Splunk Search

Community Activity

Why am I getting inconsistent search results using export with the Splunk Python SDK? I've written a search that creates a stats table with a medium sized result with around 5 cols and 100k+ rows. When I... by aiguofer Engager in Splunk Search 04-05-2024 1 4	1	4
How to compare 2 columns between 2 lookups? Hi, need help to get difference records between 2 lookups with same column name. ex: lookup 1 has the data below: co... by jiaqya Builder in Splunk Search 04-05-2024 0 5	0	5
output of time field in splunk Hi All,I have time field having time range in this format in output of one splunk query:TeamWorkTimings09:00:00-18:00... by avi123 Explorer in Splunk Search 04-05-2024 0 3	0	3
Distinct count by multiple conditions chart Hi Assuming a sample of data from this example: \| makeresults count=5 \| eval f1=random()%2 \| eval f2=random()%2 \|... by kriptonpt Engager in Splunk Search 04-05-2024 0 5	0	5
How to exclude result from query? Hi Guys,In my scenario i need show error details for correlation id .There are field called tracePoint="EXCEPTION" an... by karthi2809 Builder in Splunk Search 04-05-2024 0 4	0	4
Need help decuple only time from below record My apologiesi was using "eventTimestamp" instead of "@timestamp" in my rex command i just realized and its working n... by bhaskar5428 Explorer in Splunk Search 04-05-2024 0 5	0	5
SPL Question: Using Lookup field values in a tstats search Hi all, getting to grips with SPL and would be forever grateful if someone could lend their brain for the below: I'... by IAskALotOfQs Path Finder in Splunk Search 04-04-2024 0 4	0	4
Made a new splunk searchhead, all searches are failing. My environment consists of 1 search head, 1 manager, and 3 indexers. I added another search head so that I can put en... by morinb Explorer in Splunk Search 04-04-2024 0 3	0	3
Splunk access to External users Hello Splunkers,My Splunk instance is configured with default SAML authentication. Now i wanted to add users from ext... by Manasa_401 Communicator in Splunk Search 04-04-2024 0 6	0	6
Somehow unable to fetch Time , Earlier it was working ===========================================Query used index=* namespace="dk1017-j" sourcetype="kube:container:kafka-c... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 13	0	13
How to seperate succefully login attempt from invlaid Login id Hi TeamCan anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to exclude... by jaibalaraman Path Finder in Splunk Search 04-04-2024 0 6	0	6
Splunk cheatsheet I am planning to provide basic splunk session to my team.Can you help if any cheatsheet available online which I can ... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 1	0	1
is it possible to have expression in case command for argument Y? is it possible to have expression in case command for argument Y?case(x,y)\|eval test=case(x=="X", 'a+b') The Y argume... by billchen99k Engager in Splunk Search 04-03-2024 0 3	0	3
How to pass value in subsearches without searching Hi All,I am having a requirement like this. First I need to fetch all the failed searches (lets say skipped searches)... by NAGA4 Engager in Splunk Search 04-03-2024 0 3	0	3
Exclude a result in search I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone he... by djras123 Observer in Splunk Search 04-03-2024 0 2	0	2
How to apply a field extractor created to a search ? I created a field extractor for different fields for an event. Now I would like to search all the events from a sourc... by rcrisan09 Engager in Splunk Search 04-03-2024 1 11	1	11
Searching a Field with Large Number of Selectors - NOT I have a search for which I need to tune out a large number of values (about 25) in a proctitle command field. Curre... by tom_porter Explorer in Splunk Search 04-03-2024 0 4	0	4
Capture groups extracting empty values from log messages Requesting help with search query. I have application logs in Splunk like,2024-04-02T12:26:02.244-04:00,severity=DEBU... by search_in_splun Explorer in Splunk Search 04-03-2024 0 6	0	6
What Cron schedule can we use to run report on first Monday of each month? Please help share the exact cron schedule that can be used here. Existing posts are not helping Thanks by AnmolKohli Explorer in Splunk Search 04-03-2024 0 4	0	4
Superset of data fragments / Compress diagonal data with extra obstacles I have three tables. Each has one or more ID fields (out of ID_A, ID_B, ID_C) and assigns values Xn, Yn, Zn to these ... by rikinet Path Finder in Splunk Search 04-03-2024 0 3	0	3
Need help on a query \|msats sum(count-error) as Failed where index=metrics_index by service errorNumber errortype Results:serviceerrorNum... by mahesh27 Communicator in Splunk Search 04-03-2024 0 2	0	2
Compare 2 source types within the same index and find the Gap Hello,How do I compare 2 source types within the same index and find the Gap. For Example: index=compare sourcetype=a... by SplunkDash Motivator in Splunk Search 04-03-2024 0 4	0	4
strptime works when using makeresults, but not with actual results I have a dataset of user data including the user's LastLogin. The LastLogin field is slightly oddly formatted but ver... by raoul Path Finder in Splunk Search 04-03-2024 0 2	0	2
applying current time multiple times (per specific event) Hello EveryoneI'm trying to calculate the "time_difference" between one column and another in Splunk. The problem is ... by PawelSplunk Engager in Splunk Search 04-02-2024 0 2	0	2
Need Help on Splunk query open the "Search & Reporting" application, and find through SPL searches against all data the password utilized durin... by Ramtejachode Observer in Splunk Search 04-02-2024 0 1	0	1