Splunk Search

Discussions

Thread Info

Why is the table in dashboard reporting "No results found" when there are in fact results found?

We have a table in a dashboard that shows "No results found." when in fact there are results for the search based on ...

by Contributor in

dbxquery eval _time as column

Hi all, I am trying to set the values in column insertepoch in a mysql database to be the new _time index in splu...

by Path Finder in

How to table a KV output?

Hi Team, I used the below query to extract the log file. index="test" sourcetype="todayline" | kv pairdelim="\r...

by Engager in

How can I eval a new field using only partial values from existing field?

Apologies if my question's title is non-descriptive. I am working through extracting an 'action' field from an existi...

by Explorer in

How can my search query show all duplicated events by field?

I'm trying to search data from our Infoblox switch port capacity source, and there are many interfaces that have an i...

by Engager in

How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users?

Good Morning Out of interest I wondered if anyone had a Splunk Search, which clearly showed machines being mined a...

by New Member in

How can I do field extraction on a security log using regex?

I need a little guidance on rex field extraction on the following "redacted" security log. Unfortunately, I don't hav...

by Builder in

How to subtract two time fields?

How would I go about subtracting EndTime from BeginTime?

by Path Finder in

Creating a custom date field

Hi, Is there a way to create a custom date field in Splunk? Sow lets say I have multiple events, all of these e...

by Path Finder in

How to use subsearch inside a map command search?

I have a query that uses map and subsearch inside map command as below: index=myindex | eval email="email@xyz.com"...

by Path Finder in

How to extract a string with length, based on the value of another field?

These are some sample of my logs : "07PRIVATE" or "06SAMPLE" OR "08EXAMPLES" The first two digits are the length o...

by Path Finder in

How to query where I can display x and y values as the top value?

I have a tag which has four values i.e. a,b,x,y. But I want to display only the x and y values as the top value. I tr...

by Communicator in

Function similar to grep

I want Splunk to do the following actions. Is such a possibility possible? grep -5 "error"test.txt

by Communicator in

How can I use Regex to extract Windows SMB Logs?

Hi Splunkers I need to extract this log below each SMB Path to make a count: LOG Example: Here are the SMB ...

by Engager in

How to group different values and count the number of transactions?

Hi guys, I have 2 data sources (source 1 and source 2) with different locations and transactions. How can I group ...

by Communicator in

Search with like / only when more than one value

Hi, I have troubles with a search. I want results ONLY when my "disconnected=" has a value besides blov6 berg Unfi...

by Engager in

Random line breaks everything

earliest=-30d index=nessus OR index=nessus_workstation severity_id!=0 severity_id!=1 | lookup nessusLookup.csv signa...

by New Member in

Why is drilldown from a table into another table based on the click value, does not carry the value over from the previous table?

Good morning I am trying to drilldown from a table into another table based on the click value. The new form does ...

by Path Finder in

How to get the count of events which are in between a range in one query?

I need to get the count of events which are in between a range in one query. Ex: number of calls which took 10-20 sec...

by Path Finder in

How to compute a field using the previous value to simulate a data buffer?

Here is my problem: I have several log sources form and I want to follow how many logs I receive every second. That's...

by New Member in

How can I refine these queries?

Hello I have a dashboard that has 6 panels on it. It seems this dashboard is causing an issue with CPU on loading ...

by Communicator in

Why am I receiving this error when I am trying to extract a streetname which can appear either with or without another field in front of it in the input stream?

The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions...

by New Member in

Splunk WebUI Slow - Searches are quick

Hello, I am experiencing an issue where it appears like a webUI issue. On ver 6.6.3 and when we load a page like E...

by Explorer in

How can I clean up my messy appended search?

Here is my search: index=jenkins* job_name=mosaic-os*/master event_tag=job_event (type=started OR type=completed)...

by Explorer in

How to extract a different file from a search in two indexes when the events have a common field value?

Hi guys I need to extract two different fields from two different events in two different index only if these two eve...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is the table in dashboard reporting "No results found" when there are in fact results found?

dbxquery eval _time as column

How to table a KV output?

How can I eval a new field using only partial values from existing field?

How can my search query show all duplicated events by field?

How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users?

How can I do field extraction on a security log using regex?

How to subtract two time fields?

Creating a custom date field

How to use subsearch inside a map command search?

How to extract a string with length, based on the value of another field?

How to query where I can display x and y values as the top value?

Function similar to grep

How can I use Regex to extract Windows SMB Logs?

How to group different values and count the number of transactions?

Search with like / only when more than one value

Random line breaks everything

Why is drilldown from a table into another table based on the click value, does not carry the value over from the previous table?

How to get the count of events which are in between a range in one query?

How to compute a field using the previous value to simulate a data buffer?

How can I refine these queries?

Why am I receiving this error when I am trying to extract a streetname which can appear either with or without another field in front of it in the input stream?

Splunk WebUI Slow - Searches are quick

How can I clean up my messy appended search?

How to extract a different file from a search in two indexes when the events have a common field value?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6