Splunk Search

Discussions

Thread Info

Is it possible to search for a specific email scheme? (not a specific string of characters)

Would it be difficult to create a rex search for an email scheme starting with alpha characters (no set amount of cha...

by Engager in

Top & Fields command

index=uberAgent | top 5 SessionID by host | fields - Anzahl, precent This code returns all events in the index i...

by Engager in

How to use join using stats by count on two different searches?

Hello, I am trying to use the join by userid on 2 different sub queries using join feature, both the queries are retu...

by Explorer in

How to create a Splunk search to find response time for API Calls?

I want to calculate response time from my logs for all records and our application logs in below format, Can you plea...

by New Member in

Search Help : How to list latest raw event for a field by index and sourcetype?

Hi all, How to form a table to display latest raw event for field mentioned by index and source type. This is the ...

by Builder in

Can you perform an automatic lookup based on the output of another automatic lookup?

I have an automatic database lookup that I'm using to pull in data on values that may change over time within my DB. ...

by Explorer in

Can you launch a search from within a custom search command?

Hello, I have already created a custom search command, Can I launch from my python scripy a search that gets me value...

by New Member in

How to get statistics from the same session with multiple events?

There are multiple events with 1 same field - unique_session, how to combine and count events from that unique sessio...

by New Member in

How to search for values not present in the lookup table

Hi, I Have a table-1 with tracking IDs ex: 123, 456, 789 and the other query which returns a table-2 with trackin...

by Engager in

realtime search scaling

I have read about some limits you can come across when doing realtime searches. When trying to scale this out should ...

by Explorer in

How to coalesce events with different values for status field?

I have this search that will display the following index=autosys source= jobName= | where statusText="SUCCESS" OR ...

by Explorer in

Why wasn't the lookup csv file replicated?

We created a lookup via the outputlookup command and we can see the file under $SPLUNK_HOME/etc/apps/<app name>/looku...

by Ultra Champion in

How to extract sourcetype using rex?

Hi everyone, I have 40 source type with different names so I was wondering if i can extract sourcetype using rex. ...

by Path Finder in

Can regex remove spaces inside a capture group?

I am using regex slot and port information. Here is an example of the syslog output: Slot1 : OLTPort2 Is it pos...

by Explorer in

How to create a search to get count total with percentage against total count?

Hi there, I have below result with this query. index="abc" Properties.CorrelationId != XYZ | stats count by P...

by Engager in

Is it possible to sort or reorder a multivalue field?

Anyone have any thoughts as to how to reorder a multi-valued field? Ideally I'd like to be able to do a "sort" or in ...

by Super Champion in

How to extract particular string in the data?

Hi Team, I m planning to collect the highlited text from the raw data as below info : Detailed logging to /apps...

by Explorer in

How do i get the count of Java Threads on a particular server using Splunk?

Hi, I want to calculate the Java threads on my 4 application servers. I have one query but i believe that gives all t...

by Explorer in

Using MVZip and MVExpand on MultiValue fields where array sometimes doesnt exists

{ "timestamp": "2019-04-11T16:44:45.497462", "payload": { "KEY_CHK_DCN_NBR": "19054", "recommendations": [ { "modelNa...

by New Member in

How to build a chronological event list

I have an index that lists (among other things) a device, event date, and level (1-4). Devices change levels at rando...

by New Member in

Eval statement not working...

For some reason the following isn't working: index="sandbox" sourcetype="as-cdr" |stats count AS numCalls |append ...

by Builder in

How do I alert when a host stops sending data?

What's the best way to create a search to identify which hosts have not sent a syslog message to Splunk in the last 2...

by Splunk Employee in

Combine different searches into a single table or report

Hi I have 10 different Splunk queries that return results only when there is an issue or a flag of 1. All the queries...

by Path Finder in

How to customize and sort columns with specific conditions?

Hi, I am looking to sort column with specific condition. Condition: if column Context_Command contains * it sh...

by Builder in

combine two search results tables by matching fields value

Hello Guys , I am having results from two different query 1> index=_internal ("version" AND source="/opt/splun...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to search for a specific email scheme? (not a specific string of characters)

Top & Fields command

How to use join using stats by count on two different searches?

How to create a Splunk search to find response time for API Calls?

Search Help : How to list latest raw event for a field by index and sourcetype?

Can you perform an automatic lookup based on the output of another automatic lookup?

Can you launch a search from within a custom search command?

How to get statistics from the same session with multiple events?

How to search for values not present in the lookup table

realtime search scaling

How to coalesce events with different values for status field?

Why wasn't the lookup csv file replicated?

How to extract sourcetype using rex?

Can regex remove spaces inside a capture group?

How to create a search to get count total with percentage against total count?

Is it possible to sort or reorder a multivalue field?

How to extract particular string in the data?

How do i get the count of Java Threads on a particular server using Splunk?

Using MVZip and MVExpand on MultiValue fields where array sometimes doesnt exists

How to build a chronological event list

Eval statement not working...

How do I alert when a host stops sending data?

Combine different searches into a single table or report

How to customize and sort columns with specific conditions?

combine two search results tables by matching fields value

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!