Highest Voted 'splunk-query' Questions

2

votes

1 answer

Splunk join two query to based on result of first query

In Splunk query I have two query like below Query 1- index=mysearchstring1 Result - employid =123 Query 2- index=mysearchstring2 Here I want to use employid=123 in my query 2 to lookup and return final result. Is it possible in Splunk?

asked Jul 21 '22 at 01:38

Java hunger

77
5

2

votes

1 answer

How to extract the data present in {} in Splunk Search

If the data present in json format {[]} get extracted, however when data present in {} as shown below doesn't behave same. How fields and values can be extracted from data in {} _raw data: {"AlertEntityId": "abc@domai.com", "AlertId":…

splunk splunk-query splunk-dashboard

asked Jun 13 '22 at 06:33

zen29d

61
7

2

votes

1 answer

Use Parameters in Table in Search Query in Splunk

I have a saved table dataset in Splunk. When I choose to "Investigate in Search" this table dataset, I see sample 1 | from datamodel:"My_Table_ForDay" The SPL My_Table_ForDay looks like the following: sample…

splunk splunk-query

asked May 18 '22 at 13:37

Dev

921
4
14
31

2

votes

2 answers

Merge url with parameters into 1 in Splunk

I am creating a dashboard for our service. And I want to create metrics for url requests. Lets say have a similar url like this one: /api/v1/users/{userId}/settings And I have following query in Splunk url=*/api/v1/users/*/settings | stats…

splunk splunk-query splunk-dashboard

asked Apr 08 '22 at 03:19

user17485523

2

votes

1 answer

How to use a token for a rex in Splunk?

I have a token $token_rex$ set up as follows in the dashboard: mvjoin(mvmap('token_keywords_mv',"(?<".'token_keywords_mv'.">".'token_keywords_mv'."+?)"), "|") token_keyrowrds_mv is basically the following: lorem ipsum situs The…

splunk splunk-query splunk-dashboard

asked Apr 05 '22 at 12:33

yaserso

2,638
5
41
73

2

votes

2 answers

How to display the results of a Splunk map operation together with the original fields?

I'm working with a simplified example in which there are workers which can have multiple lifecycles in which they perform tasks. (This is similar to the example of users logging into different sessions and performing shell commands given in…

splunk splunk-query

asked Apr 04 '22 at 15:01

Kurt Peek

52,165
91
301
526

2

votes

2 answers

Splunk conditional search

I want to do this. If scope == 'request': search request_type=* elif scope == 'site': search request_type=* site=* scope == 'zone': search request_type=* site=* zone=* scope == 'cluster': search request_type=* site=* zone=*…

splunk splunk-query

asked Mar 18 '22 at 23:33

Stephen Dimig

33
1
5

2

votes

1 answer

Splunk query for javascript object to JSON string

Thank you in advance. I am using Winston logger for printing application logs in JSON format. But Somehow it prints in Javascript object format without double-quotes for keys like below { message: 'APP listening on 4000', level: 'info', env:…

json splunk winston splunk-query

asked Mar 10 '22 at 06:54

Mayur

864
6
14
25

2

votes

1 answer

What is the best way to specify/access a specific item in a delimited field in Splunk?

I'm very new to regex and such, I have tried to look for a similar answer but nothing jumping out to me. I'm trying to refine searches in Splunk using a regex. Is there any way that I can define delimited fields and only focus on that area? For…

regex splunk splunk-query

asked Mar 02 '22 at 16:52

Sparky-Parky

23
2

2

votes

1 answer

Splunk query to create a table view?

This event is printed eveytime UserPin AreaCode AreaNum Sector Short Sem are unique for each userid and come only inside User Login successfully message with timestamp "message":" *** User Login successfully credentials userid 2NANO-323254-7654-4 …

splunk splunk-query

asked Feb 09 '22 at 18:08

SingUser

23
1
8

2

votes

1 answer

Query to extract data

Here is a snippet of the logs: 127.0.0.1 - - [01/Dec/2020:00:00:11 -0500] "GET / url:"api/orderLaptop for customer id 123" 127.0.0.1 - - [01/Nov/2020:00:00:24 -0500] "GET / url:"api/orderLaptop for customer id 124" 127.0.0.1 - -…

splunk splunk-query splunk-formula splunk-calculation splunk-dashboard

asked Jan 15 '22 at 03:16

user3376592

191
1
13

2

votes

1 answer

Splunk query to take a search from one index and add a field's value from another index?

How can I write a Splunk query to take a search from one index and add a field's value from another index? I've been reading explanations that involve joins, subsearches, and coalesce, and none seem to do what I want -- even though the example is…

splunk splunk-query

asked Jan 11 '22 at 18:23

mikeclemson

147
1
2
7

2

votes

1 answer

Splunk Enterprise: Exclude certain time ranges for a bigger time range

I am in need of knowing if there is a possibility to exclude certain time ranges within a given time period? I have a formula for my search and then I have chosen the datepicker, but would like to know if I can filter out specific time ranges within…

monitoring data-analysis splunk splunk-query splunk-dashboard

asked Dec 07 '21 at 10:40

Erfan Tavoosi

389
5
16

2

votes

1 answer

Splunk Concurrency Calculation

I have some data from logs in Splunk where I need to determine what other requests were running concurrently at the time of any single event. Using the following query, I was able to have it return a column for the number of requests that ran at the…

splunk splunk-query splunk-calculation

asked Oct 02 '21 at 00:03

SBB

8,560
30
108
223

2

votes

1 answer

Splunk - Assigning custom time

I want my time to be the "Date" property in the following json: { "Level": "ERROR", "Date": "2021-08-20 17:21:53.6355", "Logger":.... } I created a props.conf here: ...\Splunk\etc\system\local with: TIME_PREFIX=\"Date\": TIME_FORMAT=%Y-%m-%d…

splunk splunk-query

asked Aug 20 '21 at 18:06

user3401331

75
1
9

Questions tagged [splunk-query]