Splunk Search

Discussions

Thread Info

Regex to extract from start until a specific character

I have a test field in a CSV called description: Completed changes are not shown as complete in channels for a while ...

by Champion in

How to calculate the percentages of the field values (yes/no) in a field?

Hi I have a Splunk search as follows: My search | table host_name, last_seen_in_24hours which displays the res...

by Builder in

How do I make fields with a replacement for an argument work inside a saved search with the map command?

I'm sure there's a really easy answer, but it isn't coming to me so I'd greatly appreciate some help. If I define ...

by Communicator in

'outputlookup' command: Could not write to file

I'm trying to use outputlookup to generate a lookup table based on search results and I'm running into the following ...

by Super Champion in

chart over multiple fields

hello splunkers, We are trying to get the chart over for multiple fields sample as below , we are not able to get ...

by New Member in

Regex for Windows Event from Syslog agent

Hi, I'm trying to get the Target Account ID from the Windows Event parsed from a syslog agent. I'm trying to capture ...

by Explorer in

Stats function by multiple fields

I have a table of data like this Time1 Time2 Time3 Total 36.650000 16.050000 0.133333 74 44.86666...

by Path Finder in

Top 10 list of failed login attempts for a specific application by user name

I am trying to get a top 10 list of failed login attempts for a specific application by user name over a period of ti...

by Communicator in

How to Trim string at @ - need help creating rex search

Hello, I cannot figure out the syntax of the rex function. I have a field called email with multiple domains: katz...

by Path Finder in

How to create and use a form input to run searches on data from multiple sources?

I would like to create a look-up tool for my incident responders. they often only have an IP and I would like to be a...

by Motivator in

Host Regex Help

Hello All, I really need to get good at regex and learn to do this myself but alas there are so many other things ...

by Contributor in

Is the Splunk predict command useful?

So, I have a graph that shows the total user logins per day for an application and I thought it would be cool to show...

by Communicator in

Visualize JSON array of array

Hi guys, I would like to convert the following event into a table: { Id: 1505207351 Start: 1505207651 ...

by Communicator in

Where command -- How can I use this on a search without affecting the base search?

I want to compare two identical searches but one looking for just count and the other using count | where the average...

by Path Finder in

Save number to a value from .log file

Hello all. I'm totally new to splunk. And I'm totally desperate now. I have .log file in which i have to search for s...

by Engager in

How to prevent injection from field in a dashboard?

I create a simple dashboard and put a text field (token: field1) and a panel with shows result search query. <form...

by Path Finder in

Multisearch alert to go off only from one side + sourcetype count optimisation

I've tried to set up an alert to go off whenever the number of hosts from one search is not the same for another sear...

by Path Finder in

Time chart with events consist of unique count

i have a user login info log file like below for eg, when i prepare a time chart for last 2 days, i need the unique u...

by New Member in

delta then sum then graph from multiple hosts

I have log entries from multiple hosts which contain cumulative counters. One log entry per host about every 5 minute...

by Path Finder in

Field Extraction -- Break Field at Explicit Character

All - I need someone to bring me sanity with a regex I am trying to write. Essentially I want to capture everythin...

by Contributor in

Results for each minute in an hour (even if there's no data)

Hello All, Suppose I want a search results for past 60minutes, how spunk works now is if there is any event in pas...

by Explorer in

How can I get the total count of payments and total amount of payments?

index = elm-retail-rws source="/opt/app/jboss/current/standalone/log/PosMultipaymentProfile.log"

by New Member in

Having difficulties at search trying to use sed to find and replace a @ (at sign)

I'm trying to filter down a list of internal email addresses at search time in a field called "email." They are all t...

by Explorer in

Part TWO: Need a little help troubleshooting my subsearch...

This query works great index=fireeye sourcetype=hx_json [search index=fireeye sourcetype=hx_cef_syslog act="Dete...

by Contributor in

How to get _time at median value?

Hello everyone, Now, I encountered hard problem that I can't solve for long times. I was also google on many hours...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex to extract from start until a specific character

How to calculate the percentages of the field values (yes/no) in a field?

How do I make fields with a replacement for an argument work inside a saved search with the map command?

'outputlookup' command: Could not write to file

chart over multiple fields

Regex for Windows Event from Syslog agent

Stats function by multiple fields

Top 10 list of failed login attempts for a specific application by user name

How to Trim string at @ - need help creating rex search

How to create and use a form input to run searches on data from multiple sources?

Host Regex Help

Is the Splunk predict command useful?

Visualize JSON array of array

Where command -- How can I use this on a search without affecting the base search?

Save number to a value from .log file

How to prevent injection from field in a dashboard?

Multisearch alert to go off only from one side + sourcetype count optimisation

Time chart with events consist of unique count

delta then sum then graph from multiple hosts

Field Extraction -- Break Field at Explicit Character

Results for each minute in an hour (even if there's no data)

How can I get the total count of payments and total amount of payments?

Having difficulties at search trying to use sed to find and replace a @ (at sign)

Part TWO: Need a little help troubleshooting my subsearch...

How to get _time at median value?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions