Splunk Search

Ask a Question

Discussions

Thread Info

Can you give me some help with the coalesce command?

hi, When I execute the query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/...

by Motivator in

How do you exclude and format unique specific fields from multivalued fields to be used in a subsearch?

Hello all, I'm having some trouble formatting and dealing with multivalued fields. My use case is as follows: ...

by Path Finder in

Extract field till nth repetition of a string

I have following sample event jaskdjkasdkjas CR akjhdjhdjsdhCR 1231jljk23klj3 CR sagdiugsds 7126372 nklsdlkCR ...

by Path Finder in

Support ticket raised outside of business hours

I have a support ticket system where people can submit their support tickets. The system is running 24 hours but the ...

by New Member in

Value list

Hi Everyone, I'm sure there are similar queries out there and I have searched however I am still struggling to find a...

by Explorer in

not sendemail if "Results not found"

Hi. I'm trying to selectively send emails (using sendemail); if the output of the query is "No results found" or "No ...

by Engager in

parameterize search from various source types simultaneously in a fixed time frame.

I have multiple sourcetypes in my index. Lets call them st1, st2, st3, st4 & st5. I have a query that end with | tabl...

by Contributor in

Pass the output of one query to another query

Hi, My 1st query returns 3 fields output.Out of which one filed has to be given as input to the second query which fe...

by Explorer in

Splunk Enterprise can use Open JDK instead of Orace Java

Hi, Splunk Enterprise can use Open JDK instead of Orace Java. Splunk can run OpenJDK?

by Explorer in

How to use a part of a string in an event as a value and make it as an interesting field

by New Member in

Windows 2000 > Splunk 7.x

OK so its not supported - but have a handfull of servers that i'd like to get a fwd on .. installed the latest ver...

by Path Finder in

ingest-time eval (creating new field dynamically on index time) not working

Hi. I tried the ingest-time eval documentation at (single enterprise instance): https://docs.splunk.com/Documentation...

by Engager in

How do you add a custom eval function or a macro to a custom app search?

Hi, I am currently struggling with a problem. I am implementing custom views within a custom app that has one inp...

by New Member in

can i use "like" in search criteria

if one of my fields is host, I want to do host like "startswith*" what is the syntax to do that? thanks,

by Path Finder in

How do you use a lookup file to restrict unwanted IP addresses?

Use case description: I have a set of IP address that I would like to restrict across all requires, saved searches/al...

by New Member in

Combine the count from 1 search to the result of another search

Hello everyone, I have one search that is showing me a list of IP addresses of addresses. Lets call the field of I...

by Explorer in

In a search head cluster, how to find what host sent email?

All, I have production environment with Alarm email notification. Sometimes it works, sometime it does not. Since ...

by Path Finder in

How do I match values with different file extensions in a lookup?

I have a lookup table, but the match is not exact to the relevant indexed field. The field that is indexed has str...

by Communicator in

How do I get specific words within a text?

The below table is what I get from a search on Splunk" ActiveLoadId Jabber_for_iOS-12.1.2.270036 Jabber_for_iOS-12...

by New Member in

Fast searches for a count of events in various ways

I've been looking for ways to get fast results for inquiries about the number of events for: All indexesOne indexO...

by Motivator in

What reasons could cause a user to lose their Splunk search history?

I have a user that lost his search history in Splunk search. Any ideas why? I did not lose mine but he did?!?!

by Builder in

What is better, MV search time extraction or split?

My data in Splunk looks like so: geo { id: 0 internal_name: "TEST" type: LIST zip: 1 zi...

by Communicator in

How do you find details about results using the set command with a diff argument?

I am using two searches Search1 search 2 1 1 2 2 3 3 5 4 Using set diff gives me the result. I don't want to us...

by New Member in

_meta not getting expected logs to splunk

Hello, we have index "text-index" and region is passed as meta _meta = region::east sourcetype = testlogs when...

by Engager in

Double spaces are suppressed in search results

|makeresults| eval owner_realname="Andrew Gerber" | where match (owner_realname,"\s{2}") Search above generates ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you give me some help with the coalesce command?

How do you exclude and format unique specific fields from multivalued fields to be used in a subsearch?

Extract field till nth repetition of a string

Support ticket raised outside of business hours

Value list

not sendemail if "Results not found"

parameterize search from various source types simultaneously in a fixed time frame.

Pass the output of one query to another query

Splunk Enterprise can use Open JDK instead of Orace Java

How to use a part of a string in an event as a value and make it as an interesting field

Windows 2000 > Splunk 7.x

ingest-time eval (creating new field dynamically on index time) not working

How do you add a custom eval function or a macro to a custom app search?

can i use "like" in search criteria

How do you use a lookup file to restrict unwanted IP addresses?

Combine the count from 1 search to the result of another search

In a search head cluster, how to find what host sent email?

How do I match values with different file extensions in a lookup?

How do I get specific words within a text?

Fast searches for a count of events in various ways

What reasons could cause a user to lose their Splunk search history?

What is better, MV search time extraction or split?

How do you find details about results using the set command with a diff argument?

_meta not getting expected logs to splunk

Double spaces are suppressed in search results

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions