Splunk Search

Discussions

Thread Info

How do you write rex to extract unstructured field?

I have the below log. I want to extract the sixth column as a field, in that column I have different types values. So...

by New Member in

How can I create a visual progress bar/ tracker in Splunk? Use case: to show various phases of onboarding process.

Hi ,For my current project i need to implement a Tracker functionality which basically shows various phases of Onboar...

by Path Finder in

Use other events fields as a field for your search

Hi, I need to use events on a data source as a reference for other events Example: ID . | Name . |Type . | I...

by New Member in

Search data for All Time but only graph a specified time range

Hello, I am charting IT help desk tickets and I need to make a chart showing how many tickets are opened and close...

by New Member in

Why Raw events table (populated using tokens) displays raw events for some events but not the others?

Hi, Would really appreciate if someone could help me with this issue: I have a Table that displays Host and "Er...

by New Member in

Need to make a new field with values of new made fields from two indexes

Hi, Maybe a simple question, but im struggling with it. I would like to make a new field with eval which consist o...

by New Member in

How to filter out the list of hosts that are in the lookup but not in my search result?

I have a query as follows which displays the list of hosts and their host details as follows host field_A fi...

by Builder in

streamstats and exclude field values that changed their state to a particular value

Hi All, I am hoping you can help me out with the following : I am preparing a report from the logs of our moni...

by Path Finder in

How can I create a table with the currently logged in VPN users?

Hi, I wanted to display in a form of a table the current logged in VPN users. my search command is this hos...

by Explorer in

eval wildcards

I have a search that uses some wildcards: sourcetype="EPPWEB" source="/opt/log/*/web_server/info.log" WAT | rex f...

by Builder in

Combining unique field values

I have the following problem I would like to solve Numbers1 Numbers 2 1 6 2 7 3 8 4 9 5 10 I want to concatena...

by Path Finder in

My count is double. Can I use field from search to search lookup table?

1) I have got a query whose output are events that contains a field called CV4_TExCd. The base query looks like this:...

by Explorer in

Linechart with multiple lines of data on one chart?

Dummy question. I have a CSV file that contains three columns (fields) <date>, <value>,<group> 2017-01-01, 10...

by New Member in

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

All, I have a soucetype that is quite complex. So I need to leave autoKV extractions on. In one of the logs there...

by Builder in

Can I use relative time for bin span?

I want to run a query with rolling time span (rolling every minute) and want to count events in last 1 hour relative ...

by Explorer in

set timezone in search

most of my data sets to UTC, and all data sources are properly tagged to convert to UTC if they are not. My user i...

by Path Finder in

How to modify the results in required format?

I have a lookup query as follows | inputlookup hosts.csv | rename hostname as my_hostname | table my_hostname ...

by Builder in

How would I configure my regex to also include Windows data?

I have a query that will identify all the logs in my instance for a certain index, it list everything running except ...

by Path Finder in

Time field always gives nanoseconds without format variable

`xd_index`_alerts SiteName="*" ServerType="Member"| eval _time=_time-(strptime(strftime(_time,"%Y-%m-%dT%H:%M:%S")." ...

by New Member in

How can I search for results that share the same Mac address?

I think I'm close. Just need a little help. here is my current search index=windows sourcetype=dhcpsrvlog | stats dc(...

by Path Finder in

Can I graph data in text over time?

I have data that is in text value that I want to graph over time. index=pcrf sourcetype=rac* ha_state=* | table _...

by New Member in

Transforming Field Value with Rex/Regex?

Hey! So I have this field: "user1 user2 user3 user4 user5 user6 (.....)" and I wanted it to look like "(account="u...

by Path Finder in

check if value is in subsearch table result

Hi, I need a way to check if a value is in a sub search table result. for example I use the code that doesent work...

by Contributor in

Simple way to turn multivalue field into a table?

Is the a function that does this: ... | mvmap data (fname, lname, age, height) | table lname, age (where data ...

by Explorer in

What is the best way to compare emails in two different formats

I have two fields, I need to compare, that contain an email address, but in different format: Format 1) firstname.las...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you write rex to extract unstructured field?

How can I create a visual progress bar/ tracker in Splunk? Use case: to show various phases of onboarding process.

Use other events fields as a field for your search

Search data for All Time but only graph a specified time range

Why Raw events table (populated using tokens) displays raw events for some events but not the others?

Need to make a new field with values of new made fields from two indexes

How to filter out the list of hosts that are in the lookup but not in my search result?

streamstats and exclude field values that changed their state to a particular value

How can I create a table with the currently logged in VPN users?

eval wildcards

Combining unique field values

My count is double. Can I use field from search to search lookup table?

Linechart with multiple lines of data on one chart?

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

Can I use relative time for bin span?

set timezone in search

How to modify the results in required format?

How would I configure my regex to also include Windows data?

Time field always gives nanoseconds without format variable

How can I search for results that share the same Mac address?

Can I graph data in text over time?

Transforming Field Value with Rex/Regex?

check if value is in subsearch table result

Simple way to turn multivalue field into a table?

What is the best way to compare emails in two different formats

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions