Splunk Search

Ask a Question

Discussions

Thread Info

Which regex code will help pull out the xml fields?

Everything repeats from VULN to VULN It is necessary to pull out the Number of VULN, severity, cveid, CVSS_BASE, C...

by Explorer in

Timechart and overlay two columns?

I have a field outcomeIndicator in my data, that holds values 0,1,5,8. 0 and 1 mean a success of the event, and 5 an...

by Path Finder in

How can I use tstats to search event count comparing with last week a the same time

I have a search that works with stats - but fail to work when using tstats.. Here is the search with stats: ind...

by Explorer in

How to extract the numeric value and IP address from a string in my sample data?

hello, My log contains below entries. 2017-10-06T04:19:25.658+0000 I NETWORK [initandlisten] connection accepte...

by Path Finder in

How do I break into multiple events just by space?

I want the one event in the picture to be broken into many events with the spaces in between. How do I do so with pro...

by Path Finder in

How do you write a search for an incremental count for a field evaluating success vs. failure?

My output is Success Success Success Failure Failure Faliure Success Success Success Failure Success Success Succ...

by New Member in

How to subset top N records from the number generated from eventstats

Hi Splunk friends, I am new to Splunk community and currently facing a question. I have below table which was ge...

by Explorer in

Using regex to extract a string where the following string may or may not exist

Hi, I am trying to extract some fields which are generally bound by other strings (eg Some Text 1 Some Text 2). I ...

by Path Finder in

Extract string and place in new field

Trying to extract a string into a new field. A sample of log is as follows: productName = Special Day Argyle Socks...

by Path Finder in

How to convert Week of Year number to a standard Date format?

Hi, I have a set of data where the date is stored as Year/Week of Year. For example: this week would be 14/43 w...

by Path Finder in

How much data is indexed over 12 months

Hello, I'm looking for a report that shows the currenct size of my Splunk Indexer and how much of that data is over 1...

by Path Finder in

Sum and average of values present in two columns of an output

Hi All, I would like to get the average for Failed_Attempts and Passed_Authentications of the below table, _tim...

by Observer in

unable to start the splunk on my mac os High Sierra system

I install the splunk to my mac for several times, but I still cannot be able to start it. Here is screenshoot when...

by Engager in

How do I chart rare values?

Hello! I'm fairly new to Splunk, and I'm using my Minecraft server logs to chart some data. I am having a hard tim...

by Engager in

Which command works better to see lookup fields in fields sidebar?

In order to view lookup fields in the fields sidebar which command would be used to get faster results. I know to use...

by Explorer in

Search query that filters results by geolocation

Simply put i index a logon log to one of our services. I would like to create a table that would show me results base...

by Path Finder in

How to combine a search with a data model without the JOIN operator?

Hi experts, I try to combine a normal search with a data model without the JOIN operator, because of the slow proc...

by New Member in

stats sum command dosen't works

Hi guys, I already used the "stats sum" command several time but I just noticed that for one particular index, the...

by New Member in

Splitting stats count results into 2 sepereate Columns

hi can someone please help me with this, ive been trying and searching but no luck. i want to split the "Delivered" f...

by New Member in

Merge similar field values

Running the following query gives me a result with different field values. index="XXXX" host="POLO*" | stats count...

by New Member in

Reached the subsearch limits, so I'm trying to use stats and having trouble with my search

Hello, new to splunk, I was able to create a the following query: index="ops" sourcetype="tradeaudit3Q17" | t...

by Explorer in

Trying to sum values of fields with similar names

All, I have dates where the field names are: 20A1,20A2,20A3,20B1,20B2,20B3,20C1,20C2,20C3 1,3,4,5,5,5,6,6,6 I a...

by Path Finder in

How can I compare count "so far" today with same range yesterday?

I'm trying to use a single value with the trendline indicator to display this query: |tstats count as count where ind...

by Contributor in

Show Total count on Stacked bar/column chart

I have simple stacked bar graph. I want to show the total of each stack and also want it part of the scheduled pdf. C...

by Explorer in

how can i pass the field values from one search to my subsearch or to another search

index=xx sourcetype=yy |eval ..|table aa [| search index=xx1 sourcetype=yy1 yy=aa values |table yy zz ff ] in a singl...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Which regex code will help pull out the xml fields?

Timechart and overlay two columns?

How can I use tstats to search event count comparing with last week a the same time

How to extract the numeric value and IP address from a string in my sample data?

How do I break into multiple events just by space?

How do you write a search for an incremental count for a field evaluating success vs. failure?

How to subset top N records from the number generated from eventstats

Using regex to extract a string where the following string may or may not exist

Extract string and place in new field

How to convert Week of Year number to a standard Date format?

How much data is indexed over 12 months

Sum and average of values present in two columns of an output

unable to start the splunk on my mac os High Sierra system

How do I chart rare values?

Which command works better to see lookup fields in fields sidebar?

Search query that filters results by geolocation

How to combine a search with a data model without the JOIN operator?

stats sum command dosen't works

Splitting stats count results into 2 sepereate Columns

Merge similar field values

Reached the subsearch limits, so I'm trying to use stats and having trouble with my search

Trying to sum values of fields with similar names

How can I compare count "so far" today with same range yesterday?

Show Total count on Stacked bar/column chart

how can i pass the field values from one search to my subsearch or to another search

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

User could not act as admin in splunk

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!