Splunk Search

Ask a Question

Discussions

Thread Info

how can i trim until a specific character?

Hello, I got a field that has a format and a value like this "S01-3101" and sometimes a value like this "S01-301" ...

by Engager in

How to fill null values by a String when using a timechart

This is the query is used: index=perfmon* sourcetype=Perfmon:CPU counter="% Processor Time" | eval status=if(Value...

by Path Finder in

How to calculate the difference between two timestamps to get the duration of a video call?

Hi guys, im a beginner in Splunk and my issue is that I have Cisco logs and I need to find out the conference dur...

by New Member in

Using relative time with where command

I'm able to find all the previous day's events by hard coding in date ranges as such: where mytime > "2018-03-01" ...

by Communicator in

Use Splunk for a Static Value Lookup

I have a data store that information is far faster and more reach to get to with Splunk and I am trying to figure out...

by Explorer in

Streamstats delta between values on grouped data incorrect

I have data that is extracted from log events by multiple neighbor pairs. I would like to extract deltas on an intege...

by Path Finder in

accum command for field

I have field called test, what would be out if use assume command command: -- | accum test as test2 ( It will crea...

by Explorer in

Why are my search heads looking for index _blocksignature after upgrading to 6.3.0?

After upgrading my lab to 6.3.0 the search heads are reporting this error when no index is explicitly supplied in the...

by Builder in

How to split Data in one column to multiple columns?

hi, I had the data in the following format location product price location1 Product1 p...

by Engager in

How to set the event time to the time from summary index?

Hi. I have a query to generate the events with timestamp, "_time", from the original events and ingested to a summary...

by Communicator in

How can I easily search multiple values for one field?

I use the following search for proxy logs index=proxy src="10.10.10.10" | table _time,src, action, dest, status | ded...

by New Member in

Why does the Timechart command with eval result returns empty visualization?

Hello, I have the following search that calculates a risk value with eval index=thing sourcetype=thing name=thing ...

by Explorer in

How to evaluate if a field is null or not null from JSON structured data?

My data is structured into a JSON with a field inside a block that is as follows { "SomeField":"Value", "servi...

by Communicator in

Can you add a NOT condition in monitor path (inputs.conf)?

I have 3 types of log file names, ones that simply end with .log.2018 (eg: dc1-sms.log.2018), others end with -error....

by New Member in

How to search for a range of IP addresses (example: 10.10.10.32 through 10.10.10.96)?

Does anyone know the criteria to search for a range of IP address under the following conditions. I want to narro...

by Engager in

Hello every one, while I am searching on splunk , I am getting the following error. Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for this peer in the Job Inspector for more info.

Our environment is having 3 Sh and 4 indexers . I am getting following error very frequently. I followed suggestions ...

by Path Finder in

How to search specific lines in splunk log file?

I have 100 lines content log files where I want to show only between 32-80 lines in searching without regex condition...

by Path Finder in

Table ES Suppressions including start time and end time

I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in t...

by Path Finder in

Regex help: Colon space and comma as key-value pair

I'm trying to figure out better way of doing regex for a data like below Protocol: TCP, SrcIP: 1.2.3.4, OriginalCl...

by Super Champion in

search query - Lack of account activity for more than 3 months.

search query - Lack of account activity for more than 3 months. There is a directory with the accounts that you need ...

by New Member in

Why is there unrelated fields to all my events?

Hi, I have a couple of fields that always appear in the output of the fieldsummary command. I focused on one in...

by Contributor in

How to convert string result into rows?

Hello I've been trying to chart/table the following search but I keep getting the wrong sorting for my array. My s...

by Explorer in

Pass value to another search

Hi, I currently have a simple query that returns a table of data. Let's say... 1) index=test source=test_log gr...

by Engager in

Compare current time vs fields time

I have a checkbox that when ticked I want it to compare the current time vs. the time of the values in a field of the...

by Contributor in

We have tried to extract index time field extarction

We have tried to extract index time field extraction, below are the details.. props.conf:- [sourcetype] TRANSFORMS...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how can i trim until a specific character?

How to fill null values by a String when using a timechart

How to calculate the difference between two timestamps to get the duration of a video call?

Using relative time with where command

Use Splunk for a Static Value Lookup

Streamstats delta between values on grouped data incorrect

accum command for field

Why are my search heads looking for index _blocksignature after upgrading to 6.3.0?

How to split Data in one column to multiple columns?

How to set the event time to the time from summary index?

How can I easily search multiple values for one field?

Why does the Timechart command with eval result returns empty visualization?

How to evaluate if a field is null or not null from JSON structured data?

Can you add a NOT condition in monitor path (inputs.conf)?

How to search for a range of IP addresses (example: 10.10.10.32 through 10.10.10.96)?

Hello every one, while I am searching on splunk , I am getting the following error. Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for this peer in the Job Inspector for more info.

How to search specific lines in splunk log file?

Table ES Suppressions including start time and end time

Regex help: Colon space and comma as key-value pair

search query - Lack of account activity for more than 3 months.

Why is there unrelated fields to all my events?

How to convert string result into rows?

Pass value to another search

Compare current time vs fields time

We have tried to extract index time field extarction

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions