Splunk Search

Ask a Question

Discussions

Thread Info

How can I extract these fields to have a table output with the field value (AAAAA) rather than name="AAAAA"?

Hello, I have _raw data like this: time , name="AAAAAA",first_name="BBBBB" When I look with table I saw this : ...

by New Member in

I want to diff the counts before and after a certain date.

I want to diff the counts before and after a certain date. Here is the 'before' query. sourcetype=alpha _time<15...

by Explorer in

Calculate duration between end of search time range and _time of record

Hello, I would like to be able to calculate the time difference between the last time parameter of the time range ...

by Path Finder in

searching across multiple indexes with lookups

we have two indexes with some overlap in fields. specifically IP addresses. what I would like to is do an initial sea...

by Engager in

Count of events based on two where conditions

Hello All, I have to provide two where conditions in my query and need to count the events by individual counts an...

by Contributor in

Left JOIN using two searches

I have these two searches below and I want to join the fieldname Path from the first query to the second query using ...

by Communicator in

rex to extract a field

How do I extract connection attempt failed from the below log 2017-12-20T07:51:05.847Z I REPL [ReplicationExecuto...

by Path Finder in

How to format the duration on weekly summary

Hi, I have the below Query. I want to have the sum of duration per week / description on time format [h]:mm:ss. On...

by Communicator in

Erex example

Hi, I have the below log and values for "days" field are 4, 10 , 15, 30. Could you please extract the "days" field us...

by New Member in

How to search for values in a lookup table with wildcard

My lookup table is a simple list of malicious domains. How can I do a search such that I can search for the malicious...

by Builder in

Transaction : How to exclude Night hour and Week-end period time of duration calculation

Hi, For calculate Application unavailable Time on Workhours, I try to find a solution to exclude period time : ...

by Engager in

length of string (Urgent Requirment pls)

HI All. i want lenght of string with include space ,double quotes everything special charecters. |eval length=len(...

by Motivator in

How does punct work?

NOTE: I figured that a lot of people will search "How does punct work?" and want to know. So if you were wondering: P...

by Contributor in

How to convert monetary values to a single currency? Is there an app to provide exchange rates for this calculation?

We have events containing amounts in different currencies that we would like to normalize into euros (for example). I...

by Path Finder in

Inner search for database-fetched data

I have fetching data to Splunk from a transaction tracker table. My scenario is as given below. Here is the exampl...

by New Member in

How to convert duration in seconds to [h]:mm:ss?

Hi, I have a table with duration in seconds, how can I convert it to [h]:mm:ss? I want it to count the number of h...

by Communicator in

How to get response time from this search?

How to get response time from my search? APIName is from my inputlookup |inputlookup SolutionCenter.csv | appen...

by Builder in

Rex extraction question

I'm pretty new to rex extraction using splunk and I can't figure out why my extraction isn't working. I have a raw ev...

by Communicator in

count events in multivalue field

Hi, I want to deal the multivalue field to get the counts whch is satisfied the conditions I set. For example, in the...

by Communicator in

Help with regex

I have the below sample data sample 1 `<TargetCode key="Zip5">78216</TargetCode>` sample 2 <adm:TargetCode...

by Builder in

foreach with mvexpand to iterate over server fields and perform an expansion

I have various fields like "Server 1" "Server 2" ... And I want to perform an expansion of those fields like so: ...

by Communicator in

Field-extraction wizard error: "The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings."

I just started indexing Windows printer logs and noticed I need to add some additional fields to extract. Here is an ...

by Communicator in

How to explicitly count an occurrence of a string when another similar string exists

I am trying to count the occurrence of some specific strings in a field value. The below query works for counting occ...

by Engager in

How do I search for event with null values in fields

I'm trying to find all events in the logs that have no value in a field. What's the simplest query for that?

by Splunk Employee in

Eventtype and Subsearch problem after migration

Hi everybody. After migrating splunk from one node to another I started having problems with eventtypes and subsea...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I extract these fields to have a table output with the field value (AAAAA) rather than name="AAAAA"?

I want to diff the counts before and after a certain date.

Calculate duration between end of search time range and _time of record

searching across multiple indexes with lookups

Count of events based on two where conditions

Left JOIN using two searches

rex to extract a field

How to format the duration on weekly summary

Erex example

How to search for values in a lookup table with wildcard

Transaction : How to exclude Night hour and Week-end period time of duration calculation

length of string (Urgent Requirment pls)

How does punct work?

How to convert monetary values to a single currency? Is there an app to provide exchange rates for this calculation?

Inner search for database-fetched data

How to convert duration in seconds to [h]:mm:ss?

How to get response time from this search?

Rex extraction question

count events in multivalue field

Help with regex

foreach with mvexpand to iterate over server fields and perform an expansion

Field-extraction wizard error: "The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings."

How to explicitly count an occurrence of a string when another similar string exists

How do I search for event with null values in fields

Eventtype and Subsearch problem after migration

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!