Splunk Search

Ask a Question

Discussions

Thread Info

How to filter values returned from an array field?

I have events with an array field named "tags". The tags array has 2 fields for each array object named "name" and "...

by Engager in

Splunk Query not working as expected

Hi Using following query: `mbp_ocp4` kubernetes.container.name =*service* level=NG_SERVICE_PERFORMANCE SERVICE!=D...

by Observer in

Finding hostname where one result is present but not some other results over time

Hey everyone, I'm stumped trying to put together a query to find specific hosts that return some value but not some o...

by Loves-to-Learn in

Radial Gauge valu/max from stats query

I have a query that returns 2 values. . . | stats max(gb) as GB by metric_name metric_nameGBstorage_current99storag...

by Explorer in

Fetching out ISP , domain info for an IP address

Hi All, We are a Splunk Cloud customer having ES. Is there a way to fetch the ISP, domain info for an IP address ...

by Builder in

Creating a SPL using tstats for Multiple Failed Logins Followed by Success?

Hello Splunk Community, I'm currently working on creating a search using the tstats command to identify user behav...

by Loves-to-Learn Everything in

Field Extraction did not work

Oct 30 06:55:08 Server1 request-default Cert x.x.x.x - John bank_user Viewer_PIP_PIP_env vu01 Appl Test [30/Oct/2023:...

by Observer in

How to use the REST API to just run a search and stream the results back?

Hi, I have a question about using the REST API to run a search. The doc seems to indicate that you need to follow ...

by Champion in

how to see the data in table command which is showing empty cells

i see the splunk query index="sample" "log_processed.env"=prod "log_processed.app"=sample "log_processed.traceId"=90c...

by Explorer in

trying to compare two sources and extract these ones that do not have SysMon

Hello Community, I have a challenge finding and isolating the unique hosts out of two sources (DHCL and SysMon in m...

by Communicator in

chart count for comparison

Hi, I have the below SPL and I am not able to get the expected results. Please could you help? if i use stats cou...

by Path Finder in

Impossible number of occurrences being returned

Given the sample event below representing a user sign-in, I am trying to create a table that shows each combination o...

by Engager in

Rex multiline extraction only grabbing every other occurrence

Hoping this is something simple with lookahead/lookback that I'm missing... trying to extract multi-line fields from ...

by Explorer in

Eval or Lookup bug

I have a splunk search that is returning the wrong results from a kvstore if the secondUID field is set to itself bef...

by Explorer in

Display a single value from multyple value filed in the table.

I have filed "Labels" with multiple value in the single filed.I need to see only OS value red hat(linux) or windows 2...

by Path Finder in

Need help in extraction of data from distributed and async logging application

Hi All, I am almost a starter in Splunk but my org uses this tool as a log management utility. I need help in get...

by New Member in

Listing sources not having a match

Hello, I've a simple requirement but new to Splunk so facing some challenges and hoping for some luck! My applica...

by Explorer in

timechart comparison for 15 mints current working day vs previous working day

Hi, I have the below SPL and I would like to get the comparison for 15 mints time span i.e if we run today at 5 am...

by Path Finder in

Windows Admin User Logins

I want to create an alert that notifies when Windows admins login and the accounts they are using. I want to ensure t...

by New Member in

Can we get login location for the logged in Splunk users ?

Hi All, I am trying to get login data about the the number of users logged in to the Splunk instance every day....

by Contributor in

need to delete column from the result generated after timechart command

i have a timechart query which is giving me the below result i want to exclude the columns with Zero like 02gdysjs...

by Builder in

How to get peakstats and a count of success and errors for a month in one table?

by Path Finder in

Using Inputlookup to find a string contains a value and more

Hi guys, So heres what im trying to do. I have a lookup csv with 3 columns. I have data with string values that migh...

by Engager in

How to combine two searches?

I need to look for an incoming email and if an email matches a certain subject, I need to check another source type t...

by New Member in

How could I correlate values in multiple fields that contain multiple values

So, I've been away from Splunk for several years now, and now re-visiting it. I've got a scenario where I would like...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter values returned from an array field?

Splunk Query not working as expected

Finding hostname where one result is present but not some other results over time

Radial Gauge valu/max from stats query

Fetching out ISP , domain info for an IP address

Creating a SPL using tstats for Multiple Failed Logins Followed by Success?

Field Extraction did not work

How to use the REST API to just run a search and stream the results back?

how to see the data in table command which is showing empty cells

trying to compare two sources and extract these ones that do not have SysMon

chart count for comparison

Impossible number of occurrences being returned

Rex multiline extraction only grabbing every other occurrence

Eval or Lookup bug

Display a single value from multyple value filed in the table.

Need help in extraction of data from distributed and async logging application

Listing sources not having a match

timechart comparison for 15 mints current working day vs previous working day

Windows Admin User Logins

Can we get login location for the logged in Splunk users ?

need to delete column from the result generated after timechart command

How to get peakstats and a count of success and errors for a month in one table?

Using Inputlookup to find a string contains a value and more

How to combine two searches?

How could I correlate values in multiple fields that contain multiple values

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!