Splunk Search

Ask a Question

Discussions

Thread Info

Dynamic eval if match from a list of values - foreach?

A standard eval if match example is below. Any ViewUrl value which starts with /company/.* has the entire string ...

by Contributor in

How do I get the timechart results for a summary index query?

I have a query which uses the summary index and some lookup tables with eval conditions and ends with... | chart ...

by Builder in

Multiple If Statements (Comparing Two Columns)

Hello, I have information being indexed from a website that does constant ping tests. The information that I am re...

by Explorer in

ID of the max value event

Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z,...

by Explorer in

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version...

by New Member in

How do you treat a variable value as another field with Splunk?

I have a field named "object_XXX_property", where XXX string is dynamically generated and is held in another field na...

by Explorer in

Help with slot time conditions

hi i use the request below but i have an issue with the relative_time: secondlastday=I dont want to have events af...

by Motivator in

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

I have: sourcetype_a` and`sourcetype_b Where one field message_ID exists in both source types. I want to lo...

by Engager in

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

Hi all, I have a CSV lookup file to map with one field in my indexed data. The search was working perfectly before, b...

by Communicator in

How to call Splunk custom endpoint using jquery ?

Dear all, I wish I could make a call such as $.ajax(...) to my custom endpoint. But which Splunk method should ...

by Explorer in

Custom app logo spanning across app navigation menu bar in Internet Explorer

The custom app logo which appears on the right side of the app navigation menu bar appears fine in Google Chrome, Fir...

by Explorer in

How to improve efficiency of my regex statement?

I have this query | rex field=_raw "(?ms)^[^\]\n]\]\s+(?P [^:]+)(?:[^:\n] :){2}(?P [^,]+)[^:\n]...

by Contributor in

How do you populate a field if the search time extracted field (using regular expression) is not presented in the logs?

Hi All, I am trying to populate a custom field value if my search time extracted field is not present in the raw ...

by Path Finder in

Can you help me create a regular expression to extract 2 values from a string?

log1: com.google.AbcdExtension] [mthd] | null - Bound **CLINIC-MBR-GROUP-INC**:23490110094900 -- total execution ...

by Explorer in

How do you find consecutive events in two different searches?

Hi, This is a newbie question. I have two different searches. I want to combine the search results and only dis...

by Loves-to-Learn in

How do you sort dates from newest to oldest in a drop down?

I have a drop down which populates the dates in MM/DD/YYYY format, which is an extracted field in the raw data. I wan...

by Builder in

SQL Help - pull URL with specific querystrings

Consider we have the following URLs http://abc.com/?a=1&b=2&c=3 http://abc.com/?d=1&e=2&a=3 http://abc.com/?f=1&g=...

by New Member in

How come our tstats with datamodel does not group by field?

We have an index with quite a few index-time fields, and an accelerated datamodel that adds a calculated field there....

by Builder in

How do you get counts with wildcards?

Suppose I have the following data, but I don't know the GUIDs ahead of time: Path /boat/826ec68b-cc87-41f9-b93b...

by Explorer in

Events list of append command

I have a query like this: first_query | dedup 1 id | search action=drop | stats count by action, destination | fie...

by Path Finder in

How come our data is not lining up correctly in the following search?

I've written a search that charts data into a table. The query extracts run times greater than 25% over its calculate...

by Contributor in

Migration Issue

We are about to migrate stuff from one cloud env to AWS.. set up is done.. issue is : we have old splunk instance ...

by New Member in

How to compare data from the same month for multiple years?

I am doing a very basic search that just shows the top URIs during a specific month each year. I would like to be abl...

by Explorer in

"search base=X" not working with append

I am using the "search base=X" approach to generate stats. When I try to run two searches using append (or join et...

by Communicator in

Why am I unable to convert _time to epoch with my search?

_time 2016-03-02 07:00:13.405 Above _time is the data format in the logs. I need to find difference between a few...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dynamic eval if match from a list of values - foreach?

How do I get the timechart results for a summary index query?

Multiple If Statements (Comparing Two Columns)

ID of the max value event

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

How do you treat a variable value as another field with Splunk?

Help with slot time conditions

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

How to call Splunk custom endpoint using jquery ?

Custom app logo spanning across app navigation menu bar in Internet Explorer

How to improve efficiency of my regex statement?

How do you populate a field if the search time extracted field (using regular expression) is not presented in the logs?

Can you help me create a regular expression to extract 2 values from a string?

How do you find consecutive events in two different searches?

How do you sort dates from newest to oldest in a drop down?

SQL Help - pull URL with specific querystrings

How come our tstats with datamodel does not group by field?

How do you get counts with wildcards?

Events list of append command

How come our data is not lining up correctly in the following search?

Migration Issue

How to compare data from the same month for multiple years?

"search base=X" not working with append

Why am I unable to convert _time to epoch with my search?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions