Splunk Search

Discussions

Thread Info

Command 'search' can't compare two floating numbers

I am writing a saved search to trigger and alert when a difference between values is higher than a threshold. A simpl...

by Explorer in

How can I extract additional fields from this source?

eg: source = shuttle(Oct1-3).zip:./shuttle/5720/LOG/shuttle_log.20171002 ,shuttle_3.zip:./shuttle_3/5720/LOG/shuttle_...

by New Member in

How do I get the event associated to a fired_alert?

I run this search: index=_audit action=fired_alert I get back this which looks like properties of the alert. Audit...

by Path Finder in

Lookups excluding answers if multiple same lines are found

I have a lookup that end users can update. However they might make a mistake and put in the same data twice. The issu...

by Influencer in

Dataset regexed field to uppercase

Hello. I have a dataset with a regular expression where i extract the hostname of the computer to a hostname varia...

by Communicator in

Exclusive Right Join option in splunk

I am trying to list the events from the subsearch which are not found in the main search. For example the subsearc...

by Path Finder in

Help extracting a value from this log?

Hi, can someone help me to exact "536 MiliSeconds" from below is log 6>2017-11-02T05:55:12Z d065d14b-3bcd-481c-512...

by Communicator in

Problem using set diff together with mvexpand

I'm trying to compare multi-value fields from multiple events and display the diff between the two sets. For examp...

by Explorer in

How do I delimit multivalue fields?

Dear All, We have a scenario, where For each Application_ID, Application_Name is having multi-value and delimited....

by Explorer in

How do you compare sets of field values from two searches?

I'm basically trying to identify whether some of my hosts are not doing something successfully as it should be in a d...

by Explorer in

Single value with trend for duration?

I have been searching about this for the last couple of days. I don't think Splunk have this feature but I just want ...

by Contributor in

When I search for top public IP addresses results include my LAN subnet

Hi mates, I'm figuring out the reason, why I'm looking LAN addresses as source IP if my search is clearly filterin...

by New Member in

Rex command to extract multiple values from base query

I have below text and i need to extract "Successfully Sent" FTP Ipaddress and store number. I could extract first por...

by Communicator in

How to split multivalue fields after lookup?

Hello after a search like this: index=myindex|lookup mycsv.csv host_ip I have the following output: ...

by New Member in

Can I join a data model with a lookup using a wildcard character (*)?

Hi I have an issues where I am joining a Data-model with a lookup table and its working very well. We are looking ...

by Influencer in

Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file

I have two lookup csv files. file1.csv and file2.csv 1st query results me with field1 which has a pattern match i...

by Communicator in

How to combine Fw: and Fwd in email Subjects

Let's say I had used a search like: index=mail RecipientUserDomain=user@domain.com | stats count by Subject | sort...

by New Member in

Can you remove a unit of measurement from a field value?

I'm trying to calculate man hours, but my field format is "12 Mins" not simply "12". How can I either calculate this ...

by Engager in

Option to extract one specific field from different patterns in one go ?

For the same sourcetype, I have a lot many different patterns from which I want to extract one specific field. Is the...

by New Member in

Joining 2 sourcetypes ( 2 types of events ) based on time range

We have 2 sourcetypes that we would like to somehow do a join based on if sourcetype2 has a ArrivalDateTime that fall...

by New Member in

How to count the occurrence of a field/string per transaction for events grouped with the transaction command?

I have custom log file in which we all logging various activities in a transaction context (correlation ID). In this ...

by Explorer in

Need help with regex to extract "error" from "url :/test.com/error.html"

How to capture only word that has white the start and end : - 1) ERROR 2) url :/test.com/error.html 3) this is my...

by New Member in

FEATURE REQUEST: Trellis timechart with color by field

Ok, I've figured this out for pie charts, but it seems I'm not able to do this for timecharts in trellis? I'd like to...

by Motivator in

Custom field extraction and table output

Hi Team, I have the below sample log file. I want to filter all the lines starting with "NET," and also want to cr...

by Engager in

Dynamic number of timecharts of field values by another field

Sorry if the description isn't clear. Essentially, I'm making a dashboard to display the trends of a project from a l...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Command 'search' can't compare two floating numbers

How can I extract additional fields from this source?

How do I get the event associated to a fired_alert?

Lookups excluding answers if multiple same lines are found

Dataset regexed field to uppercase

Exclusive Right Join option in splunk

Help extracting a value from this log?

Problem using set diff together with mvexpand

How do I delimit multivalue fields?

How do you compare sets of field values from two searches?

Single value with trend for duration?

When I search for top public IP addresses results include my LAN subnet

Rex command to extract multiple values from base query

How to split multivalue fields after lookup?

Can I join a data model with a lookup using a wildcard character (*)?

Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file

How to combine Fw: and Fwd in email Subjects

Can you remove a unit of measurement from a field value?

Option to extract one specific field from different patterns in one go ?

Joining 2 sourcetypes ( 2 types of events ) based on time range

How to count the occurrence of a field/string per transaction for events grouped with the transaction command?

Need help with regex to extract "error" from "url :/test.com/error.html"

FEATURE REQUEST: Trellis timechart with color by field

Custom field extraction and table output

Dynamic number of timecharts of field values by another field

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions