Splunk Search

Discussions

Thread Info

Why is Lookup command not working?

Hi Splunkers, I have an issue with a search that use a lookup. I know here on community there are a lots of post on t...

by Communicator in

How to achieve eval case, stats count when no event is returned?

Hello All, I have created the following search in splunk index=* namespace=* |rex "Executing http:\/\/...

by Explorer in

How to get a Splunk Alert if Value exceeds 90?

Hi We have a performance log onboarded and there is a value in that we would like to monitor: The logs contain the...

by New Member in

Why does Alerting when timetaken for job completion exceeds averagetime?

Trying to find Time Taken for last 7 days for a batch job using splunk search, trying to find the average of the time...

by Engager in

How to create a Donut Chart?

DeviceIDCompletedCrashed117121343123 How to create a donut chart like the below snippet in splunk. ...

by Explorer in

Can we use regex to search for word?

let's suppose I have a set of the log from Windows authentication and I want to search if user field does not match a...

by Explorer in

How to pass parameter from savedsearch to a macro (inside the savedsearch) ?

hey guys, i'm stuck with this macro problem, where i cannot run a savedsearch with a macro inside it. 1. i have...

by Contributor in

Any examples of using now() inside map command?

It appears that using now() inside of the map command will always return the time that the map was started rather tha...

by Contributor in

How to join different fields together?

I have an index called index=advanced_hunting and in this index there is a field called category, where there are sev...

by Path Finder in

How can I use a variable from a lookup in a search?

I have a lookup table that contains usernames and userids. I want to use this to match a username to userid & vice ve...

by Communicator in

How to set token value based on selection from multiselect input?

Hi @Splunkers, I created panel which give output based on multiselected fields, both are having different sources...

by Contributor in

AdminManagerDispatch- How do I resolve this error?

I was setting `ModularInputs` to WARNING.. wanted to know the default value of `AdminManagerDispatch` ... as of now i...

by Splunk Employee in

How to write a regex to cover few options?

Hi people, I need help designing a regex that will cover the below strings, please. ---------------------------...

by Communicator in

How do I fix my tsidxstats search?

Please! Help me fix search code. Thank you very much!

by New Member in

How to segregate the count or limit the count to 1?

index="go_pro" Appid="APP-5f" prod (":[ Axis" OR "ErrorCode" OR "System Error" OR "Invalid User :")| rex field=_raw "...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is Lookup command not working?

How to achieve eval case, stats count when no event is returned?

How to get a Splunk Alert if Value exceeds 90?

Why does Alerting when timetaken for job completion exceeds averagetime?

How to create a Donut Chart?

Can we use regex to search for word?

How to pass parameter from savedsearch to a macro (inside the savedsearch) ?

Any examples of using now() inside map command?

How to join different fields together?

How can I use a variable from a lookup in a search?

How to set token value based on selection from multiselect input?

AdminManagerDispatch- How do I resolve this error?

How to write a regex to cover few options?

How do I fix my tsidxstats search?

How to segregate the count or limit the count to 1?

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...

Better PDF report visualization