Splunk Search

Discussions

Thread Info

Search process did not exit c exit cleanly, exit_code=111, description="exited with error: Application does not exist

Why i am getting error for one of the indexer from indexer cluster while running a report from particular app. Error ...

by New Member in

Force displayed timezone in results to be UTC (not the local timezone of the viewer) through the Search

Hello everyone! In my company, we have Splunk (version 6.0) recording log information about data sent by remote de...

by Explorer in

simple regex missing something

I've never worked with splunk regex before so I'm probably just missing something. I've been up and down the htt...

by Path Finder in

distinct output from one splunk search as input to another

Hi Team, I have 2 splunks as below (index=xxxx) orgName=xxx sourcetype=CASE(SourceA) earliest=-15d uniqueIdentifi...

by Explorer in

How to match any value in an array to any value in another array?

I'm trying to do a transaction using an array. I need to define the transaction by a value in an array. However, th...

by Loves-to-Learn in

Find values of Field 1 in Field 2

I am not sure where to start on this. I have 2 fields. Field1 only has a few values while Field2 has many. How can I ...

by Engager in

Extracting Value from and Event

Hello, I am looking to add a particular value to an existing search of Okta data. The problem is I don't know how t...

by Engager in

Ignore field when searching for arbitrary string(s) but still return its results.

I am trying to do a query that will search for arbitrary strings, but will ignore if the string is/isn't in a specifi...

by New Member in

How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法

Hi, I try to display the number of events per day from multiple indexes. I wrote the below SPL, but when all index ...

by Explorer in

Suppress and alert when a resolving event is received

I'm attempting to suppress an alert if a follow up event (condition) is received within 60 seconds of the initial eve...

by Loves-to-Learn in

Showing Specific Values in a dashboard

Hello,I have this Splunk log that contains tons of quotes, commas, and other special characters. I’m trying to only p...

by Path Finder in

Search based on zero events

Hi there, I would like to create a search to alert us based on an index not ingesting any event data by basing it o...

by New Member in

Multiselect filter. Select all matches in classic dashboard.

Hi Splunkers :-), We have nice feature it dashboard studio - "Select all matches" in multiselect filter. But, unf...

by Path Finder in

Combine 2 log events based on uniqueId into one single row in table

I want to have result in table with 2 or 3 log events combined based on unique key in all events and return 1 single ...

by Loves-to-Learn in

Transaction not showing me Unique Users

I'm trying to track the duration of user sessions to a server. I want to know WHICH users are connecting, and for h...

by Engager in

How to get a range of number?

I am looking for a range of number within my results of my search query but I am getting no results back after adding...

by Path Finder in

Multiple Locked Account Query

I'm creating Mutiple Locked account search query while checking the account first if it has 4767 (unlocked) it should...

by Explorer in

Extremely large search job size

We found that the search job size becomes extremely large during searches. My Splunk instance is a newly installed te...

by Explorer in

Tstats command with span

I am running tstats command with span of 2hrs for index and source. It returns the data for every 2hrs. But I wan...

by Explorer in

Course does not appear in search filter

Hi, I completed a course titled “Intro to Superman Mission Control” earlier, but it no longer appears in the free cou...

by Engager in

reference lookup name in table

I have a search where I am doing 2 inputlookups for 2 different lookups and appending them. Then I search them. Can I...

by Explorer in

Is it possible to create an html unorder (bullet) list for each row of a table output?

Id like to create table of results, and convert each row into an unordered bullet list using html. Such as: | table r...

by Path Finder in

Splunk transaction – Trouble extracting first and last messages

Hello, I'm working on a Splunk query to track REST calls in our logs. Specifically, I’m trying to use the transacti...

by Explorer in

Trouble looping through table and performing a subsearch for each item.

I am trying to loop over a table and perform a subsearch for each item. I can confirm I am generating the first table...

by Engager in

Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment

Hello, Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search process did not exit c exit cleanly, exit_code=111, description="exited with error: Application does not exist

Force displayed timezone in results to be UTC (not the local timezone of the viewer) through the Search

simple regex missing something

distinct output from one splunk search as input to another

How to match any value in an array to any value in another array?

Find values of Field 1 in Field 2

Extracting Value from and Event

Ignore field when searching for arbitrary string(s) but still return its results.

How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法

Suppress and alert when a resolving event is received

Showing Specific Values in a dashboard

Search based on zero events

Multiselect filter. Select all matches in classic dashboard.

Combine 2 log events based on uniqueId into one single row in table

Transaction not showing me Unique Users

How to get a range of number?

Multiple Locked Account Query

Extremely large search job size

Tstats command with span

Course does not appear in search filter

reference lookup name in table

Is it possible to create an html unorder (bullet) list for each row of a table output?

Splunk transaction – Trouble extracting first and last messages

Trouble looping through table and performing a subsearch for each item.

Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!