Splunk Search

Ask a Question

Discussions

Thread Info

FillNull In Timechart

Hi, I'm wondering whether someone may be able to help me please. I'm using the following to extract metrics for a ...

by Motivator in

How can I compare the most recent field extraction in a log to the previous one?

All, I have a log file which produces a MD5sum every hour or so. I'd like to compare the most recent event, with ...

by Builder in

Need help in regex

{"runDate":"2018-04-18T00:31:46 EDT","dataDate":"20180319","jobName":"experianCounters","counterList":[{"counterName"...

by Explorer in

Optimize join for audit logs

I have a search that returns correct results. However, the join subsearch portion is constantly hitting the max 50000...

by Explorer in

how to remove start and last character from field value in splunk using single command

how to remove start and last character from field value please find the example below Example test=road-car tes...

by Explorer in

inputlookup shows no results after adding two more columns to csv

I had 3 columns initially in the csv file. I added two more and added the same in the inputlookup command. But no tab...

by Engager in

Basic Key Value extraction

Hello, I receive message like this : topic="Sniffer" message=""timestamp"="1524387631351","process"="com.x.and...

by Explorer in

How to search for multiple fields with 2 sourcetypes?

HI All, I need to search two sourcetypes and multiple fields at the same time. Following query is working correct...

by Communicator in

Using fillnull for multiple fields?

What is the best way to use fillnull for multiple fields? What is the best way to avoid it working for only the first...

by Explorer in

How to extract a float value from 2 strings?

How can I get all the float values that are between the strings "totalElapsedTime^" and "^" from the log sample bello...

by New Member in

How to find the difference from the previous day in a lookup table?

Hi. How to use Splunk query to compare to the "count" field from previous day from a lookup table? For instance, ...

by Communicator in

Remove last values of a field result

following are the output of a filed file=a.csv file=a1.csv file=a2.csv file=b.csv file=b1.csv What i required i...

by Explorer in

the max time of day

hello guys I have a problem at work index=mailog relay=10.204.0.0 I timechart span=1h count I timechart span=1...

by New Member in

dedup and unique difference

Could you please explain the difference between dedup and unique

by Motivator in

What would be the strategy to extract relevant data from field with unnecessary data?

Description field parsing data from has some unnecessary survey data that I would like to ignore and NOT count. That ...

by Path Finder in

key error in Python call to search results Json

I have a custom action alert based on an App The search is looking for a file, event, and file type. it then pipes th...

by New Member in

How to extract key-value field extraction?

Need help with key value extraction for the following: Apr 20 10:38:59 10.1.8.25 {"adf": 1, "virtualservice": "vir...

by Contributor in

how to display only those rows with a particular value in a particular value using |table command

I am applying few conditions and logic to come up with values for different fields. I'm then displaying them using te...

by Communicator in

Combinding results in fields with mulitple results

I have two types of logs in an index. Both can have multiple entries for a ip address. What i need to do is find all ...

by Explorer in

eval match with NOT condition

I've figured out how to use the match condition to use a wildcard in my eval, however now I need to put at NOT with i...

by Motivator in

extract fields from rex _raw

trying to extract a fields from logfile's text (have both examples in logfile): search sourcetype=apache "/apps/pu...

by New Member in

Eval and If else value return or else null

Hello Splunkers, Im constructing Eval field " user1" actually user field contain 5 digit number so i have to const...

by Path Finder in

How to compare multiple fields?

Hi All, I want to compare three fields value(may be) to arrive at new field. (mentioned 3 as it may require to compar...

by Contributor in

What's causing the error message in the extraction of new fields?

Why do I get the following error message when I try to extract new fields? The events associated with this job hav...

by Engager in

How can I replace that field values to another and vice versa?

For example, my account number is coming as device number and vice versa and that is expected based on the condition ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

FillNull In Timechart

How can I compare the most recent field extraction in a log to the previous one?

Need help in regex

Optimize join for audit logs

how to remove start and last character from field value in splunk using single command

inputlookup shows no results after adding two more columns to csv

Basic Key Value extraction

How to search for multiple fields with 2 sourcetypes?

Using fillnull for multiple fields?

How to extract a float value from 2 strings?

How to find the difference from the previous day in a lookup table?

Remove last values of a field result

the max time of day

dedup and unique difference

What would be the strategy to extract relevant data from field with unnecessary data?

key error in Python call to search results Json

How to extract key-value field extraction?

how to display only those rows with a particular value in a particular value using |table command

Combinding results in fields with mulitple results

eval match with NOT condition

extract fields from rex _raw

Eval and If else value return or else null

How to compare multiple fields?

What's causing the error message in the extraction of new fields?

How can I replace that field values to another and vice versa?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions