Splunk Search

Ask a Question

Discussions

Thread Info

How to display only column(s) that has value greater than 0

Hi all, I have table looks like this Column1,Column2,Column3,....,ColumnX 1,2,0,....5 1,0,5,....3 2,3,0,....0 S...

by Path Finder in

How to search for which user has access to what index?

Does anyone know how to: 1) search for which user has what access to the index? 2) who has accessed to what index ...

by Splunk Employee in

Should the records in time-based lookup csv file must to be sequence (order) by time?

Hi, I have done some test using small set of data in my lab. It looks like the time-based lookup work correct when...

by Path Finder in

Filter out a subset of items based on another value in a CSV lookup

Hello again, So lets say I have a CSV file that looks like the following: node_code region_code SAN ...

by Explorer in

RegEx Extraction Assistance for new field.

I have a field that looks like the below. PM=Rodhouse,Logan (PM Build VZT-PM) PM=Allen,Jim (PM Run-PM) Basicall...

by Explorer in

Merge multiple line to one line with end, start line desire?

Hi, I'm have trouble with multiple line in my logs and i have many information dont need in this logs. So I'm want ge...

by Engager in

How to extract new fields in a log file

Here is a sample content from my application log. I wish to extract the fields "rib-rmq Status is STATE_ACTIVE. L...

by New Member in

Should the records in time-based lookup csv file must to be sequence (order) by time?

Hi, As title. I have done some test using small set of data in my lab. It looks like the time-based lookup work corre...

by Explorer in

How to 'grep' multi-line event?

How would I perform a Unix grep on a multi-line event? Ex.: _raw="one two three" _raw="tree bee eleven" I'd li...

by Explorer in

Field not fillled through eval in map

I have a search like this: |inputlookup CSV-Generic-GenCus-GenLBL-SensitiveDataKeyWords.csv | map [search index="*...

by Path Finder in

Why is the mvcombine breaking sparkline?

Hi everyone, I have a requirement to use mvcombine after stats. When I use mvcombine the sparkline stops worki...

by Contributor in

What should I use instead of foreach when iterating?

by Ultra Champion in

How can I retain certain field values for all events with tstats when some fields may not exist on all events?

I have an accelerated data model where all events contain a duration field (ReqTot). In addition, some events include...

by New Member in

Why are there field extraction issues on events with no sourcetype information?

Hi there, I know there is an answer related to my question but I don't understand it. I already have this sourc...

by Contributor in

InputLookup - find unique values across 4 fields

I have a lookup file that contain 4 fields (field1, field2, field3, field4) which contains an account number. Same ac...

by Contributor in

complete data not coming through search

When I run the following query , I am getting data for limited days. Eg. When I run this query for 1 month ,I didn't...

by Engager in

case - expression is malformed

What am I doing wrong? * Account_Name=smithjt OR Account_Name=jonestt* |eval X1=case (Account_Name=="smithjt", "John ...

by Explorer in

Eval commands

Does anyone know if you do a rex and create a new field could you use that field for the eval commands? IE: | rex ...

by Explorer in

Dashboard views by user using REST & index=_internal

I'd like to search dashboard views by user, which is stored in index=_internal. REST allows me to limit results using...

by Explorer in

Hi Team, can we use REST API in Splunk Cloud version?

We want to integrate JIRA Server with Splunk cloud using REST API. Is it possible? If yes, please share documentat...

by New Member in

sum up several fields with integer counts to one

Hi, I have several fields which should be summed up to one count. I tried the following but the field is not showi...

by Path Finder in

How to join two indexes in different time ranges?

I have two indexes: index 1 contains a list of domains and event_timestamp, index 2 contains a description for every ...

by Loves-to-Learn in

how can i get each value for specific filed?

index=test host=rider2*58* APP=TEST | rex field=_raw "*CAR:(?\d+)*" | table CAR this is my query. But whenever i r...

by New Member in

Add total at the end of a column in Splunk

Hello, I have a splunk query that goes into our AWS bill and outputs totals for various AWS resources: index=pr...

by Explorer in

How to perform aggregations on multiple occurrences of a field inside a single event

Hi, I have data something like this: Events in splunk search are as follows 04:30 [timestamp] [text...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display only column(s) that has value greater than 0

How to search for which user has access to what index?

Should the records in time-based lookup csv file must to be sequence (order) by time?

Filter out a subset of items based on another value in a CSV lookup

RegEx Extraction Assistance for new field.

Merge multiple line to one line with end, start line desire?

How to extract new fields in a log file

Should the records in time-based lookup csv file must to be sequence (order) by time?

How to 'grep' multi-line event?

Field not fillled through eval in map

Why is the mvcombine breaking sparkline?

What should I use instead of foreach when iterating?

How can I retain certain field values for all events with tstats when some fields may not exist on all events?

Why are there field extraction issues on events with no sourcetype information?

InputLookup - find unique values across 4 fields

complete data not coming through search

case - expression is malformed

Eval commands

Dashboard views by user using REST & index=_internal

Hi Team, can we use REST API in Splunk Cloud version?

sum up several fields with integer counts to one

How to join two indexes in different time ranges?

how can i get each value for specific filed?

Add total at the end of a column in Splunk

How to perform aggregations on multiple occurrences of a field inside a single event

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions