Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Help with the field extraction

Hi, how to extract the field "alert" with the field name action. help with the regex.. Thanks.

by Path Finder in

Field extraction from table values

HI Splunkers, We are getting below value inside one of field "data" in tabular format: Source success Total_Count...

by Contributor in

Search History retention inconsistent between search heads

I have two Splunk Enterprise environments, both at 9.0.2. For users in one environment, search history goes back only...

by Communicator in

Match and like not working for some users

Hello Splunkers!!We have a dashboard which works on the loadjob. When users try accessing the dashboard, they are get...

by New Member in

How to calculate count based on the condition?

Hi ,i want to calculate count based on the condition , like in the below queryif the event is 'sync' then the 'failed...

by Explorer in

Could not load lookup=LOOKUP-splunk_security_essentials

Hi, I wanted to update splunk_security_essentials app (3.2.2 to 3.3.2) : after I did the restart, I have this erro...

by Builder in

Extract bunch of UUIDs from a string using regex

Hi, I have a string in splunk logs something like below. msg.message="Matches Logs :: Logger{clientId='hFKfFkF-K7...

by Explorer in

How to streamstats with time_window and keep only the largest count?

I'm trying to use the streamstats-command with time_window to track when certain user actions happen more than twice ...

by New Member in

Grouping by src_ip and getting the same source and destination IPs repeated or duplicate entries?

Hi, I am working on use case which has following requirements 1. high number of connections to external DNS IP...

by Observer in

Stats count based on condition

index="*dockerlogs*" source="*gps-request-processor-test*" OR source="*gps-external-processor-test*" OR source="*gps-...

by Explorer in

Conditional mvdedup

Hello everyone! I have basic search index=main| stats list(src.port), list(dst.port) count(src.ip) as COUNT by id...

by Communicator in

How can I turn a single value number into a percentage?

So I'm trying to turn a single value number into a percentage but the code just returns a number still. Here's my ...

by Path Finder in

How to import event logs from another system to scan on my local instance of Splunk?

Hello all! I am brand new to Splunk and have learned quite a bit so far from this forum, so thank you! With that bein...

by Engager in

How to format when fields match between multiple sources and loop through items?

Hi All, Below is the sample data looks like. sourcetype_1 s1_field1: 123 s1_field2: { { ID: 2 Na...

by Observer in

How to find Delta between 2 sets of events?

Hello, I have use cases to find the Delta between 2 sets of events. We get events once a day, our objective is to ...

by Motivator in

how to convert tabular data to a specific format

Hello,I've the following tabular formatted data: How can I achieve the following: Thanks in advance...

by Path Finder in

How can I break out streamstats into multiple groups?

I'm wanting to group streamstats results by either one or two fields. Grouping by sourcetype would be sufficient. Gro...

by Motivator in

In dashboard studio, how do I change time format?

Hello,I would like to display dates in a dashboard studio table,i want the format to be "%Y-%m-%d" but it is not disp...

by Engager in

How to splunk search to get time only from date time?

hi All, can you help with splunk search to get time only from date time. example as 2022/11/28 17:00:00 want to...

by Path Finder in

How to get the latest status of the workflow?

Hello Splunkers, Workflows are monitored through splunk. Workflows has different stages like running , paused, can...

by Observer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with the field extraction

Field extraction from table values

Search History retention inconsistent between search heads

Match and like not working for some users

How to calculate count based on the condition?

Could not load lookup=LOOKUP-splunk_security_essentials

Extract bunch of UUIDs from a string using regex

How to streamstats with time_window and keep only the largest count?

Grouping by src_ip and getting the same source and destination IPs repeated or duplicate entries?

Stats count based on condition

Conditional mvdedup

How can I turn a single value number into a percentage?

How to import event logs from another system to scan on my local instance of Splunk?

How to format when fields match between multiple sources and loop through items?

How to find Delta between 2 sets of events?

how to convert tabular data to a specific format

How can I break out streamstats into multiple groups?

In dashboard studio, how do I change time format?

How to splunk search to get time only from date time?

How to get the latest status of the workflow?

Splunk Community Platform Survey

Observability Highlights | November 2022 Newsletter

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

Search History retention inconsistent between sear...

Match and like not working for some users

How to make my search fast when searching field na...

How to find a alert/dashboard running from a query...

Help with search to get below scenario