Splunk Search

Discussions

Thread Info

Return string and number before and after equals sign

Hi, I am new in splunk and i want to save the value in fields before and after = for example events look like b...

by Engager in

How to join two time stamps with different counts?

I have a single dataset which contains a couple of variables which are time (date) based. The format for all of them ...

by Path Finder in

How to calculate a score based on a field with different values and count the number of identical values by applying a multiplier?

Hello, I want to calculate a score based on a field (severity) containing different values (High, Medium, Low). Th...

by Explorer in

How to plot a timechart so the values are plotted correctly for the search?

I'm trying to plot a timechart with below data. Empty Graph is displayed on the correct X-axis and Y-axis but values ...

by New Member in

Check the first character of a string with eval case

Hi Team, I want to create a new field REGION_ID With following requrirements:- If (TKT_CREATOR ="IP-Z" OR "DEP-IP-Z")...

by Communicator in

How to measure time difference between reoccurring events?

Hi, I am currently trying to write a search which will accurately measure how long it takes for a customer to log...

by Path Finder in

How to select only the procedure marked in bold through regex

Completed executing query test_proc_SelectLatest_PricesBySecurity which took 1 milliseconds. Completed executing quer...

by Path Finder in

How to index log with table data inside?

Hi, I have some logs that contain table data inside - which means there are multiple fields with the same key name...

by Path Finder in

Why is the nodejs unable to perform a number of sequential queries?

Hi guys, I have a nodejs service that needs to perform number of sequential queries: e.g: search mysearch from ...

by Communicator in

Is there a metric search to define how many times load balanced forwarders switch indexers?

Hi Everyone, Is there a metric Search to define how many times load balanced forwarders switch indexers? Thank ...

by Path Finder in

Is there support for the latest version of Custom charting Config Axis grid documentation?

I am trying to customize charts, from default numeric.Only documentation I found was one for older versions http://do...

by New Member in

Anomaly detection using historial event count with help of hour-based time slices

Hi, I'm currently searching for a method that will help me alerting anomalies in historial event logs. Let's sa...

by New Member in

How to use the dedup command for this search?

Hi Team, I have the next source list indexed in Splunk I need to let in only the last source by each fa...

by Communicator in

How to overlay a straight line showing the average time taken over an existing timechart?

I'm not sure if the title is clear, so hopefully this helps. I've got a dashboard with a search: host=hostname ...

by Explorer in

How to use mvcount or mvexpand to separate multiple values from two different fields?

I have an index that contains two fields, sig_names and sig_ids, that can contain multiple values for each. I'd like ...

by Influencer in

Convert Memory Count only if Value > 1000

I have data in the following format. Value should be in Gb MemoryCount=64 I have a few values that were imprope...

by Explorer in

How to search all field values except a particular one?

I have an app that can show source by country Example: Country=China In SPL how would I format this if I wante...

by Communicator in

Match from a lookup table

Hi, I'm new at Splunk and I need some help. I have a query that looks like this: sourcetype = ... index = ... | eval ...

by New Member in

How to use Regex to trim the field?

Hi, I have a field with DNS names, how to extract a host name from them? for example, abc123.ab.com aca12.ba.xy...

by Builder in

Inputlookup not functioning as expecting

I have a query for detecting logins to "sensitive" accounts from outside of certain countries. Rather than listing ev...

by Engager in

search query for a series of hosts

I need to run a query for a number of hosts i.e. host=app[1-22]* error using OR between every host is really no...

by Communicator in

Warning on the search

Hi, I have the below error when I execute the query on Splunk, the problem is present only in Production env and n...

by Path Finder in

Proper reg-ex to extracts cisco_ironport_web.log fields like - user, domain and url

cisco_ironport_web.log has the following events - Event - 1 1489714117.601 56 27.1.11.11 TCP_REFRESH_HIT/200 5...

by Contributor in

How to fetch the time of the latest event?

My log contain some events that we call 'bonus_events'. And 'bonus_events' happen once or twice a week. I want to sub...

by Contributor in

How to build a dashboard multitoken using another token?

I would like to build a dashboard token using a combination of a dropdown field and a checkbox field to build a host ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Return string and number before and after equals sign

How to join two time stamps with different counts?

How to calculate a score based on a field with different values and count the number of identical values by applying a multiplier?

How to plot a timechart so the values are plotted correctly for the search?

Check the first character of a string with eval case

How to measure time difference between reoccurring events?

How to select only the procedure marked in bold through regex

How to index log with table data inside?

Why is the nodejs unable to perform a number of sequential queries?

Is there a metric search to define how many times load balanced forwarders switch indexers?

Is there support for the latest version of Custom charting Config Axis grid documentation?

Anomaly detection using historial event count with help of hour-based time slices

How to use the dedup command for this search?

How to overlay a straight line showing the average time taken over an existing timechart?

How to use mvcount or mvexpand to separate multiple values from two different fields?

Convert Memory Count only if Value > 1000

How to search all field values except a particular one?

Match from a lookup table

How to use Regex to trim the field?

Inputlookup not functioning as expecting

search query for a series of hosts

Warning on the search

Proper reg-ex to extracts cisco_ironport_web.log fields like - user, domain and url

How to fetch the time of the latest event?

How to build a dashboard multitoken using another token?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions