Splunk Search

Ask a Question

Discussions

Thread Info

Unexpected behavior of searchmatch function

We use Enterprise Splunk Version: 9.1.6 I have noticed a strange behavior of searchmatch() function. | m...

by Communicator in

Searches returning unexpected results

I am fairly new to Splunk. I am testing out different search queries and getting inconsistent results. In this ex...

by Engager in

comparing scores

I am trying to find a way to compare the results listed in a table to each other. Basically the table lists the re...

by Loves-to-Learn Everything in

Help with search query using multiple tokens and filters

HI, im trying to create filter for network connections. But i cannot make work few tokens in the same time. I want ...

by Explorer in

Why Am I Seeing Events In The Future And How Do I Stop It

Hi Guys, I hope someone can help me out or give me a pointer here. When I run my searches I always get events ...

by Explorer in

Indexer

I want to get total memory allocated on 1 indexer and how much memory it is using. so that i could get remaining disk...

by Explorer in

Combining Searches

I am trying to figure out the best way to perform this search. I have some json log/events where the event data is sl...

by Engager in

Equivalent timechart correlation query without subsearch

Can someone help create an equivalent query to the following, without using subsearch? There are probably too many re...

by New Member in

Multiselect filter. Select all matches in classic dashboard.

Hi Splunkers :-), We have nice feature it dashboard studio - "Select all matches" in multiselect filter. But, unf...

by Path Finder in

sum(count) returning 0 events

Hi everyone.I have a query that basically filters certain events and sums them by category. But I'm facing issues whe...

by Path Finder in

Dedup removing all elements

Hello everyone. I'm dealing with a query that deals with certain "tickets" and "events", but some of them are duplica...

by Path Finder in

Append number by value to results

Hi Splunkers I'm looking for a way to append a column with an ID based on the value of another field. Base search...

by Communicator in

how to remove few content from splunk output

Hi All,I have a splunk query giving results in this format:Time ...

by Explorer in

Logging Requirement CTO 24-003

Is there anyone familiar with any guidance on fulfilling the logging requirements for CTO 24-003 with splunk queries ...

by New Member in

Different search results in search and dashboard

Hello everyone!I came across a strange behavior.I was building a dashboard and noticed that some results look unexpec...

by Communicator in

How to display 2 fields from different sources into a table?

Hi all, I have the following query: index=wineventlog source=wineventlog:security EventCode=4688 [search inde...

by Explorer in

Splunk Query to extract id's from a event and display the ID's

Below is the search and I need to extract the ID's shown in the below event and there are also many other ID's. Pleas...

by Engager in

Pie Chart is not showing smaller values

Hi , I have a CSV file, whose visualization I want to see in the form of Pie-Chart. But on display, one of the parame...

by Builder in

How to calculate properly calculate delay for multiple events with same reference

Hi,Here is a scenario: Step 19h30 TradeNumber 13400101 gets created in system9h32 TradeNumber 13400101 gets sent to...

by Path Finder in

Data Not Stored in Metric Index

Hey all, I am new to Splunk Enterprise and I would like to understand more about metrics and the use of metric inde...

by Engager in

Get values Time range

I have a survey that has a date field deletion_date. How can I filter this field by theTime range? sour...

by Observer in

How to Perform a Lookup in Splunk When Some Fields in the Lookup Table Are Empty ?

I’m working on a Splunk search that needs to perform a lookup against a CSV file. The challenge is that some of the f...

by Communicator in

How do I monitor Windows application install and removal?

I need to monitor all Windows servers to alert if there is a critical application got uninstalled. The simplest qu...

by Loves-to-Learn in

How to display one to one mapping between fields in stats command

Hi there, how can i use stats command to one to one mapping between fields . I have tried "list" function and "valu...

by Builder in

How to use only the latest group of events for each machine to display in the table

Hello dear Community! I have a set of separate machines logging number of different events to Splunk, each group ca...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unexpected behavior of searchmatch function

Searches returning unexpected results

comparing scores

Help with search query using multiple tokens and filters

Why Am I Seeing Events In The Future And How Do I Stop It

Indexer

Combining Searches

Equivalent timechart correlation query without subsearch

Multiselect filter. Select all matches in classic dashboard.

sum(count) returning 0 events

Dedup removing all elements

Append number by value to results

how to remove few content from splunk output

Logging Requirement CTO 24-003

Different search results in search and dashboard

How to display 2 fields from different sources into a table?

Splunk Query to extract id's from a event and display the ID's

Pie Chart is not showing smaller values

How to calculate properly calculate delay for multiple events with same reference

Data Not Stored in Metric Index

Get values Time range

How to Perform a Lookup in Splunk When Some Fields in the Lookup Table Are Empty ?

How do I monitor Windows application install and removal?

How to display one to one mapping between fields in stats command

How to use only the latest group of events for each machine to display in the table

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

Issue with StateSpaceForecast from the MLTK app

Notepad++ SPL syntax highlighting

Some cloudwatch log collection errors