Highest Voted 'splunk-query' Questions

1

vote

1 answer

Splunk query to report stats on one subset as fraction of the whole event set

My mandate is to calculate the percent of one class of exceptions as a function of all events. count(specific exception) percent exceptions = --------------------------- count(all events) I can get…

splunk splunk-query

asked Mar 13 '23 at 21:35

cptully

615
1
9
24

1

vote

1 answer

How can I extract all fields from my DB Connect results in Splunk?

I have configured a Database Input in DB Connect to pull in data from an Oracle view. A sample string from one of the events follows: 2023-02-28 15:40:50.760, AUDIT_TYPE="Standard", OS_USERNAME="Administrator", TERMINAL="unknown",…

splunk splunk-query

asked Mar 01 '23 at 16:52

nightmare637

635
5
19

1

vote

2 answers

Run predefined search sub-query in splunk

I am using a splunk query which always includes specific sub-query: host="aaa" OR host ="bbb" OR host="ccc" So for instance I do 2 different searches like: host="aaa" OR host ="bbb" OR host="ccc" "MyClass" "id=3" host="aaa" OR host ="bbb" OR…

splunk splunk-query

asked Feb 20 '23 at 07:26

fascynacja

1,625
4
17
35

1

vote

2 answers

Regex count capture group members

I have multiple log messages each containing a list of JobIds - IE - 1. `{"JobIds":["661ce07c-b5f3-4b37-8b4c-a0b76d890039","db7a18ae-ea59-4987-87d5-c80adefa4475"]}` 2.…

splunk splunk-query

asked Jan 20 '23 at 20:04

Adjit

10,134
12
53
98

1

vote

3 answers

SPLUNK use result from first search in second search

Say I have a query such as index="example" source="example.log" host="example" "ERROR 1234" | stats distinct_count by id This will give me all the events with that error code per id. I then want to combine this query to search the same log file…

splunk splunk-query

asked Jan 06 '23 at 12:36

hotspuds

47
1
7

1

vote

1 answer

Getting value from splunk search result to Email Alert Message

Im trying to get values from a splunk search into an email alert Message. My splunk search query used to trigger an alert is "resourceGroup="myResourceGroup" severity="Error" (simplified version). The output of the search looks like this { …

email alert splunk splunk-query splunk-dashboard

asked Nov 30 '22 at 22:20

O'Neil Tomlinson

702
1
6
28

1

vote

1 answer

Splunk query with conditions of an object

I need a Splunk query to fetch the counts of each field used in my dashboard. Splunk sample data for each search is like this timestamp="2022-11-07 02:06:38.427" loglevel="INFO" pid="1" thread="http-nio-8080-exec-10" appname="my-test-app" …

splunk splunk-query splunk-dashboard

asked Nov 07 '22 at 03:00

Hanuman

43
5

1

vote

1 answer

How to change the color of the viz in the splunk dashboard

Lambda Order retry call status …

splunk splunk-query splunk-dashboard

asked Nov 02 '22 at 23:03

Anitha

165
2
9

1

vote

1 answer

Splunk - Add numeric columns and display only that result

This is my Splunk query: | stats count by Successful_Unsuccessful This is what the result looks like: What I want to do is total all the numeric values in the count column and display it as a Single Value Visualization in a dashboard panel I…

splunk splunk-query splunk-formula splunk-dashboard

asked Oct 26 '22 at 19:17

ashu mallik

49
1
6

1

vote

1 answer

Splunk: using two different stats operations involving bucket/bin while avoiding subsearches/appendpipe?

I have two searches, both of which use the exact same dataset, but one uses bucket or bin command to bin into time groups and find the maximum requests in any second; the other counts the total requests, errors, etc. The first search is something…

splunk splunk-query

asked Oct 24 '22 at 11:39

JosephCHW

21
3

1

vote

1 answer

Extracting fields from logs using rex

I am trying to extract few fields from an event log using rex command and display the fields in a tabular format. This is my log: LOG_LEVEL="INFO" MESSAGE="Type_of_Call = Sample Call LOB = F Date/Time_Stamp = 2022-10-10T21:10:53.900129 Policy_Number…

splunk splunk-query splunk-formula

asked Oct 11 '22 at 17:06

ashu mallik

49
1
6

1

vote

1 answer

Splunk group by stats with where condition

I have a below event listed in Splunk. It logs the distinct API call made to services. Like in below example my-bag , my-basket , my-cart as distinct services and URL pattern of call is always /api/{service-name}/{v1 or v2 }/{ method name}? token =…

java splunk splunk-query splunk-dashboard

asked Oct 07 '22 at 22:52

Sumeet Kumar Yadav

11,912
6
43
80

1

vote

1 answer

Is there a splunk query to sum all the column values based on same row field?

I have a existing splunk table as: JobAction Status TimeTaken(ms) Records Host Delete SUCCESS 100 50 Host1 Delete SUCCESS 120 200 Host1 Insert SUCCESS 500 30 Host1 Insert SUCCESS 120 25 Host1 I want to get the totaltime and…

splunk splunk-query splunk-dashboard splunk-calculation

asked Oct 07 '22 at 16:10

AD27060

21
5

1

vote

2 answers

splunk query to extract multiple fields from single field

I am new to splunk. My requirement is to display below grid. Method Execution Time IndexController.printHello 519 My Event String is below { "event" : "test", "message" : "OUT: IndexController.printHello - time taken: 519…

splunk splunk-query

asked Oct 03 '22 at 19:30

Selva

1,620
3
33
63

1

vote

1 answer

How to build a Splunk query that extracts data from a JSON array?

We have a series of splunk log entries and want to plot the "Data" field on a dashboard. { "Message": "Test Message", "Timestamp":2022-09-30T14:06:01.8294071-05:00, "Data": [{"Key":"key1","Value":"3"},{"Key":"key2","Value":"4"}] } { "Message": "Test…

splunk splunk-query splunk-dashboard

asked Sep 30 '22 at 20:47

Matthew David Jankowski

844
5
17
39

Questions tagged [splunk-query]