Splunk Search

Ask a Question

Discussions

Thread Info

How can I skip the first two "\n" letters from my fields?

Hello Everyone! I want to remove the first two letters from my fields "\n" how can I do it? \nCDIARIA2 \nCDIARI...

by Path Finder in

Regex for extracting email with a trailing whitespace

Hi, I have log line according to the next template: [2017-11-03 13:55:52,945] [MYPROJ] [EMAIL=xxx@yyy.com] But ...

by Path Finder in

Finding whether firewall hosts sending logs to splunk ?

Hi , I have a list of firewall hosts names and some ips of firewall and i created the lookup of all host names of fir...

by Communicator in

Is it possible find total of transactions in a lookup table

I have a lookup table with personal financial transactions on it. They list like they do when you review transactions...

by Communicator in

Getting error in splunk cloud while running every search in the splunk cloud

Error : " Error 'Could not find all of the specified lookup fields in the lookup table.' for conf '(?::){0}XmlWinE...

by Engager in

Using MVZip and MVExpand on MultiValue fields where one node sometimes exists

Hello friendly Splunk community, May I ask your assistance in dealing with a multivalue field that sometimes conta...

by New Member in

How do I create a piechart visualization with the count of two field values and the sum of both displayed?

I have a query that gives me the count of certain events with keyword 'ab' OR with keyword 'pq'. The query is like th...

by Contributor in

How can I get the count of two different field values in the same search?

My splunk query is , host=x OR host=y OR host=z nfs1 | stats count as nfs1_count In the above case nfs1 field i...

by Contributor in

counting combination of fields

Hi, How would I count a combination of fields in splunk? For example, I have a "from_ip_addr" and a "to_ip_addr" i...

by Champion in

How to get percentages of value pairs

I have a very large set of retail data. The significant fields for this query are store_no, transaction_amt, zip, eth...

by Path Finder in

Difference calculation different time in different column

Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, Process like ...

by Path Finder in

Top 10 values for each field value

Hi, I have a data that contains the field 'regression_target'. I want to get the top 10 rows by 'regression_tests'...

by Contributor in

Nested Splunk Query - Time of event within consolidate events

Hello All, Sorry relativly new to splunk - and so this query may be a pile of garbage! To sumerise, i have a query...

by Engager in

Maximum output of fieldsummary (or table *)

Hi All, I have a large data set with lots of fields and I want that in a table. However this is not working correc...

by Path Finder in

Usernames Failed to Login against an IP Address | which other IP Addresses has that Username Failed to login against?

Hello, I'm looking for a query, which looks for successful [ or unsuccessful ] brute force attempts, and then to ...

by Engager in

How do I search within results of a search that has already run?

Sometimes I write a brutal search that takes a very long time to run and then realize that I need to do something mor...

by Builder in

filter by duplication of records

by New Member in

populating input dropdown with regex search

Hi splunk community, am trying to populating input dropdown with results from regex search and i'm fairly sure it's m...

by Path Finder in

Using Splunk query with transaction

1) I want to count the number of occurences of the HTTP URL with p(95) response time for url invocation: https://exam...

by New Member in

Splunk Search Log SearchOperator:kv

When I use the Job Inspector to view the Search Log of a completed search, I find hundreds of entries tagged: SearchO...

by Contributor in

How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59) for set of keywords?

I have a set of keywords which I need to search and generate the output similar to https://answers.splunk.com/answer...

by Explorer in

What causes unioned data sets to be truncated?

Hi Splunk Experts-- I'm confused about the union command and am hoping you can help. Specifically, I'm struggling ...

by Explorer in

Question about the metrics index in Splunk 7.0.0 and search efficiency

In the splunk system we developed, we have 2.8 billion records as of now. The problem is that it's a single config...

by New Member in

metadata search in a macro doesnt seem to work

Hi, I am trying to put a metadata search into a macro, but having trouble making it work. The macro is something ...

by Contributor in

lookup two csv pattern match query

I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 field2 "application...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I skip the first two "\n" letters from my fields?

Regex for extracting email with a trailing whitespace

Finding whether firewall hosts sending logs to splunk ?

Is it possible find total of transactions in a lookup table

Getting error in splunk cloud while running every search in the splunk cloud

Using MVZip and MVExpand on MultiValue fields where one node sometimes exists

How do I create a piechart visualization with the count of two field values and the sum of both displayed?

How can I get the count of two different field values in the same search?

counting combination of fields

How to get percentages of value pairs

Difference calculation different time in different column

Top 10 values for each field value

Nested Splunk Query - Time of event within consolidate events

Maximum output of fieldsummary (or table *)

Usernames Failed to Login against an IP Address | which other IP Addresses has that Username Failed to login against?

How do I search within results of a search that has already run?

filter by duplication of records

populating input dropdown with regex search

Using Splunk query with transaction

Splunk Search Log SearchOperator:kv

How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59) for set of keywords?

What causes unioned data sets to be truncated?

Question about the metrics index in Splunk 7.0.0 and search efficiency

metadata search in a macro doesnt seem to work

lookup two csv pattern match query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!