Splunk Search

Ask a Question

Discussions

Thread Info

Unknown error message from Admin Manager

Hi, has anyone seen the error message below? ERROR AdminManager - Argument "actual_only" is not supported ...

by Communicator in

How to separate SNMP GETBULK ARP table MIB Data into something readable?

Hi Guys I'm fairly new to Splunk and SPL can someone help me break the below data into readable fields? RFC1213-MI...

by New Member in

Monitoring Static file

Hi there, I am trying to monitor a file that doesn't change often - WebSphere nodeagent monitor.state file. I unde...

by New Member in

Why am I getting a "extracting multiple fields" error when try to extract fields on a log file that contains XML?

Hi, I am trying to do a field extraction on a log file that contains XML as below however when I try to extract th...

by New Member in

How can I return a list of distinct users and the number of connections from IIs logs?

I want to get a list of distinct Users from IIs logs using the CS_USERNAME field Any examples out there for me to get...

by Observer in

How to count the number of occurrences of a string in multiple fields?

I have a team of Unix admins, each of which manages multiple applications. I created a CSV lookup file that contains ...

by Explorer in

Comparing two files and output the difference for one column

Hope you can help ! I have two CSV files: RESULTS1 and RESULTS2 RESULTS1 has two columns CAR TOTAL Vauxhall ...

by New Member in

Why is streamstats resetting incorrectly twice in the dataset when it should not be?

Hey all, we are having a bit of trouble with the streamstats command, as the title indicates. The following code retu...

by New Member in

How do I formulate a regex to discard events when applying sourcetype?

Hello, I'm currently creating a new sourcetype that has a TRANSFORMS-null setting with value discardit. Within my tra...

by Motivator in

Does splunk user should query data using Index value?

Hello All, can users in splunk query data without using the index defined in search query? i mean can user search ...

by Path Finder in

eval,passing a value in eval

Hi all, Please help me … not been success in passing the output of the search into a new search (different table)....

by New Member in

How to split a table-formatted event into multiple events during search time?

Is it possible to have each piece of software as an event of its own so that I could search for a particular item? ...

by Communicator in

Field extrations from XmlWinEventLog

Hi, I've been trying to find a good solution to extract fields from some XML windows event logs. For instance sourcet...

by Path Finder in

How to remove all null fields to prevent gaps in my table of results?

Hi there, I have a table with four fields inputted, but the issue is that some are blank in some of the events so it ...

by Explorer in

Search inside the files based on keywords to do sub search in splunk

I have following types of txt files in my source and contents of each files are mentioned below in CAPS: a1.txt: K...

by Explorer in

Cannot Call A Search Command from Search Macro

Hello everyone; I am trying to call a search command from a search macro. Does anyone have a suggestion. Example: ...

by Explorer in

Why does Splunk suggest using Regex101.com?

The Regex I create extract fields inside the Regex101 site, but do nothing in Splunk. What gives? Regex in use on ...

by Loves-to-Learn Lots in

How can I reverse grouping in nested JSON block?

I have a JSON block that contains one account id and a number of nested resources. I can easily get a list of resourc...

by Path Finder in

Is it possible to add "starting the search" to the link switcher option?

Hi, I would like to implement some options to show/hide panels in a dashbaord. Currently the plan to have an optio...

by Motivator in

How to join two tables?

Hi All, I have a search: | savedsearch Cycle_11 | append [| savedsearch Cycle_10] with the results: The...

by Path Finder in

evaluation with condition

I have two values x and y. Both values are dynamic (keeps on changing). x indicates _time and y indicates a value tha...

by Contributor in

Lookup match

Hi, I am trying to do the following: 1 - Search an index; 2 - For each result, search for matches in lookup table ...

by Explorer in

Map a field to a value within the log file

I am working with clock sync log files. The top 3 lines have the ip address -> MAC address mapping... The rest of the...

by Path Finder in

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

Hi! My goal is to be able to tie together events from Linux events and Windows events in order to track Windows us...

by Path Finder in

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

SPLUNK NINJAS! I NEED YOUR HELP! I have a firewall issue where any IP outside of our intranet, Splunk throws error...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unknown error message from Admin Manager

How to separate SNMP GETBULK ARP table MIB Data into something readable?

Monitoring Static file

Why am I getting a "extracting multiple fields" error when try to extract fields on a log file that contains XML?

How can I return a list of distinct users and the number of connections from IIs logs?

How to count the number of occurrences of a string in multiple fields?

Comparing two files and output the difference for one column

Why is streamstats resetting incorrectly twice in the dataset when it should not be?

How do I formulate a regex to discard events when applying sourcetype?

Does splunk user should query data using Index value?

eval,passing a value in eval

How to split a table-formatted event into multiple events during search time?

Field extrations from XmlWinEventLog

How to remove all null fields to prevent gaps in my table of results?

Search inside the files based on keywords to do sub search in splunk

Cannot Call A Search Command from Search Macro

Why does Splunk suggest using Regex101.com?

How can I reverse grouping in nested JSON block?

Is it possible to add "starting the search" to the link switcher option?

How to join two tables?

evaluation with condition

Lookup match

Map a field to a value within the log file

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions