Splunk Search

Discussions

Thread Info

How to create a new field and assign value to it on the basis of sub query result?

Hi all, I am almost near to my requirement and there is just one issue that I am facing. I am having 2 columns from a...

by Path Finder in

Need to get latest sets of events

I have a dbinput configured to pull data from SQL table on a daily basis. So I am getting few events each day in a in...

by Path Finder in

How to create a query for below scenarios?

field="URL1 OR URL2 OR URL3" I need to search each URL in . If the search is returns values, count >0 then it's Pa...

by Explorer in

Most Recent Series of Events Selection

I have a series of tests that are performed at random times throughout the week. There are a total of 12 events. Each...

by Engager in

Finding duration, average time, maximum time for specific logs

The logging that we do is not perfect hence need some help. Log 1 (request) - {"date":"19-04-2018 21:40:11,221", ...

by Explorer in

Need help creating a regex to grab anything after last comma

Hi, Hope someone can help me with creating a regular expression for an extraction. I have a log file and the lines...

by New Member in

How to find the max value based on the rows?

Hi all, I want max value by row wise not max (field name) **Date** **shiftA** **shiftB** **shift...

by Motivator in

How to search start dot whatever?

If I wanted everything with a .wav extension returned how would I format this? index="myindex" AttCnt=* AttNames=*...

by Communicator in

Use different lookups based upon environment in same search

How can I use same search for 2 different lookup? For ex: lookup_qa.csv and lookup_prod.csv. I wanna use them in sear...

by Path Finder in

How do I sum the price of a product for repeating XML fields in a single event?

Here is a sample section of the XML Data I am attempting to sum: <Product> <ProductItem>1</ProductItem>...

by New Member in

Is it possible to update _raw with a replaced field easily?

When I use replace to update a field, it is updated properly (in the interesting fields sidebar) but my search displa...

by Explorer in

Using Eval statement

Hello Splunkers, I have case field with below information so i need to construct Eval field. case** XYZ 2 0 3...

by Path Finder in

output lookup search correlation with input lookup data

Hello, can you use a output lookup table just after creating it? I have this search... index=indexA sourcetype=mys...

by Contributor in

Correlation based on 3 fields and find events in between, one of the fields in multivalue

Hello Splunkers, battling with this all morning and seeking your assistance. i have a CSV data set from a car worksho...

by Ultra Champion in

timechart span and transaction rollover into hour (what happens to the duration of the transaction?)

below example sums the duration when a machine is not running. ... | sort 0 - time | transaction starts...

by Explorer in

getting unjoined keys in a join

Hi, I currently have 2 log. log 1 id, some data 1, "abc" 2, "def" log 2 id, some other data 1, "abc" 3, "ghi" ...

by Engager in

Why am I unable to convert a string to numeric?

I am trying to convert a string to numeric but it is not getting converted. index="dnr_ecc" jobname="*IC*HV_TREX" ...

by Explorer in

Custom date should show the timechart with 0 for the non matching event

Hi, I have a data in which there is a content of the filename with the timestamp in epoch time as below : File...

by Contributor in

Where are my posts that are awaiting moderation

I just posted a quite elaborate question and it is now awaiting moderation. However, I cannot seem to find it anywhe...

by Explorer in

How to make the chart legend static?

Hey Splunk experts, Please see if you can help me on this: I created a choroplet map chart and it is receiving the...

by New Member in

Splunk REST API body format - What are my options to bulk load users via REST API

I am working on a way to bulk load users into splunk via REST API, what format does the body need to be? My dream is ...

by Builder in

regex to get only the filename and filedate

Hi, My requirement is to show the date when the index got last created or to show the date of the latest file whos...

by Communicator in

Complex request improvement

Hi I would like to improve this complex request : (sourcetype=powershell:rebootPending) |stats latest(Reboot_Pe...

by Motivator in

scripted input interval limit

is there any document for the up limit and down limit of datainput/script? Thank you.

by New Member in

Mismatch '[' error in field extraction using regular expression

I am a new splunk user and apologies for this dump question. I tried to extract a field with the fort "servername:por...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a new field and assign value to it on the basis of sub query result?

Need to get latest sets of events

How to create a query for below scenarios?

Most Recent Series of Events Selection

Finding duration, average time, maximum time for specific logs

Need help creating a regex to grab anything after last comma

How to find the max value based on the rows?

How to search start dot whatever?

Use different lookups based upon environment in same search

How do I sum the price of a product for repeating XML fields in a single event?

Is it possible to update _raw with a replaced field easily?

Using Eval statement

output lookup search correlation with input lookup data

Correlation based on 3 fields and find events in between, one of the fields in multivalue

timechart span and transaction rollover into hour (what happens to the duration of the transaction?)

getting unjoined keys in a join

Why am I unable to convert a string to numeric?

Custom date should show the timechart with 0 for the non matching event

Where are my posts that are awaiting moderation

How to make the chart legend static?

Splunk REST API body format - What are my options to bulk load users via REST API

regex to get only the filename and filedate

Complex request improvement

scripted input interval limit

Mismatch '[' error in field extraction using regular expression

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions