Jan 16, 2020 · When an SPL query is readable, it becomes easier to understand, troubleshoot, and give to a coworker. When you format your SPL queries, remember to format them in the editor, by …

Oct 12, 2021 · hello, everyone I have a question about how to write a subquery in Splunk. for example I would like to get a list of productId that was returned, but later was not purchased again. NOT IN …

Aug 11, 2022 · Splunk search query syntax? Asked 3 years, 5 months ago Modified 3 years, 5 months ago Viewed 2k times

Jul 10, 2019 · index=myIndex FieldA="A" AND LogonType IN (4,5,8,9,10,11,12) The documentation says it is used with "eval" or "where" and returns only the value "true". But it also seems to work as …

Sep 4, 2018 · I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Missed. Expected Time: 06:15:00". I have another index that is populated with …

Dec 11, 2019 · You should be using the second one because internally Splunk's Query Optimization converts the same to function like(). Which implies following query in Splunk Search

Jan 4, 2020 · I've been trying to put together a query that will show user activity within Splunk. I would also like to show what apps they have been in, and how long they were in the app as well as how …

Aug 30, 2021 · I would like to write in splunk a nested if loop: What I want to achieve if buyer_from_France: do eval percentage_fruits if percentage_fruits> 10: do summation if summati...

Jan 12, 2018 · I am new to splunk and was wondering if anyone has a document they don't mind sharing detailing "example search queries" as a starting point? any help would be appreciated. Thanks.

Mar 2, 2021 · Hello All, I am not so familiar with regex, but looking at some old query have been able to build one for my need. I am looking for help to understand how this is working in terms of regular …