Splunk Search

Ask a Question

Discussions

Thread Info

How to return full count of field1, and a TRUE/FALSE field if 1 or more of the results in field1 matches a specific criteria?

by Path Finder in

Why does Fillnull not work without specifying a field?

Hi,If I try to run this search, the value of my_null_field doesn't change to "?" | makeresults | table _time my_n...

by Path Finder in

Splitting columns into rows

Hi Splunk Gurus, I have an unusual requirement where I need to create two rows from one: A | B | C |D | E to...

by New Member in

Limitation on number of boolean clauses within search string

Is there a limitation on the number of search boolean clauses (i.e. OR, AND) within a search string? For example ...

by Engager in

Assign keys to tokenised string

Hi there, Can someone help me with reading the tokenized string and assign the keys to each index retrieved. It is di...

by Explorer in

Using tstats to extract first element in multivalue field

I have a field that looks something like this in the event viewer: project_sources: [ { scmEvent: { ...

by Engager in

select latest timestamp of data and from second to last date.

I have this data set of data coming in multiple times a day. I want to select all the latest timestamp and the lat...

by Path Finder in

How to extract fields from JSON data in Splunk?

Hi We have the below data, out of which I wanted to extract specific data from the json format. 06/Feb/2016:16...

by Path Finder in

Monitoring the directories recursively

Hi, I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory t...

by Path Finder in

How to calculate the average delta between each event and the event count?

Hi Splunkers, Need a help in forming a splunk query. Requirement: Find the time difference (delta1, delta2,delt...

by Path Finder in

Strange search behavior with "transaction"

Hello, Could someone explain me the following strange behavior with search With this type of search : sourcety...

by Explorer in

How can I extract key value pair in a table?

I have data like Data: {"code": "abc", "version": "2018.6", "name": "testdata", "group": "QA", "DB": "oracle"} in th...

by Explorer in

How can I split multi values in a single value ?

Hi guys, I wanna get 2 values in a single value (visualization) as picture. Please help me. Thanks

by New Member in

Is there a shortcut to piping the table command where splunk-created fields are automatically excluded?

Given that my search criteria is this: index=some_index sourcetype=some_sourcetype, is there a shortcut to piping the...

by Builder in

How to combine unique values of the field into one?

I am trying to make a report with the unique combination of ID, AVER SRV & ZONE. However, since I am getting lots of ...

by Path Finder in

wget URL for apps

Thanks Splunk for such a great and powerful system. I'm trying to do a scripted deploy using this URL. http://s...

by Engager in

Data Visualization Collision

Hi all, I am having trouble with data visualizations. Two of my data points are layered on top of each other. I h...

by Explorer in

Can anyone help me understand this eval search query?

I have recently started a new role and have been tasked with figuring out some old reports. The creator of the report...

by Explorer in

What regex command to use to to remove the special character after a number?

I want to remove the special character after a number, please help. data: 7.62\x00\x00\x00\x00\x00\x00\x00\x00\...

by Builder in

datamodelsimple returned error code 1

Ran the simple command below | datamodelsimple External search command 'datamodelsimple' returned error code ...

by Engager in

How to create a report on the results of the latest events only?

Hello, I am trying to create a report that only looks at the latest events by a sourcetype. The sourcetype is an...

by Explorer in

How to extract only successful and failed logins using regex?

Hello All, I have a file with data: --------------server1 2018-07-----SQL2008-- Number of Success Logins: SOFTPOIN...

by Path Finder in

Compare two table searchers and combine to single table (where condition)

Hi, Got two different searches result in to corresponding table format, want to achieve something like "select b....

by Engager in

compare event count today vs yesterday vs last week vs prior week

Hi, i want to compare event count today with yesterday,last week and prior week using timewarp complete day like d...

by Explorer in

Today vs. Yesterday vs. Last Week

Hi All, I have a need to display a timechart which contains negative HTTP status codes (400's and 500's) today, ye...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to return full count of field1, and a TRUE/FALSE field if 1 or more of the results in field1 matches a specific criteria?

Why does Fillnull not work without specifying a field?

Splitting columns into rows

Limitation on number of boolean clauses within search string

Assign keys to tokenised string

Using tstats to extract first element in multivalue field

select latest timestamp of data and from second to last date.

How to extract fields from JSON data in Splunk?

Monitoring the directories recursively

How to calculate the average delta between each event and the event count?

Strange search behavior with "transaction"

How can I extract key value pair in a table?

How can I split multi values in a single value ?

Is there a shortcut to piping the table command where splunk-created fields are automatically excluded?

How to combine unique values of the field into one?

wget URL for apps

Data Visualization Collision

Can anyone help me understand this eval search query?

What regex command to use to to remove the special character after a number?

datamodelsimple returned error code 1

How to create a report on the results of the latest events only?

How to extract only successful and failed logins using regex?

Compare two table searchers and combine to single table (where condition)

compare event count today vs yesterday vs last week vs prior week

Today vs. Yesterday vs. Last Week

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions