Splunk Search

Ask a Question

Discussions

Thread Info

Can spath cater for missing values in an array?

Hi, I have a nested array and I want to compare values across I've a query that works, apart from when a value...

by Path Finder in

understanding how delta and streamstats handles no value

This is my search to simulate the data i need to illustrate: | makeresults | eval data = " 1-Sep 7820592;...

by Motivator in

How do you build an alert that triggers when a file is moved to a monitored folder?

I'm trying to build an alert that triggers when a file is moved to an Error folder within the system we are monitorin...

by Path Finder in

search requires stitching together two distinct events from a single sourcetype

i require some assistance in my search query where i need to search a mail log to extract the highest recipients by m...

by New Member in

Improve TSTATS performance (dispatch.localSearch) command with more Indexers(Search nodes)?

HI I have the following tstat command that takes ~30 seconds (dispatch.localSearch) is the main slowness . I ha...

by Influencer in

How can I search for a particular string in a larger string?

I am running the following query: index=uplynk slice_played | rex field=_raw "^(?<date>\S*)\s*(?<time>\S*)\s*(?<sl...

by Path Finder in

Sequential automatic lookups not working...

Here is my props.conf for the Qualys vulnerability data: [qualys:hostDetection] LOOKUP-2_qualys_nvd_lookup = nvd_d...

by Builder in

Can you help me with the following field extraction issue?

Hi, I have a weird problem. I have a field called 'playerUserAgent' which returns the following sample of values: ...

by Path Finder in

How do I correlate email events when the key-id is not defined in all events?

So I have correlated email events before where there was a UID defined as a field for all transactions of a unique em...

by Builder in

Can you help me work out a query involving distribution percentages?

Hi Splunk Community, I have a simple query which pulls request counts in per node. sourcetype=test-log New Line...

by Path Finder in

How do you create a static table for a lookup file?

I have kind of a silly question that I am embarrassed to admit has stumped me for a little while. I have a small ...

by Builder in

debugging when columns are not filled out

How does one debug searches when you expect a column to be filled out yet its not? sourcetype=mongo_stats | stre...

by Communicator in

How to carry forward values of a field to next event till it changes?

My goal is to see the availability of NSG devices in percentage. Each NSG is connected to 4 VSCs. If connection to : ...

by New Member in

How do I make it so time conversion always has epoch start at midnight regardless of DST?

I have the following SPL. I am trying to calculate days i want to look up for data. Instead of trying to load a whole...

by Engager in

Why does the position of my dedup command in a query alter the results of my statistics?

My problem is that I cannot understand why I get a different statistics number depending on wether I place the dedup ...

by Path Finder in

How can I search for all fields that have a certain string?

Hello How can I get only results for specific fields where field name is like something ? fx. get all fields w...

by Path Finder in

Are values() returned by Splunk in a search sorted alphabetically?

I couldn't find any documentation except that values(), when used in transforming commands, performs dedup. But there...

by Builder in

Why is the chart command returning months in alphabetical order?

I am trying to sort the data month wise using the chart command. However the month is getting sorted alphabetically. ...

by New Member in

Join on this field OR that field

Basically I am trying to find hosts on a csv, not sending data to splunk. The problem is, we have to account for ...

by Communicator in

Missing status for scheduled jobs in scheduler.log

Hi all, I have a SHC in my environment. Today I was troubleshooting an issue where my alert action wasn't firing. ...

by Explorer in

Can you help me with my query involving the eval command and strftime?

| eval lastChange=strftime(time_of_last_change,"%m-%d-%y %I:%M:%S %p") | eval timenow=now() | eval last1hr=strftime(...

by Communicator in

How can I do a basic "IN" command in Splunk?

I am trying to accomplish a simple "IN" command in Splunk, basically by filtering the result to show only those entri...

by New Member in

Any way to combine these records?

SO I understand WHY I get the results I get but I am having a difficult time, most likely due to me, getting the resu...

by Communicator in

How do you use SED on a heavy forwarder to drop log data after the specified character count?

We are going to be pushing our logs through a heavy forwarder, so we have the ability to truncate a certain part of o...

by Explorer in

| metadata with powershell Search-Splunk command

I am trying to run the following search, which works fine from the regular Splunk search UI, but not in the Powershel...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can spath cater for missing values in an array?

understanding how delta and streamstats handles no value

How do you build an alert that triggers when a file is moved to a monitored folder?

search requires stitching together two distinct events from a single sourcetype

Improve TSTATS performance (dispatch.localSearch) command with more Indexers(Search nodes)?

How can I search for a particular string in a larger string?

Sequential automatic lookups not working...

Can you help me with the following field extraction issue?

How do I correlate email events when the key-id is not defined in all events?

Can you help me work out a query involving distribution percentages?

How do you create a static table for a lookup file?

debugging when columns are not filled out

How to carry forward values of a field to next event till it changes?

How do I make it so time conversion always has epoch start at midnight regardless of DST?

Why does the position of my dedup command in a query alter the results of my statistics?

How can I search for all fields that have a certain string?

Are values() returned by Splunk in a search sorted alphabetically?

Why is the chart command returning months in alphabetical order?

Join on this field OR that field

Missing status for scheduled jobs in scheduler.log

Can you help me with my query involving the eval command and strftime?

How can I do a basic "IN" command in Splunk?

Any way to combine these records?

How do you use SED on a heavy forwarder to drop log data after the specified character count?

| metadata with powershell Search-Splunk command

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions