Splunk Search

Thread Info

Why do we get the exited with code 255 errors?

When we search (on stage) using index = <index name>, no results come up and we get the following - 2 errors occur...

by Ultra Champion in

How to extract a string using regex?

Hello all, I am trying to write a regex to extract a string out an interesting field that I have already created ...

by New Member in

How to find the first alphabetical value?

Hi, I have a field which returns values in the following format: 10.6.3319.19 10.7.2113.33 10.6.179.135 10.7.2...

by Path Finder in

Why is the subsearch truncating when using JOIN in the query?

I am joining two queries by a common field but the problem is that the subsearch is truncating is there a better way ...

by Builder in

How do I highlight an event in the timeline?

I commonly need to find patterns within relation to a certain event. For instance I want to view all error logs after...

by Engager in

regular expression to find special character

I want to use regular expression which should get special charcter in Splunk Please help in this

by Motivator in

Splunk 7 / Win2012r2: Retrieve Tag's Value, based on another Tag's Value & Time

Hello, I'm new to Splunk. Need some advice, I need to do as follows: Pls. see attached, the sample. Tag 1 = Producti...

by Path Finder in

How do I find an orphaned search in Splunk 6.4.1?

After migrating to 6.4.1, we are now notified of orphaned objects. Cleaned them up or cloned them to new ones, but on...

by Communicator in

How can I display the count of host in the header?

Hello, First of all I'm a splunk noob, I just got started and i'm learning... I have a simple search that returns ...

by New Member in

Search for multiple values in field

Hi, I am trying to omit search results for a field that might have a couple of different values. any ideas how to be...

by Engager in

How to get Wildcards and Special Characters on lookup table?

I'm posting this as everything I have been referencing is from years ago. I need to relate Users to GPO changes. ...

by Explorer in

Determining if a CIDR Block is completely contained in another

I'm looking for a way to take a CIDR range in the format x.x.x.x/x and tell if it is completely enclosed within one o...

by Path Finder in

How to compare two fields and result in a 'pass' or 'fail' in another field (give or take a count of 5)?

Hello. I'm trying to compare two panels to see if there are any changes in the count. Both panels should be equal ...

by New Member in

What is a command that does the opposite of mvcombine?

So, I know MV Combine asks that you specify the one unique field in a set of results, and returns a multi-value entry...

by Explorer in

How to search for all IP's not in a lookup table.

Basically I want to use the inputlookup myspreadsheet.csv and I want to find all IP's that are not in that .csv file.

by New Member in

Trying to match 2 fields in 2 different sources by wildcard

I have 2 sources with different pieces information and i'm trying to return a coalesced search based on a partial mat...

by New Member in

Why is the Syntax Highlighting options missing?

When I visit my account setting in my splunk web instance any reference to Search options are not visible. Including ...

by Explorer in

Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command?

I log in to my Indexer as root, cd to /etc/init.d and then ran the "splunk enable boot-start -user splunk" command. A...

by Path Finder in

What this query will do?

streamstats current=f latest(up) as oldUP by lowername I am bit confused what will streamstats calculate here?

by Engager in

three search in same page with alert and time span=3 month

i want to do three different search in same page for time span is 3 month i need a alert to be configured

by Motivator in

xpath not giving result

I want to extract NewValue when Network Settings is International Roaming Bar. Tried with | xpath outfield=NewValu...

by Path Finder in

Case insensitive search in rex

I am having a field such as Exception: NullReferenceException. And sometimes, EXCEPTION:NullReferenceExcpetion. I ...

by Path Finder in

Splunk - Join two queries from same index and eventtype

I have the following two events from the same index (VPN). I've been unable to try and join two searches to get a tab...

by New Member in

Splunk license usage per sourcetype

Hello, Is there a way to find out which sourcetype is sending too much of data to an index. i know an index but i ...

by Explorer in

How do I remove rows with null values on single/multivalue fields?

Hello Everyone I have a below search query that results me 4 column table. Process, RunID, StartTime and EndTime. ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Why do we get the exited with code 255 errors?

How to extract a string using regex?

How to find the first alphabetical value?

Why is the subsearch truncating when using JOIN in the query?

How do I highlight an event in the timeline?

regular expression to find special character

Splunk 7 / Win2012r2: Retrieve Tag's Value, based on another Tag's Value & Time

How do I find an orphaned search in Splunk 6.4.1?

How can I display the count of host in the header?

Search for multiple values in field

How to get Wildcards and Special Characters on lookup table?

Determining if a CIDR Block is completely contained in another

How to compare two fields and result in a 'pass' or 'fail' in another field (give or take a count of 5)?

What is a command that does the opposite of mvcombine?

How to search for all IP's not in a lookup table.

Trying to match 2 fields in 2 different sources by wildcard

Why is the Syntax Highlighting options missing?

Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command?

What this query will do?

three search in same page with alert and time span=3 month

xpath not giving result

Case insensitive search in rex

Splunk - Join two queries from same index and eventtype

Splunk license usage per sourcetype

How do I remove rows with null values on single/multivalue fields?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions