Splunk Search

Ask a Question

Discussions

Thread Info

What would be the best way to use index and source type for multiple projects?

Hi everyone, I am new to Splunk and i have a quite a few projects in my organization. I know that an index can hav...

by New Member in

Can you help me combine 2 queries into a timechart?

Hi all, I have the following data and I need some help to progress further. I have fields: _time uniqueId actio...

by New Member in

How do you use the value of the lookup filename as a field in the search result?

Here is the search and lookup, I need to capture the value, last_logon_lookup_20180928.csv We need the value in bo...

by Explorer in

Drilldown on results of a subsearch not working

Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't...

by Engager in

How to use a different time range within a subsearch?

Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subsea...

by Engager in

How to add % symbol with data labels in charts?

I want to add % symbol with both the y-axis legend and data labels Thanks in advance!

by Path Finder in

How to get Splunk btool command to return an exact match?

Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I u...

by Communicator in

How do you extract a hostname from a source path?

Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ...

by New Member in

Join Earlier Joins with Later

I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm us...

by New Member in

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical ...

by Path Finder in

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost ...

by New Member in

Subsearch leading to

I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear...

by Engager in

How can I make my table results in 3s time intervals?

Query I am running: index="dcg-video-eng-live-services-stage" | spath "message.req.originalUrl" | search "message....

by Path Finder in

How can I split JSON into multiple events?

Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multipl...

by Path Finder in

How do I convert epochtime = -1 to a human readable format?

I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ...

by Explorer in

How should I rename a dynamic value after using the timechart count by?

Hi All, I am using this search string as below : (some data- index, host, etc)............. | xmlkv | search "ns0:...

by New Member in

How do I make a query which finds logs where the value for a field matches?

Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped togethe...

by Explorer in

How do I search for events within _indextime?

I understand the behavior of Splunk when using _indextime, but I want to know what query would do what I really am lo...

by Engager in

Is there a way to draw the line of where the cutoff point for outliers is?

I refer to the outlier command https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier *Is ther...

by Motivator in

How do I extract a value from the the following JSON?

I want to extract the following values from below JSON. Values needs to be extracted from the highlighted text in Bol...

by Explorer in

Why is my join query pulling results correctly sometimes while other times, it's not?

Join query return weird result. Sometime its pull correct result & if I execute the same query after 2 mins. Some of ...

by New Member in

Json array to multiple events

virus_type {"Troj/DocDl-QUA": 4, "CXmail/OleDl-AU": 44, "CXmail/EncDoc-B": 6, "Troj/DocDl-QVV": 10, "Troj/DocDl-QVQ...

by Path Finder in

How do I get unique values of different types of events without duplicates?

Hello, I have got events with two different types: Type=First and type=Second I would like to get the consolida...

by Path Finder in

Dashboard - PIE Chart

In PIEchart dashboard, I can view the details of all the slices properly. But while trying to export as PDF.. only 12...

by New Member in

creating JobStatus module in 7.x versions

I created a dashboard and is there any way to add jobstatus module for whole dashboard. Is it also possible to add pr...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What would be the best way to use index and source type for multiple projects?

Can you help me combine 2 queries into a timechart?

How do you use the value of the lookup filename as a field in the search result?

Drilldown on results of a subsearch not working

How to use a different time range within a subsearch?

How to add % symbol with data labels in charts?

How to get Splunk btool command to return an exact match?

How do you extract a hostname from a source path?

Join Earlier Joins with Later

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Subsearch leading to

How can I make my table results in 3s time intervals?

How can I split JSON into multiple events?

How do I convert epochtime = -1 to a human readable format?

How should I rename a dynamic value after using the timechart count by?

How do I make a query which finds logs where the value for a field matches?

How do I search for events within _indextime?

Is there a way to draw the line of where the cutoff point for outliers is?

How do I extract a value from the the following JSON?

Why is my join query pulling results correctly sometimes while other times, it's not?

Json array to multiple events

How do I get unique values of different types of events without duplicates?

Dashboard - PIE Chart

creating JobStatus module in 7.x versions

The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...

Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25

Community Spotlight: A Splunk Expert's Journey

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions