Highest Voted 'splunk-query' Questions

1

vote

1 answer

Show the sum of an event per day by user in Splunk

I want to be able to show the sum of an event (let's say clicks) per day but broken down by user type. The results I'm looking for will look like this: User Role 01/01 01/02 01/03 ... Guest 500 450 348 55 Admin 220 200 150 75 Here is…

splunk splunk-query splunk-formula

asked Sep 23 '22 at 18:15

gregwhitworth

2,136
4
22
33

1

vote

2 answers

Splunk Enterprise SPL search combine multiple field values into 1 field

I have the following log…

splunk splunk-query

asked Sep 02 '22 at 18:37

g t

21
4

1

vote

1 answer

Filtering out holidays in Splunk

I am attempting to use a search lookup table csv to filter out holidays for some Splunk queries. To do this, I created a holidays.csv in the following style: dateof,dateafter,description 01/17/2022,01/18/2022,MLK Day…

splunk splunk-query

asked Aug 31 '22 at 09:00

parricc

49
4

1

vote

0 answers

How can I keep the thousands separator when exporting a Splunk Dashboard to PDF?

Is there a way to have the thousands separator in a table when exporting to pdf? When I load the dashboard in Splunk, it shows the thousands separator in a table. But when I export it to PDF, the thousands separator is not displayed.

splunk splunk-query

asked Aug 26 '22 at 09:34

Prashanth Srinivasan

11
1

1

vote

1 answer

How do I check if Splunk has received logs from hundreds of different sources/hosts/devices?

I am relatively new to a company that has used Splunk Professional Services to spin up a Splunk Cloud environment. The company IT has onboarded a lot of AWS, Azure, on-prem and network devices so far. I’m trying to verify that they are in fact…

security splunk splunk-query splunk-formula

asked Aug 23 '22 at 19:54

Jon_Snow1

11
2

1

vote

1 answer

How to combine count from two different mstats in where clause Splunk?

query 1 | mstats count(_value) as count1 WHERE metric_name="*metric1*" AND metric_type=c AND status="success" by metric_name,env,status | where count1>0 query 2 | mstats count(_value) as count2 WHERE metric_name="*metric2*" AND metric_type=c AND…

statistics splunk splunk-query

asked Aug 03 '22 at 15:28

user3749031

33
1
7

1

vote

0 answers

Calling REST API on splunk alerts and incidents using Postman

I am trying to fetch Splunk alerts, incidents data using GET with Postman. I am getting an HTTP 200 response, but the response is in HTML format with the following error: "Splunk relies on JavaScript to function properly. Please enable JavaScript…

rest postman splunk splunk-query alerts

asked Jul 25 '22 at 07:18

Lakshmi S

23
2

1

vote

1 answer

Get rid of characters between two characters in Splunk

I'm currently facing a little problem. I'm a beginner with Splunk, and I need to print a temperature in a single value widget. I want the temperature to have °C at the end. When I'm doing this: | eval value = value +"°C" The printed value is 80.00…

regex splunk splunk-query

asked Jul 12 '22 at 12:39

OrnSkry

13
2

1

vote

1 answer

Can Splunk read inside a file and filter based on a word inside?

I want to create an alert for hosts file modification. Found the build in one here on the forums but I would like to add a filter that can read inside the file and when it's being modified by Docker, it would ignore and won't activate the…

splunk splunk-query

asked Jul 11 '22 at 14:32

BestestCohen

11
1

1

vote

1 answer

Reading a field from a JSON log in Splunk using SPATH

I am trying to read an attribute from a Splunk log that looks like this context=context{version="1.1.2", id="123", userId=""} I need to get count by version My Splunk query : index="$index" "$filterString" | spath input=context output=versionId…

splunk splunk-query splunk-dashboard

asked Jun 30 '22 at 07:24

Anuja Barve

300
1
4
23

1

vote

1 answer

Trying to use a columns value as a key to a different column for my results id like to output

I have two columns per event I am trying to use. Well call these col1 and UknownRandomColumnName (urcn for short) . The key of urcn changes from event to event and is unknown prior to search time, but the value of col1 will always be the key of…

splunk splunk-query

asked Jun 29 '22 at 19:25

tilted

296
2
17

1

vote

1 answer

Splunk - Share data set across multiple queries

I have event logs in a Splunk index. I want to get the number of a) successful requests and b) failed requests based on statusCode over the last week. However, I want to show the number of each for each day. From my understanding, I can execute a…

splunk splunk-query

asked May 26 '22 at 13:43

Developer

89
1
4

1

vote

1 answer

Can we use delta command to get a difference between current & previous value which have the same unique id?

I'm trying to find a difference between current & previous value of AOV (Avg value) which have the same unique ID (country). Right now my query gets the difference but doesn't respect the unique IDs. Any help or suggestion would be…

splunk splunk-query

asked May 17 '22 at 22:12

Nishant

29
1
5

1

vote

1 answer

Assign Nested Value to Variable in Splunk

I have an event log in Splunk that looks like this: { "event": { "Id":"12345", "Name": "My Event", "Inputs": { "Param1":"some value", "Param2":"another value" }, "Result": { "statusCode":"304" } } } I…

splunk splunk-query

asked May 16 '22 at 15:45

Dev

921
4
14
31

1

vote

2 answers

Splunk Query to find all the occurrences of a Boolean key value pair in logs over a period of time

Given below is a snippet of splunk event. My requirement is to find all the occurrences of "isOutstanding": true. Here the point to note is that one event may/may not have multiple occurrences. Need to find the total count from multiple events over…

splunk splunk-query splunk-calculation splunk-dashboard

asked May 15 '22 at 19:57

remya thekkuvettil

778
1
7
22

Questions tagged [splunk-query]