Splunk Search

Discussions

Thread Info

Filtering logfiles showing one error log for every row

Hello, I need help in creating a search query to filter info showing just our logfile with same error line for all ...

by New Member in

How to join two indexes with a search

Good day,I want to join two indexes to show all the email addresses that the user have that signed in. This queries m...

by Path Finder in

Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response

We have an on-prem Splunk-Enterprise Version: 9.0.4.1 We updated IDP url in the SAML configuration and after uploadin...

by Engager in

When I clicked open in search, I got Request-URI Too Long

Hello,When I clicked open in search, I got the following message:Request-URI Too LongThe requested URL's length excee...

by Builder in

How do I send email alert if one or more subsearch exceed 50000 results?

Hello,Hello,How do I send email alert if one or more subsearch exceed 50000 results?For example below I have 4 subse...

by Builder in

How do I join an inputlookup and a tstats search?

So I have a lookup file with a complete list of servers and their details like version, owner etc, and an index my_in...

by Explorer in

ジョブを消しても復活する現象について

splunkで以下のSPLをジョブのバックグラウンドに送りました。 | metadata type=sourcetypes | search totalCount > 0 その後、こちらのサーチのジョブを削除したのですが、sp...

by New Member in

How to match fields with the same name from two events and if match add a field

Hello, I have these two events that are part of a transaction. These have the same s and qid. I need to match s a...

by Explorer in

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

HiI am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 v...

by Explorer in

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

I'm using a query which returns entire day data : index="index_name" source="source_name" ...

by Observer in

Can I rename different fields the same thing?

I'm working with a dataset that lists companies and individual people, so that some entries have the field "Entity Na...

by Communicator in

How can I display only 1 value in a timechart that uses a by

Hellohow can I display only 1 value of these 3 "maxCapacitMachine" results (which are the same in all 3 cases) in a B...

by Explorer in

How can I optimize my Splunk queries for better performance?

I’m experiencing slow performance with my Splunk queries, especially when working with large datasets. What are some ...

by New Member in

How to extract fields from source?

How to extract fields from below source. /audit/logs/QTEST/qtestw-core_server4-core_server4.log I need extract ...

by Builder in

Replace Notable Title Variable With Value

I need to replace the variables in the field rule_title field that is generated when using the `notable` macro. ...

by Loves-to-Learn Lots in

Help with join query for Salesforce

Hello Smarties... Can someone offer some assistance; We recently started ingesting Salesforce into Splunk, Usernam...

by Observer in

Dashboard panels with shared base search stopped working...

Some years ago I've created a (beautiful!) dashboard, with multiple panels, which presented related data at different...

by Path Finder in

Dedup Question

Hello Everyone, Having a hard time finding the appropriate way to display data. I have duplicate data where one fie...

by Engager in

Compare results from same field

I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and rep...

by Path Finder in

Using Lookup csv file to query fieldname

I have a lookup file saved with a single column having values of specific fields in it. And want to use to search in ...

by Explorer in

Splunk query to build a table with total event count, sub event count and sub event in percent

Hi Team,i am trying to design a query which show be result like total event count, sub event count and sub event in p...

by Path Finder in

delete fault submitted events, including avg timechart delete

Hi Community,i have a data source, that submit sometimes faulty humidity data like 3302.4 Percent.To clean / delete t...

by Engager in

Service maintenance in search

Hi, I am a rookie in SPL and I have this general correlation search for application events: index="foo" sourcetyp...

by Explorer in

extract fields

Oct 22 14:20:45 10.5.0.200 DNAC {" version" :" 1.0.0"," instanceId" :" 20...

by New Member in

How to merge two fields into one field?

I have the following result set coming from a search: field_1 field_2 1 2 3 4 5 6 I need ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filtering logfiles showing one error log for every row

How to join two indexes with a search

Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response

When I clicked open in search, I got Request-URI Too Long

How do I send email alert if one or more subsearch exceed 50000 results?

How do I join an inputlookup and a tstats search?

ジョブを消しても復活する現象について

How to match fields with the same name from two events and if match add a field

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

How to trigger an alert if the events are huge, the alert is triggering before the search completed. please help

Can I rename different fields the same thing?

How can I display only 1 value in a timechart that uses a by

How can I optimize my Splunk queries for better performance?

How to extract fields from source?

Replace Notable Title Variable With Value

Help with join query for Salesforce

Dashboard panels with shared base search stopped working...

Dedup Question

Compare results from same field

Using Lookup csv file to query fieldname

Splunk query to build a table with total event count, sub event count and sub event in percent

delete fault submitted events, including avg timechart delete

Service maintenance in search

extract fields

How to merge two fields into one field?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...