Splunk Search

Discussions

Thread Info

Joining values from two indexes and returning just specific values

Hello fellow Splunkers I'm trying to figure out how to join values from 2 indexes and return one field (from one o...

by Path Finder in

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

I am using souretype cisco:wsa:squid, however I tried all the cisco:wsa:w3c as well, no luck so far? No sure where am...

by New Member in

What is the difference between format and return in subsearch?

i am new to Splunk. Please let me know when to use format and return in a Splunk subsearch.

by New Member in

How do I pass a single value query output to a field?

I have a requirement to print the source count from how many hosts we are collecting. Expected output: source_coun...

by Communicator in

How do I extract the following fields using the rex command?

I want to extract Balance (Entered)="10008.1311701944" and Balance (Functional)="11648.1319999944" fields from below ...

by Explorer in

In the following Splunk search, how can I only show those users that had a count > 1 in any given _time period?

Given the following: index=myindex source=mysource MYSEARCHTERM | stats count by _time MyField Which gives th...

by Path Finder in

Can anyone help with how to access properties of Splunk inputs like link list

Can anyone help with how to access style properties of Splunk inputs like 1. link list 2. Radio Button 3. Dropdown 4...

by Path Finder in

timechart issiue

Hi , i have 3 fields host , swapfree, memoryfree in my index i want to display count like this : timechart spa...

by Path Finder in

Datamodel is giving results outside of the constraints given in Summary Range

I have accelerated my data model for 7 days period and Rebuild the datamodel. After its completion, I have executed ...

by Explorer in

Why doesn't my columnchart show all events?

For monitoring purposes I have a columnchart showing the number of events per minute for the last 30 minutes ("30 min...

by New Member in

How do I get data from a stats table to send as a token?

Hi , I have a table with a single data value inside. |makeresults |eval value=1 I just want to get the...

by Builder in

Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization?

My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using...

by Builder in

Grouping panels from different rows into one panel?

Need your help friends. I have data appear as mentioned below. But i have requirement that instead of displaying s...

by Builder in

How to search for and trigger an email alert when there are no logs generated in a directory?

I am needing to create an Alert to run every 30 minutes to monitor the file size of all the log files in a directory ...

by New Member in

Predict Command - Alert when value breaches upper95

Hi All, I'm trying to write a search that looks at creating an alert where there is a significant spike in HTTP PO...

by Communicator in

Predict Command: Endpoint Communicating with Excessive Hosts

Hi team, I hope that we are all well? I'm looking to develop a use case designed to identify where an endpoint ...

by Communicator in

How can I obtain a list of values returned by one query, but not another?

I have one query that returns SESSION_IDs of attempted orders: index=my_index "abc" | rex field=_raw "(?<SESSION_I...

by Path Finder in

How do you join a field which does not exist in the subsearch?

I need help with the following scenario. I want to join one of the fields of the main search to the sub search,l w...

by Path Finder in

How do you compare 2 multivalued fields from different indices?

I am attempting to correlate network latency fields from different indices. Basically, I would like to end up with a ...

by Path Finder in

Can you help me with the following value extraction of XML data?

I want to say there's a "simple" way to sets of data from XML. For example: in the XML below, i want two records/even...

by Path Finder in

How can I fill different values according to different conditions ?

Hi , Here's my SPL: index="last_f" | stats count by level,sys_name _time | eval rate=case( ...

by Path Finder in

Create field extractions without the capability admin_all_objects

Hi, my customer wants to create field extractions for the whole app. For this he need the permission admin_all_ob...

by Path Finder in

How do you plot a line over a timechart using an average taken of 6 out of 7 results?

Basically, I want to plot a baseline (average count per host over 1 week) over an existing graph I have of my "top 10...

by Explorer in

How do I combine start time from one event and end time in another and display the stats table in one row?

Hello, I have the following search that generates the below table. How do i get the starting timestamp and the Suc...

by Explorer in

How do I convert total values as percentages?

I have a query which shows tables as below I want to get the percentage in the total column instead of de...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Joining values from two indexes and returning just specific values

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

What is the difference between format and return in subsearch?

How do I pass a single value query output to a field?

How do I extract the following fields using the rex command?

In the following Splunk search, how can I only show those users that had a count > 1 in any given _time period?

Can anyone help with how to access properties of Splunk inputs like link list

timechart issiue

Datamodel is giving results outside of the constraints given in Summary Range

Why doesn't my columnchart show all events?

How do I get data from a stats table to send as a token?

Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization?

Grouping panels from different rows into one panel?

How to search for and trigger an email alert when there are no logs generated in a directory?

Predict Command - Alert when value breaches upper95

Predict Command: Endpoint Communicating with Excessive Hosts

How can I obtain a list of values returned by one query, but not another?

How do you join a field which does not exist in the subsearch?

How do you compare 2 multivalued fields from different indices?

Can you help me with the following value extraction of XML data?

How can I fill different values according to different conditions ?

Create field extractions without the capability admin_all_objects

How do you plot a line over a timechart using an average taken of 6 out of 7 results?

How do I combine start time from one event and end time in another and display the stats table in one row?

How do I convert total values as percentages?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions