Splunk Search

Ask a Question

Discussions

Thread Info

generate daily report on date field in data

Hi there, I have some data like this activity_id: 1131c134-d771-41e7-918d-d42772fc1316 date_time:...

by Engager in

IF value then string

I am trying to set the Name to Unknown if the ID is XYZ else populate it with the name value. I have Eval name...

by Explorer in

How to trim away the port and use only URL after ":"?

Hi, I have a field with values URL and port, how to trim away the port and only use URL? For example, abc.net:9...

by Builder in

How to configure a time-based lookup - Temporal lookup?

I'm trying to configure a time-based lookup (temporal lookup) but it doesn't seem to be working as expected. Any advi...

by Contributor in

How to extract fields from openSCAP using regex?

Hey all, I'm trying to extract fields from openSCAP logs and I'm having difficulties pulling the CCE/DISA fields,...

by Explorer in

SAML Assertion signature verification failed. Unable to get local issuer certificate

We are trying to configure SAML integration for our Splunk On-Premise instance with our identity provider. Per the do...

by Engager in

How do I compare a missing value of one lookup from the other?

I have two lookups A,B with fields APIKEY, ENDPOINT. How do I compare the missing value for the column ENDPOINT in lo...

by New Member in

How can I use Rex or Regex to shorten up a timechart search by removing xmlkv function?

I'm trying to shorten up a timechart search by removing the xmlkv function. I've tried numerous times using rex and r...

by New Member in

How can I combine multiple rows into 1 row?

I have a search that returns the following table: | Key | Value | |---------|---------| | user | bob ...

by Engager in

Why isn't the time being recognized?

A little bit strange as this time stamp is not being recognized -

by Ultra Champion in

Percentage of Total of an event within a sub-array

Our data is structured into a JSON format, with data structured as follows: { IdentifyingDetailsofUserAndCal...

by Communicator in

How to use the lookup table to find if I can retrieve the filename from my lookup in my log, using the source fields?

Hi, I need your help as I think I didn't use Lookup correctly. I've a field in my logs called source and which ...

by Path Finder in

crawl search command doesn't exist on Splunk 7.0.2

when executing "| crawl root=/home/bob", I got below error: Error in 'crawl' command: Cannot find program 'crawl' ...

by Explorer in

How to view the current system process

hi, in windows ,how to view the current system process by splunk?

by Explorer in

How to compare data with last 7 days of data?

Hi, I've got a query that's failing at the "where" statement. I'm trying to show data in the last 7 days based on ...

by Path Finder in

How can I speed up a search by creating a data model using tstats?

I want to speed up a search by creating a data model and using tstats. This is the search using the data model so ...

by Communicator in

Regex: Why am I getting this syntax error in subpattern name (missing terminator)?

I keep getting the missing terminator error when trying to parse. I am not sure whats the problem Here is my rege...

by Path Finder in

how can I use html file as a datasource.

I am getting some HTML files(not available over the server) which I need to process in splunk. Not able to figure out...

by Explorer in

How do I check for the existence of an event before indexing to avoid duplicate events?

Hello, I'm busy trying to find a way to ensure that duplicate records are not indexed. So far all I've managed to ...

by Motivator in

Using stats to organise repetitive data

I have a set of data as below: If you can see, the TagNames are repetitive. I would want to re-arrange it to belo...

by Explorer in

Alias not working when running a search

Hi there, I have multiple fields being extracted and aliased. These all work fine if i search by index & sourcetyp...

by Builder in

Two fields (same value), fill in third field

My dataset has three fields from two different data sources. Two fields are identical (hostnames with different field...

by Engager in

Why is the inputlookup not returning any records?

I'm running Splunk Enterprise v7.01 running on Server 2012 R2 Lookups are not working in the Search App or in the Hom...

by New Member in

How can I use Geolocation of a private IP space?

I want to use the geostats feature but how do I do so on a private WAN and the syslog does not have Lat Long fields/r...

by Path Finder in

Why are there two different time formats in the columns?

Hi - I had splunk import a fairly simple two column file - column 1 was a date/time column2 is some info... the probl...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

generate daily report on date field in data

IF value then string

How to trim away the port and use only URL after ":"?

How to configure a time-based lookup - Temporal lookup?

How to extract fields from openSCAP using regex?

SAML Assertion signature verification failed. Unable to get local issuer certificate

How do I compare a missing value of one lookup from the other?

How can I use Rex or Regex to shorten up a timechart search by removing xmlkv function?

How can I combine multiple rows into 1 row?

Why isn't the time being recognized?

Percentage of Total of an event within a sub-array

How to use the lookup table to find if I can retrieve the filename from my lookup in my log, using the source fields?

crawl search command doesn't exist on Splunk 7.0.2

How to view the current system process

How to compare data with last 7 days of data?

How can I speed up a search by creating a data model using tstats?

Regex: Why am I getting this syntax error in subpattern name (missing terminator)?

how can I use html file as a datasource.

How do I check for the existence of an event before indexing to avoid duplicate events?

Using stats to organise repetitive data

Alias not working when running a search

Two fields (same value), fill in third field

Why is the inputlookup not returning any records?

How can I use Geolocation of a private IP space?

Why are there two different time formats in the columns?

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions