by New Member in

How to correlate between three data sources?

I have three data sources that I need to correlate together, I'll simplify it for sake of example: Index A: _time,...

by Path Finder in

Extracting domain name out of a url

I am trying to field extraction working for just domains accessed on my Ironport WSAs but am having an issue extracti...

by Path Finder in

Splunk Integration with BMC CMDB

We are on boarding BMC footprint logs in Splunk for one of our client. Looking for some inputs from someone who have ...

by Engager in

Why stats command return only one specified platform field and not all of them

| inputlookup Obso_Inventory.csv | eval Compo=case(Composant="WAF", "LBWAF", Composant="LOAD BALANCER", "LBWAF", Comp...

by New Member in

Concurrency by ....................

Hi All, I have stream logs for five channels (currently may be more in future) and I need to calculate the concurr...

by Contributor in

Copy and then parse a field

Hi, I have a field that already exists, and I want to parse it out into a new field, using props/transforms. The f...

by Champion in

How to convert a flat multivalue field back to a real multivalue format via regex?

Hey there! I am currently having some trouble in converting a flattened multivalue field back into a real multival...

by Path Finder in

Are there security risks while performing testing on Splunk?

Hi, I'm planning to use Jmeter to perform perfromance test on our Splunk Instance. Just want to confirm if there are...

by Engager in

How to use rex extracted field value in another search

I have a search like the following: index="trans" source="logfilename" "ErrorCode=81009" requestid = "*ABC*" | rex fi...

by Explorer in

Using rex to extract text from tenable sc output

I am attempting to extract the share names from the "pluginText" field below. pluginText: <plugin_output> Here ar...

by Explorer in

Need to write both rex and regex

"C:\Users\TestUser\AppData\Local\Microsoft\Teams\Update.exe" --processStart "Teams.exe" --process-start-args "--syste...

by Explorer in

How to create chart from 2 different fields

Hi. I have a table with 3 columns. A B C. A=time, B=run, C=wait Explenation of the table: the process runs from A2 (1...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to build a search to have a table with specific fields

How to find top content by some other field and also show content name?

How to join two searches with specific times

Timechart - Is it possible to portray more than one value on the same stacked timechart?

Using join, earliest, table and latest.

Why same search query shows two different results when executed via different apps? (No Macros used.)

How to give space in tittle between words while using "raiseticket" in a Splunk search

Comparing avg of last couple of week days transactions with current week day

How to extract a field name as a value?

How to excuse a 'foreach' sequentially

How to parse and extract OU data

How to compare two field values, and dynamically create new field based on search result

Help with subsearch

How to correlate between three data sources?

Extracting domain name out of a url

Splunk Integration with BMC CMDB

Why stats command return only one specified platform field and not all of them

Concurrency by ....................

Copy and then parse a field

How to convert a flat multivalue field back to a real multivalue format via regex?

Are there security risks while performing testing on Splunk?

How to use rex extracted field value in another search

Using rex to extract text from tenable sc output

Need to write both rex and regex

How to create chart from 2 different fields

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions