Splunk Search

Ask a Question

Discussions

Thread Info

How do I extract a field from my raw data using rex command?

Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and ...

by New Member in

How can I compare the count of two hosts?

How to compare the two host events ? index=test| stats count by host | stats list(count) as count by host my re...

by Builder in

Search output of a stats command

I have a search like below | stats values(EndPointMatchedProfile) by EndPointMACAddress Where each EndPointMACA...

by Contributor in

How to use eval to fulfill the below requirement

Hi, I am preparing a dashboard where i can show whether the devices are sending logs or not. In some region device wi...

by New Member in

What does 'nobody' (under owner column) signify in Splunk search and reporting?

Probably a silly question, but can someone please advise what 'nobody' (under Owner column) next to a dashboard signi...

by Path Finder in

Change font size in Radial Gauge

I would like to increase font of scale and current value in Radial Gauge. Is it possible using css? I expect to get ...

by Contributor in

Remove chart axis labels

Hi I have a JSChart: <module name="HiddenChartFormatter"> <param name="charting.chart.nullValueMode">gaps</...

by Path Finder in

Find events matching a multi-value field

I am defining a dashboard panel that uses a token $s_user$ that may contain a comma-separated list of values (it is s...

by Explorer in

Extract date and time from a message

Hi I am trying to extract the date and time from the field "message". It gives me everything after the date and time....

by Path Finder in

Search to shows results for the past 30 days?

Can I please get help to modify the below query to display results of each day for last 30 days which will show the r...

by Path Finder in

Is there a way to remove seconds from a table?

I'm trying to create a report where it shows the date and time; however, when it comes to time I just want it to disp...

by Explorer in

Why are real time searches not running and getting error "status skipped, reason="Real time searches pending""?

Real time searches are not running, and searching for one of the saved search names in the _internal index shows: ...

by Communicator in

How can I include a wildcard character in eval command?

I have the following search: eval "tt"=case(transporttype="sip","Sip",................) I can't figure out how ...

by Contributor in

Route specific events to a relative index

I need to retain events for different periods of time based on content. I have created indexes with different retenti...

by Explorer in

Use process run time to plot number of processes running in each second

I need to plot a graph over time indicating how many processes are running in each second, but the Splunk log only co...

by Engager in

Will wildcards work in the default.meta?

Does anyone know whether wildcards will work in the default.meta? Trying to avoid having to update the file when new ...

by Champion in

Multiple ways to access lookup transforms via REST, which should I use?

There are multiple ways to access lookup transforms via REST, including: data/transforms/lookupsconfigs/conf-trans...

by Champion in

How to do simple join between two different source types like primary key & foreign key in SQL?

I have two different source types Source A & B. 'ID' is the common field in both sources. For each 'ID' in source A, ...

by New Member in

Need help creating search to list all existing users on server.

I am confused about something. I have seen people using this to get a list of users on a system: rest /services/au...

by Explorer in

How to set an alert when the number of authentication events is zero during any 1-hour interval?

I am trying to match (i.e alert) on a condition when the number of authentication events is zero from any host during...

by Builder in

Assistance with search query on generator power

Hello Splunk World, Back at it today trying to chart out some power data off of generators. I have 2 queries that nee...

by New Member in

stats min(count) not 0 if value never occurs

If I have the following query foo | timechart span=60s count | stats min(count) as minCntFoo but foo never ...

by Path Finder in

How do I do a stats count for 2 diffrent interesting fields?

am in a situation, I have 2 Interesting Fields Field1 has A,B values and Field2 has again A,B values I just want to g...

by Path Finder in

How do I place two time values from two seperate logs as distinct variables per field name that they share?

Let's say I have a search query that pulls up multiple logs and there are two logs for each JOBNAME. one that contain...

by Explorer in

Regex to match string followed by varying formats (multi-line event)

I am working with data from a database which produces information on transactions. The problem is that transaction...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I extract a field from my raw data using rex command?

How can I compare the count of two hosts?

Search output of a stats command

How to use eval to fulfill the below requirement

What does 'nobody' (under owner column) signify in Splunk search and reporting?

Change font size in Radial Gauge

Remove chart axis labels

Find events matching a multi-value field

Extract date and time from a message

Search to shows results for the past 30 days?

Is there a way to remove seconds from a table?

Why are real time searches not running and getting error "status skipped, reason="Real time searches pending""?

How can I include a wildcard character in eval command?

Route specific events to a relative index

Use process run time to plot number of processes running in each second

Will wildcards work in the default.meta?

Multiple ways to access lookup transforms via REST, which should I use?

How to do simple join between two different source types like primary key & foreign key in SQL?

Need help creating search to list all existing users on server.

How to set an alert when the number of authentication events is zero during any 1-hour interval?

Assistance with search query on generator power

stats min(count) not 0 if value never occurs

How do I do a stats count for 2 diffrent interesting fields?

How do I place two time values from two seperate logs as distinct variables per field name that they share?

Regex to match string followed by varying formats (multi-line event)

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions