Splunk Search

Discussions

Thread Info

replace values within a chart command

I have a search that looks at a index that has the user and a single group they belong to as shown below: I then use ...

by Explorer in

How to use replace in search?

Hi How to replace a character in a field value with another character? I have below field value, I have to replace...

by Builder in

subsearch with two events

I have two different types of logs and like to combine both and shows Body message. eaxmple logs as below Type1 da...

by New Member in

How to extract a decimal value, find the difference between them, and generate a report by the hour?

Below is the Splunk string and I want to find the difference between Original cost:: ** and **Validation Cost::, plea...

by New Member in

How to show custom message

Below is the source of my code. I want to display "A Custom Message" instead of "No results found" I tried many ways ...

by New Member in

Auto forward logs to Splunk platform

Dear all. recently, i am try to use Splunk Free , how can i take the forwarder auto send logs to receiver after in...

by New Member in

Why am I getting error "The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'"?

I have this data below and I want a flow chart of start time and end time on the x-axis and cmd1, cmd2......on the y-...

by New Member in

How to split events into multiple rows in a table?

I have the following search result which has multiple values in a cell: I would like to split table to raws. loo...

by Path Finder in

How to use detect numeric outlier to detect cpu utilization outlier

My objective is to collect cpu utilization and then use detect numeric outlier to find out the odds one. However the ...

by New Member in

Using search keyword or where keyword

Hi All I have data in the below fomat Country={UK}, Question=Where do you live, Answer=London Country={USA}, Q...

by Path Finder in

Sorting/Arranging chart results

Hi, I have the below query which is used to find the total and used diskspace of a linux server. I need to arrang...

by Explorer in

"search NOT" not working - not excluding the expected results

Hi All, Trying to figure this one out - suspect it's going to be something simple - just not sure what it is. H...

by Path Finder in

Using AND, OR to find 2 `devices` where i want to filter in some of the `adj` on each device.

I am trying to just show the devices that are X and Y and the devices that are X and have adj that meet this filter ...

by Motivator in

How to make a multiple condition IF statement work?

Hi, This should be easy but for some reason, my brain is making it hard. I'm trying to get a 2-condition IF statem...

by Motivator in

How to extract a heavily nested JSON data?

Hey everyone, I am very new to Splunk and many of the examples I see use relatively simple data. I am trying to extra...

by New Member in

Calculate mailbox growth comparing previous week

I have the below search that shows the total mailboxSize in GB and I would like to compare this with a week ago to de...

by Communicator in

Why is the timechart coming up blank?

Hi, I have this query that works query wize but the resulting timechart is blank and I don't know why earliest=...

by Motivator in

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

Hi, I'm sure this is really simple but I've been unable to figure out the exact regex to capture the hostname value f...

by Motivator in

How can I view daily/monthly job query search average times?

Given an initial search query, I'm trying to view daily and monthly job search query runtimes, then average the times...

by New Member in

Sorting column header is based on ASCII and its not based on case senstitve

Hi, I have a saved search with the below code snippet to sort irrespective of case. index=indexname | eval so...

by Communicator in

Why is the sum of all events on transaction giving the wrong value?

I'm calculating sum of all the events in the transaction but the sum displayed is different from actual sum. What am ...

by New Member in

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

source="logA" [search source="logB" "valueA" | return fieldA] 上記のように検索する時、もしサブサーチ内でvalueAの検索結果が無い時、サブサーチで何も値が返されない...

by New Member in

How do I formulate a regex so that I can search different types of events?

event 1: 31.138.204.1 | ssh | o*1N0HIQQx434x12481145x1 | ZI53713 | 2018-05-28 07:14:47,848 | SSH - piv-receive-pa...

by Contributor in

How to get max value from each columns that are created dynamicly based on time range

search query | timechart span=1m count by A1 the above query gives me below output: _time column1 column2 colum...

by Path Finder in

How can I compare two fields that I get from my search result?

I want to compare the two columns that I get dynamically from my search result. I want to compare both fields. Sou...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

replace values within a chart command

How to use replace in search?

subsearch with two events

How to extract a decimal value, find the difference between them, and generate a report by the hour?

How to show custom message

Auto forward logs to Splunk platform

Why am I getting error "The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'"?

How to split events into multiple rows in a table?

How to use detect numeric outlier to detect cpu utilization outlier

Using search keyword or where keyword

Sorting/Arranging chart results

"search NOT" not working - not excluding the expected results

Using AND, OR to find 2 `devices` where i want to filter in some of the `adj` on each device.

How to make a multiple condition IF statement work?

How to extract a heavily nested JSON data?

Calculate mailbox growth comparing previous week

Why is the timechart coming up blank?

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

How can I view daily/monthly job query search average times?

Sorting column header is based on ASCII and its not based on case senstitve

Why is the sum of all events on transaction giving the wrong value?

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

How do I formulate a regex so that I can search different types of events?

How to get max value from each columns that are created dynamicly based on time range

How can I compare two fields that I get from my search result?

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions