Splunk Search

Community Activity

SPL Question: Using Lookup field values in a tstats search Hi all, getting to grips with SPL and would be forever grateful if someone could lend their brain for the below: I'... by IAskALotOfQs Path Finder in Splunk Search 04-04-2024 0 4	0	4
Made a new splunk searchhead, all searches are failing. My environment consists of 1 search head, 1 manager, and 3 indexers. I added another search head so that I can put en... by morinb Explorer in Splunk Search 04-04-2024 0 3	0	3
Splunk access to External users Hello Splunkers,My Splunk instance is configured with default SAML authentication. Now i wanted to add users from ext... by Manasa_401 Communicator in Splunk Search 04-04-2024 0 6	0	6
Somehow unable to fetch Time , Earlier it was working ===========================================Query used index=* namespace="dk1017-j" sourcetype="kube:container:kafka-c... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 13	0	13
How to seperate succefully login attempt from invlaid Login id Hi TeamCan anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to exclude... by jaibalaraman Path Finder in Splunk Search 04-04-2024 0 6	0	6
Splunk cheatsheet I am planning to provide basic splunk session to my team.Can you help if any cheatsheet available online which I can ... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 1	0	1
is it possible to have expression in case command for argument Y? is it possible to have expression in case command for argument Y?case(x,y)\|eval test=case(x=="X", 'a+b') The Y argume... by billchen99k Engager in Splunk Search 04-03-2024 0 3	0	3
How to pass value in subsearches without searching Hi All,I am having a requirement like this. First I need to fetch all the failed searches (lets say skipped searches)... by NAGA4 Engager in Splunk Search 04-03-2024 0 3	0	3
Exclude a result in search I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone he... by djras123 Observer in Splunk Search 04-03-2024 0 2	0	2
How to apply a field extractor created to a search ? I created a field extractor for different fields for an event. Now I would like to search all the events from a sourc... by rcrisan09 Engager in Splunk Search 04-03-2024 1 11	1	11
Searching a Field with Large Number of Selectors - NOT I have a search for which I need to tune out a large number of values (about 25) in a proctitle command field. Curre... by tom_porter Explorer in Splunk Search 04-03-2024 0 4	0	4
Capture groups extracting empty values from log messages Requesting help with search query. I have application logs in Splunk like,2024-04-02T12:26:02.244-04:00,severity=DEBU... by search_in_splun Explorer in Splunk Search 04-03-2024 0 6	0	6
What Cron schedule can we use to run report on first Monday of each month? Please help share the exact cron schedule that can be used here. Existing posts are not helping Thanks by AnmolKohli Explorer in Splunk Search 04-03-2024 0 4	0	4
Superset of data fragments / Compress diagonal data with extra obstacles I have three tables. Each has one or more ID fields (out of ID_A, ID_B, ID_C) and assigns values Xn, Yn, Zn to these ... by rikinet Path Finder in Splunk Search 04-03-2024 0 3	0	3
Need help on a query \|msats sum(count-error) as Failed where index=metrics_index by service errorNumber errortype Results:serviceerrorNum... by mahesh27 Communicator in Splunk Search 04-03-2024 0 2	0	2
Compare 2 source types within the same index and find the Gap Hello,How do I compare 2 source types within the same index and find the Gap. For Example: index=compare sourcetype=a... by SplunkDash Motivator in Splunk Search 04-03-2024 0 4	0	4
strptime works when using makeresults, but not with actual results I have a dataset of user data including the user's LastLogin. The LastLogin field is slightly oddly formatted but ver... by raoul Path Finder in Splunk Search 04-03-2024 0 2	0	2
applying current time multiple times (per specific event) Hello EveryoneI'm trying to calculate the "time_difference" between one column and another in Splunk. The problem is ... by PawelSplunk Engager in Splunk Search 04-02-2024 0 2	0	2
Need Help on Splunk query open the "Search & Reporting" application, and find through SPL searches against all data the password utilized durin... by Ramtejachode Observer in Splunk Search 04-02-2024 0 1	0	1
How to include the country in the PIE chart Hi Can anyone help me with below query I have created a pie chart based on the error message, however i am not sure h... by jaibalaraman Path Finder in Splunk Search 04-02-2024 0 3	0	3
How to compare pervious hour events with present hour I want to compare pervious hour data with present hour data and get the percentage using below query.\|mstats sum(tran... by mahesh27 Communicator in Splunk Search 04-02-2024 0 5	0	5
Why is field missing in piechart? Hi All, Need your support in resolving an issue in a pie chart. I can see the below-mentioned results in statistics a... by Shan Builder in Splunk Search 04-02-2024 0 11	0	11
Adding data to the table from subsearch Hey, I have a problem preparing a Splunjk query. Could you assist me?I have a simple query that returns a table with ... by abroun Engager in Splunk Search 04-02-2024 0 3	0	3
How to show Total time elapsed time in splunk dashboard? Hi Guys,I am using timeline visualization in my Splunk dashboard to show total elapsed time. But in some times its no... by karthi2809 Builder in Splunk Search 04-02-2024 0 1	0	1
How to get TOP 3 values from STATS list() Hello Everyone, I am trying to get the top 3 max values of a field "elapseJobTime" for all the instances associated ... by rajatsinghbagga Explorer in Splunk Search 04-02-2024 0 12	0	12