Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
seomisp

How do you return only 1 result from a lookup?

I'm enriching my search with a match against a lookup table. However, the lookup returns more than 1 result for each ...
by seomisp Explorer in Splunk Search 12-21-2018
0 2
0
2
JuhiSaxena

Difference in _time and _indextime for logs

Hi, We are getting indexing lag in one of our splunk index. There is variation in _index-time and _time hence produc...
by JuhiSaxena Explorer in Splunk Search 12-21-2018
0 2
0
2
tdotcspot

Search From Two Indexes. Applying A Name Referenced By Id On Both Searches.

Hi there, Hoping someone could help me out. I'm currently using the AWS Add-On For Splunk and I wanted to expand the...
by tdotcspot New Member in Splunk Search 12-21-2018
0 4
0
4
AnmolKohli

How do you find data/values in a lookup that do not exist in the logs?

We have a lookup file that has a list of series stored in a field — TS_SERIES_ID. We want to find the count of series...
by AnmolKohli Explorer in Splunk Search 12-21-2018
0 30
0
30
mlorrette

Can you help me with a query with the timechart command?

same search: timespan showing X results while search is showing Y results for the same timeframe. This search that i...
by mlorrette Path Finder in Splunk Search 12-21-2018
0 3
0
3
ppanchal

Will you help me create the regex to convert the following data into a column value pair?

Hi, Below is my sample payload. I want to convert/display it into a column value pair. Eg, ESBTransactionID 7...
by ppanchal Path Finder in Splunk Search 12-21-2018
0 3
0
3
shivam2411

How do you extract a field using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...
by shivam2411 New Member in Splunk Search 12-21-2018
0 6
0
6
krusovice

Can you help me answer a question with the chart command?

Hi there, I have this query formed and I can't the get expected result, but it's very close to what I want. The resu...
by krusovice Path Finder in Splunk Search 12-21-2018
0 6
0
6
the_wolverine

What are some solutions for high cardinality field reporting?

We have high cardinality data -- virtually every event is unique except for a small percentage of cases that we care ...
by the_wolverine Champion in Splunk Search 12-21-2018
0 2
0
2
VI371887

stats option compatibility

Does stats support function inside function like shown below ? Where first i want to take percentile90 of PERCENT90 ...
by VI371887 Path Finder in Splunk Search 12-21-2018
0 1
0
1
shivam2411

Can you help me extract the time value and the thread count from the following data using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...
by shivam2411 New Member in Splunk Search 12-21-2018
0 1
0
1
pavanae

How to display a search result by the Log Size per field in MB, not the event count?

Hi I have the following search which is presently displaying the list of eventcounts by the field "category_type", ...
by pavanae Builder in Splunk Search 12-21-2018
0 4
0
4
jip31

What is the best query for retrieving a field name in different languages?

hello, I use the WMI below index="windows-wmi" sourcetype="WMI:Reliability" Logfile=Application SourceName="Applica...
by jip31 Motivator in Splunk Search 12-21-2018
0 7
0
7
aravindhan_padm

How do you extract dynamic nested array coordinates from JSON?

I need help in extracting fields from the dynamically nested array coordinates from JSON. Here is the example data....
by aravindhan_padm New Member in Splunk Search 12-21-2018
0 1
0
1
aovsiannikov

How do I find rows in a table with more fields, which are NOT EQUAL to any row in table with less fields?

I.e. <search1>: ... | table id, f1, f2, f3 <search2>: ... | table id, f1, f2 I need to find all records in <searc...
by aovsiannikov Explorer in Splunk Search 12-21-2018
0 4
0
4
serviceinfrastr

How do you calculate availability with 2 searches?

Hi team, I want to determine the availabilty of my application with the http status code (Number of request http >...
by serviceinfrastr Explorer in Splunk Search 12-21-2018
0 3
0
3
newsplnkr

How do I extract the value of a field value in Splunk?

Hello all, I am trying to get the value of a field from an event in Splunk. The event looks like follows: message="...
by newsplnkr Explorer in Splunk Search 12-20-2018
0 2
0
2
VI371887

time picker average if selected more than one day

Hi All. I need help regarding one my query, shown below index=int_app source="City_APP*" FUNCTION=* ACTION=* | ...
by VI371887 Path Finder in Splunk Search 12-20-2018
0 4
0
4
w344423

How do you go forward and backwards through the following records?

Hi all, I need some help here. I have a sample records of 30 lines, and now would need to eval the endtime. However,...
by w344423 Explorer in Splunk Search 12-20-2018
0 2
0
2
nomadichunters

How to get the colums results attached of first search and second search based on a common fieldvalue?

first query output : CommonField , FirstQueryValue1 , FirstQueryValue2 1 fv1 fv2_1 2 fv1...
by nomadichunters Explorer in Splunk Search 12-20-2018
0 5
0
5
Log_wrangler

How do I count and sum multivalue fields by another multivalue field?

Hi, I am hitting a dead end with my search... I have two multivalue fields: Site_ID - has 100's of values Attack ...
by Log_wrangler Builder in Splunk Search 12-20-2018
0 2
0
2
newsplnkr

How can I derive a field based on the existing two fields?

Hello All, I am new to Splunk, and in need of help for below events: [testName="MobileExp",experience="FetchOn"][te...
by newsplnkr Explorer in Splunk Search 12-20-2018
0 7
0
7
justaj

search/jobs/sid/results

Hi, I'm creating a search via search/jobs. I am then getting the status of the search via search/jobs/sid. Once I ...
by justaj Explorer in Splunk Search 12-20-2018
0 6
0
6
abarnett

How to build a Browsing Report per User?

Hi All, I'm trying to build a weekly report showing all the URLs every user has been to over that past week. I'm ge...
by abarnett New Member in Splunk Search 12-20-2018
0 5
0
5
rvoninski_splun

Can you help me determine the best way to stream through events for a specific type of event?

I have data that looks like this. 2018-12-13 18:48:05.411 +0000 Tag="Door_Locked" Value="1" 2018-12-13 19:42:41.885 ...
by rvoninski_splun Splunk Employee Splunk Employee in Splunk Search 12-20-2018
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All