Splunk Search

Community Activity

Timechart removes 0 values when searching for over 2 days Hi,I have this search for example:index=test elb_status_code=200 \| timechart count as total span=1s \| stats count as... by EG1 Engager in Splunk Search 04-08-2024 0 4	0	4
Could you kindly assist me? I'm looking to craft a query (a correlation search) that would trigger an alert in the event that an internal system... by KingUs80 Loves-to-Learn Lots in Splunk Search 04-07-2024 0 1	0	1
return _raw of a large file I am using the \| fields _raw to show the entire content of the source file as a single event. It works for most of m... by simon007 Observer in Splunk Search 04-06-2024 0 1	0	1
How to call Splunk API using Postman? curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com/services/... by kranthimutyala2 Engager in Splunk Search 04-06-2024 0 2	0	2
Why am I getting inconsistent search results using export with the Splunk Python SDK? I've written a search that creates a stats table with a medium sized result with around 5 cols and 100k+ rows. When I... by aiguofer Engager in Splunk Search 04-05-2024 1 4	1	4
How to compare 2 columns between 2 lookups? Hi, need help to get difference records between 2 lookups with same column name. ex: lookup 1 has the data below: co... by jiaqya Builder in Splunk Search 04-05-2024 0 5	0	5
output of time field in splunk Hi All,I have time field having time range in this format in output of one splunk query:TeamWorkTimings09:00:00-18:00... by avi123 Explorer in Splunk Search 04-05-2024 0 3	0	3
Distinct count by multiple conditions chart Hi Assuming a sample of data from this example: \| makeresults count=5 \| eval f1=random()%2 \| eval f2=random()%2 \|... by kriptonpt Engager in Splunk Search 04-05-2024 0 5	0	5
How to exclude result from query? Hi Guys,In my scenario i need show error details for correlation id .There are field called tracePoint="EXCEPTION" an... by karthi2809 Builder in Splunk Search 04-05-2024 0 4	0	4
Need help decuple only time from below record My apologiesi was using "eventTimestamp" instead of "@timestamp" in my rex command i just realized and its working n... by bhaskar5428 Explorer in Splunk Search 04-05-2024 0 5	0	5
SPL Question: Using Lookup field values in a tstats search Hi all, getting to grips with SPL and would be forever grateful if someone could lend their brain for the below: I'... by IAskALotOfQs Path Finder in Splunk Search 04-04-2024 0 4	0	4
Made a new splunk searchhead, all searches are failing. My environment consists of 1 search head, 1 manager, and 3 indexers. I added another search head so that I can put en... by morinb Explorer in Splunk Search 04-04-2024 0 3	0	3
Splunk access to External users Hello Splunkers,My Splunk instance is configured with default SAML authentication. Now i wanted to add users from ext... by Manasa_401 Communicator in Splunk Search 04-04-2024 0 6	0	6
Somehow unable to fetch Time , Earlier it was working ===========================================Query used index=* namespace="dk1017-j" sourcetype="kube:container:kafka-c... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 13	0	13
How to seperate succefully login attempt from invlaid Login id Hi TeamCan anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to exclude... by jaibalaraman Path Finder in Splunk Search 04-04-2024 0 6	0	6
Splunk cheatsheet I am planning to provide basic splunk session to my team.Can you help if any cheatsheet available online which I can ... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 1	0	1
is it possible to have expression in case command for argument Y? is it possible to have expression in case command for argument Y?case(x,y)\|eval test=case(x=="X", 'a+b') The Y argume... by billchen99k Engager in Splunk Search 04-03-2024 0 3	0	3
How to pass value in subsearches without searching Hi All,I am having a requirement like this. First I need to fetch all the failed searches (lets say skipped searches)... by NAGA4 Engager in Splunk Search 04-03-2024 0 3	0	3
Exclude a result in search I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone he... by djras123 Observer in Splunk Search 04-03-2024 0 2	0	2
How to apply a field extractor created to a search ? I created a field extractor for different fields for an event. Now I would like to search all the events from a sourc... by rcrisan09 Engager in Splunk Search 04-03-2024 1 11	1	11
Searching a Field with Large Number of Selectors - NOT I have a search for which I need to tune out a large number of values (about 25) in a proctitle command field. Curre... by tom_porter Explorer in Splunk Search 04-03-2024 0 4	0	4
Capture groups extracting empty values from log messages Requesting help with search query. I have application logs in Splunk like,2024-04-02T12:26:02.244-04:00,severity=DEBU... by search_in_splun Explorer in Splunk Search 04-03-2024 0 6	0	6
What Cron schedule can we use to run report on first Monday of each month? Please help share the exact cron schedule that can be used here. Existing posts are not helping Thanks by AnmolKohli Explorer in Splunk Search 04-03-2024 0 4	0	4
Superset of data fragments / Compress diagonal data with extra obstacles I have three tables. Each has one or more ID fields (out of ID_A, ID_B, ID_C) and assigns values Xn, Yn, Zn to these ... by rikinet Path Finder in Splunk Search 04-03-2024 0 3	0	3
Need help on a query \|msats sum(count-error) as Failed where index=metrics_index by service errorNumber errortype Results:serviceerrorNum... by mahesh27 Communicator in Splunk Search 04-03-2024 0 2	0	2