Highest Voted 'splunk-query' Questions

1

vote

1 answer

Splunk data export using API

I want to export data from Splunk via rest API, I've been wondering whether there is a good "Splunk export" solution that can help me to send my query output/result to a third part application with the help of rest API I have created below Splunk…

splunk splunk-query

asked May 13 '21 at 19:48

SherKhan

13
2

1

vote

1 answer

Splunk: regex - No events counted

I am trying to extract a field after a specific expression using regex and then running a query which counts the events where this condition is met. I did this: query | rex field=_raw "text: (?\d+)" | timechart partial=f span=5m count as…

regex splunk splunk-query

asked Mar 24 '21 at 16:45

Tobitor

717
6
16

1

vote

1 answer

Splunk Alert Creation

I am new to Splunk and need suggestion for creating the below alert in Splunk. I need to create an alert which will check the log file last updated timestamp and if it is not updated for last ten minutes, then alert should be triggered. Thanks in…

splunk splunk-query

asked Mar 15 '21 at 08:40

Peter.Fox

41
1
1
5

1

vote

2 answers

Issue with Splunk Query Stats not brining in all values

I have a log which has below lines in it: "Results":{"Elapsed":"0","Message":"No of Application to Obsolete in Teradata : 4","TraceLevel":"INFO"},"Security":{"Vendor":"CRAB"}} "Results":{"Elapsed":"0","Message":"Total Application Asset in Teradata…

splunk splunk-query

asked Feb 26 '21 at 08:56

Amit

51
6

1

vote

0 answers

Splunk event increasing logic witch each SPL query

I am getting data in Splunk from Snowflake using Splunk DB Connect. This is just simple orders data. At Splunk search & reporting I am running the following query on my table to get visualization. source="big_data_table_inner_join" "UNITS_SOLD" |…

splunk splunk-query splunk-formula splunk-calculation

asked Feb 09 '21 at 15:19

Faisal Ghufran

25
4

1

vote

2 answers

Splunk: Find events that don't have a certain attribute logged as different log lines

We have Splunk logs like: ts=20:10:01 id=1 state=first foo=bar ts=20:10:05 id=1 state=second foo=bar ts=20:10:06 id=1 state=third foo=bar ts=20:10:03 id=2 state=first foo=bar ts=20:11:01 id=3 state=first foo=bar ts=20:11:03 id=3 state=second…

splunk splunk-query splunk-formula splunk-calculation

asked Jan 26 '21 at 22:44

Sumitk

1,367
5
18
29

1

vote

0 answers

How to solve the problem of scanning based on scanned history with Splunk?

The requirements is to find the event_A and event_B such that There is event A before it, and the event_A’s TEXT field and the event_B’s TEXT field have the first character identical, and the second characters satisfy the condition: the event_B’s…

splunk splunk-query

asked Jan 15 '21 at 04:21

Yu Shen

2,225
3
30
37

1

vote

1 answer

Multifields search in Splunk without knowing field names

There are some two values V1 and V2 and I do not know index field names. How should be looked request if I wanna have in selection response the following: unknown-field-name1 = V1 unknown-field-name2 = V2 I am a beginner in Splunk world and just…

splunk splunk-query

asked Jan 06 '21 at 13:22

Adam Shakhabov

736
2
9
26

1

vote

0 answers

Splunk query over @Timed annotation by the Prometheus metrics

As the title says I have @Timed annotation in my microservice written in spring-boot: @Timed(value = "api.rest.get-account-msgs",histogram = true,percentiles = {0.5, 0.95, 0.99}) and I'm struggling to find the correct query for the splunk to…

spring-boot prometheus splunk splunk-query splunk-calculation

asked Jan 05 '21 at 09:18

Jin

51
2

1

vote

1 answer

Splunk searching event logs to find values exceeding a given threshold

I want to search the log event "Closure request counts: startAssets: " and find occurrences where the startAssets are larger than 50. How would I do that? Something like: Closure request counts: startAssets: 51 would maybe give a search similar…

splunk splunk-query

asked Dec 15 '20 at 21:29

laila

115
1
7

1

vote

2 answers

Splunk Cloud search query with variable does not return results

I have a query that does not return results and shows no errors (the same with where and search command): "ExtendedProperties.PrCode"="myProductName" | eval myversion="12.916"| where "ExtendedProperties.ProductVersion"=myversion The query without…

splunk splunk-query

asked Dec 09 '20 at 08:08

K. B.

1,356
2
14
20

1

vote

1 answer

Is there a way to achieve either before/after events in Splunk, or a real-time stream of events in a report?

ON a *nix command-line, you can see relative before-and-after lines while using the grep command : grep "abc" -A 2 -B 3 My question: is there any way in Splunk enterprise product to see relative lines when doing a search? Splunk search supports…

grep splunk splunk-query

asked Nov 27 '20 at 02:18

SauriBabu

240
1
9

1

vote

1 answer

How to Build Splunk Search Query for below Scenario

I am able to get the multiple events (api's logs) in splunk dashboard like below event-1: { "corrId":"12345", "traceId":"srh-1", "apiName":"api1" } event-2: { "corrId":"69863", "traceId":"srh-2", "apiName":"api2" } event-3: { "corrId":"12345",…

splunk splunk-query

asked Sep 30 '20 at 10:26

Nanireddy Thadi

11
3

1

vote

1 answer

Sending out multiple reports as one email in splunk

I have 2 different independent queries and I want to send out a single email having these 2 reports as PDFs. Is there a way to achieve this in splunk. Edit- Tried putting the reports to a dashboard and then scheduling a pdf delivery but I don't see…

reporting splunk splunk-query

asked Sep 24 '20 at 07:03

Kunal gupta

147
1
11

1

vote

1 answer

Find mismatched records using shared field

I'm a Splunk newb and am wrestling with building a specific query. Any help would be appreciated. This is the base search. index=index (Food="*meat*") AND (Food="*veggie*" OR Food="*fruit*") From here, I rex the result and sort. | rex field=_raw…

splunk splunk-query

asked Sep 24 '20 at 00:07

Jackal

11
1

Questions tagged [splunk-query]