Splunk Search

Ask a Question

Discussions

Thread Info

regex - remove comma from the result

Hello all, I have a problem extracting field using regex. The nearest query I've made is: index=* | rex field=_...

by Path Finder in

In a stats based on the item selected in the drop down, how can I display two columns in the panel which display the count when Id=* and when Id=number?

Hi, I have a query which does the stats count by ID selected through the drop-down query looks like : index=ser...

by Contributor in

How can I create this Splunk Query for a specific domain an display the list of the traffic going to that domain address as a table?

I have been out of date with building Splunk queries and I would need your help. 1) For a specific domain, let's say ...

by Explorer in

What exactly does splunk.exe clean eventdata -f do?

I get the it cleans out the eventdata, my question is where? Is this limited to the server the command was ran from? ...

by Contributor in

How to run operations on values from a main search and sub search?

I have a log file that shows the number of jobs that have been started by an application and the jobs that have been ...

by New Member in

How can I create a drill down to list the name ,using the date available from lookup.csv?

i want to create a drill down to list the name ,using the date available in lookup.csv please answer, if there is ...

by Engager in

Remove non alphanumeric in the datamodel

Hi I have datamodel data like below. I have tried to remove all non alphanumeric. So i can put it on a new field i...

by Influencer in

How to pivot a search off a subsearch result?

Since I couldn't find this anywhere, I'm making my own question and answer, to better help the "next guy" who has thi...

by Contributor in

How can I compare static time value in a lookup field with current system time +/- 5 m?

I'm just learning splunk so sorry if this is a simple question. I have a lookup with a field that has static time val...

by New Member in

How to eliminate identical values of two similar fields?

Suppose I have a field called TESTS which contains some values. This field changes every day (each day is represented...

by Path Finder in

How to display success rate as 100 if no API calls are invoked?

Please help me in the below search query index=Index1 sourcetype="Tablename" CounterName="Number of Successful AP...

by New Member in

How can I change color on pie chart with rangemap?

I have a pie chart and use | rangemap field=test1 low=0-1 elevated=2-49 severe=50-100. How can I get these colors to ...

by Path Finder in

Mounted Bundle path - Search Head

How does the search head know the location of the mounted bundle? When you configure the mounted bundle you add this ...

by Communicator in

How to search to find a match in lookup file?

I have 2 lookup files. Am getting empnumber from one file and then trying to search for the corresponding email id fr...

by Communicator in

Help with extraction of field created at index time?

All, Testing an index'd time field extraction in a test environment. It SEEMS to have worked, but randomly the fi...

by Builder in

Web Data Model no referrer

Can anyone help with the following please. Im looking to run a tstats query against the Web Data Model but exclude re...

by Path Finder in

Need a help in Regex?

Hi All, Need a small help in the regex, I am able to match the host name but unable to over write to the host field i...

by Motivator in

how can I get the per hour results of the sum of max value per location?

Hi Guys, I have 10 locations with around 100 spaces each then every 10 mins a new message is sent to update the cu...

by Communicator in

How to get overall stats if in a single log a particular event is missing?

Hello There, I am trying to get an overall stats for all the logs with a particular sourcetype, however in some so...

by New Member in

How to join 2 searches using time range?

Hi all, We're trying to combine 2 searches: Search 1: application transaction log ...| transaction connId | e...

by Communicator in

How do I use a default value if latest(_time) cannot be found?

Hi, I'm trying to create a search that calculates how long a device has been offline, with a maximum of two days....

by Path Finder in

Making multi value field in props/transforms from auto-extracted field

I have events that whose fields like this: Name=[name1,name2,name3] Application=[app1,app2,app3] Splun...

by Builder in

How to filter fields (Stats: Value, List, Latest)

I have 5 fields of data I want in a stats table, some of these fields have more than 1 value inside and they all corr...

by Contributor in

How to join 2 query from different sources?

Hi Guys, I have 2 queries that I have to combine. I haven't done this before and I'm really struggling.  1st quer...

by Communicator in

First match from end of the line regex

Hi Everyone, Trying to get the expression to read first match from the end off the line and not the beginning of t...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

regex - remove comma from the result

In a stats based on the item selected in the drop down, how can I display two columns in the panel which display the count when Id=* and when Id=number?

How can I create this Splunk Query for a specific domain an display the list of the traffic going to that domain address as a table?

What exactly does splunk.exe clean eventdata -f do?

How to run operations on values from a main search and sub search?

How can I create a drill down to list the name ,using the date available from lookup.csv?

Remove non alphanumeric in the datamodel

How to pivot a search off a subsearch result?

How can I compare static time value in a lookup field with current system time +/- 5 m?

How to eliminate identical values of two similar fields?

How to display success rate as 100 if no API calls are invoked?

How can I change color on pie chart with rangemap?

Mounted Bundle path - Search Head

How to search to find a match in lookup file?

Help with extraction of field created at index time?

Web Data Model no referrer

Need a help in Regex?

how can I get the per hour results of the sum of max value per location?

How to get overall stats if in a single log a particular event is missing?

How to join 2 searches using time range?

How do I use a default value if latest(_time) cannot be found?

Making multi value field in props/transforms from auto-extracted field

How to filter fields (Stats: Value, List, Latest)

How to join 2 query from different sources?

First match from end of the line regex

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions