Splunk Search

Ask a Question

Discussions

Thread Info

Two searches using three indexes with different fields

I have this search below: index=BI_1 sourcetype=jobs_info fieldJ IN (Flamengo) | search index=BI_2 sourcetype=tel...

by Explorer in

Testing mmdb file in Splunk is there a command recommendation for risk scoring?

I am currently attempting to test the GeoIP2-Anonymous-IP.mmdb file out in Splunk. I know we can either place it in ...

by Engager in

Using field option in join command

If I get a search like below: index="main" ~~~~~ | table _time value code | join type=outer [search index="main" ~...

by Path Finder in

Is there a way to group apps in Splunk deployment?

We have started to use the Splunk Deployment within in our infrastructure and I was wondering if there's a way (inclu...

by Engager in

Why is "�" character found in field values after uploading CSV file and indexing?

Hi, After uploading csv file and indexing, I found out that most, if not all of my special characters becomes "�" ...

by Path Finder in

How to save bracket syntax in a report

Hi In my XML file, I use the syntax below which works perfectly | search SITE=$tok_filtersite|s$ But I nee...

by Motivator in

Help understanding real time searches

Hello everyone, I think I don't fully understand the concept of real-time searches. If I configure a search as a rea...

by Contributor in

How to search for duration between events?

Hello, Splunkers friends, I need your support; I have a script running on Splunk once at a day, it brings me passw...

by Explorer in

How to add custom start date and end date in splunk query (without the using splunk default date picker) ?

Hi, I have to pass a custom 'startdate' and 'enddate' in Splunk query in the search tab (without the help of Splunk d...

by New Member in

How to pass 0 to variable if no search result is found?

I have scenario where I want variable (Loss) to be 0 if no result found of below search: | dbxquery query="SELECT ...

by Explorer in

How to create a conditional stats search based on a field value?

Hi, I am trying to write a conditional stats command based on a field value. So for example: I have a field called ...

by Explorer in

Running jQuery on search results

Hi, Hoping someone here can help because I've been running into walls on it. I'm trying to insert a link on every tr...

by Explorer in

Splunk alert to be triggered based on time of the day

My search condition is checking for results less than 10 every 45 minutes. The problem is we don't have that much tra...

by New Member in

How to disable one search peer in cluster?

Hello, Splunkers: I have a Cluster that contains 3 indexers and one search head. I want the search head to comm...

by Builder in

How to sum same field twice

I want to be able to sum the same field in order to create 2 different fields so that I can compare the Volume by app...

by Explorer in

Using lookup tables to evaluate multiple conditions

We're evaluating using Splunk to identify changes to a system's state (like installed apps, listening ports, ACLs, et...

by New Member in

Unable to nullqueue unnecessary lines without a date

I have two lines of events that are unnecessary because there is no date and would like to null queue these out. I ha...

by Path Finder in

How to calculate duration difference between events considering regex?

Hello, I have the following logs: 2019-05-30 14:39:00,115 traceId=AAAAAA msg=Incoming with body {"parameters":[...

by Explorer in

How to join two searches?

First search: index=A source="FunctionHandler@*" "ul-ctx-caller-span-id"=null With this search, I can get sev...

by Engager in

Concatenating fields in a field transformation

We are trying to extract both fields and their names from events that have a variable number of elements. We have det...

by Explorer in

How can a row of average hourly event volume be appended to a chart with Fridays' hourly totals and added totals?

Here is my attempt at creating a chart of hourly counts for previous Fridays. I have added row and column totals, but...

by Explorer in

How to create a search to find the same IP hitting specific URL (x number of times)?

Having trouble creating a search that will determine if any single unique IP hits a defined URL 5 or more times withi...

by New Member in

JSON output values wrapped in double quotes, even number/integer values

I have a field called "windows_event_id" which contains integer values that I am adding to a table. I am certain tha...

by New Member in

How to break the events by timestamp if there are two timestamps in every event?

Hello, I'm trying to break the events by time stamps but it is networking, can anyone help me on this? Here is the ra...

by Explorer in

How to extract a string from a particular XML tags with regular expression?

Dear Experts , Need your help with regular expression. I have an XML tag in the field f. I would like to extract all...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Two searches using three indexes with different fields

Testing mmdb file in Splunk is there a command recommendation for risk scoring?

Using field option in join command

Is there a way to group apps in Splunk deployment?

Why is "�" character found in field values after uploading CSV file and indexing?

How to save bracket syntax in a report

Help understanding real time searches

How to search for duration between events?

How to add custom start date and end date in splunk query (without the using splunk default date picker) ?

How to pass 0 to variable if no search result is found?

How to create a conditional stats search based on a field value?

Running jQuery on search results

Splunk alert to be triggered based on time of the day

How to disable one search peer in cluster?

How to sum same field twice

Using lookup tables to evaluate multiple conditions

Unable to nullqueue unnecessary lines without a date

How to calculate duration difference between events considering regex?

How to join two searches?

Concatenating fields in a field transformation

How can a row of average hourly event volume be appended to a chart with Fridays' hourly totals and added totals?

How to create a search to find the same IP hitting specific URL (x number of times)?

JSON output values wrapped in double quotes, even number/integer values

How to break the events by timestamp if there are two timestamps in every event?

How to extract a string from a particular XML tags with regular expression?

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions