Splunk Search

Discussions

Thread Info

What search string do I need to get Pie Graph by Field Value?

I don't know why this is so hard, but I'm having issues creating a simple pie chart. I'm relatively new to Splunk and...

by New Member in

I am using a lookup table and I only want the results that have a match in the look up table.

lookup Down.csv node AS host, BBB AS Circuit Table host,Circuit,msg,_time,node, BBB I only want events to hit the...

by Explorer in

How to get multiple events in single row of table?

I search logs for these strings: "member left" OR "left cluster" OR "asking member". It gives below output. These eve...

by Explorer in

How to get the type extracted in regex?

Hi, I have this data and I'm challenged (not hard to do) on how to get the type extracted. On the first line type=...

by Motivator in

How to write a regular expression to extract and count the number of calls per URL from Apache web access logs?

Hi, I am trying to analyse the Apache web access logs for the below textpayload: IP -- [Date +0000] "POST /PATH...

by Contributor in

How to use rex and sed to remove field prefix?

I would like to remove a prefix from a field where certain criteria are met but leave the prefix on on fields where c...

by Explorer in

How to get event count hourly the last 7 days graph each day need to display different line ?

one particular system event count hourly the last 7 days graph each day need to display different line X - axis -...

by New Member in

How to use a event value to create new field

I have a event that returns me this what i want is to have a new field that will solve the equation like...

by Builder in

How to get active VPN Sessions Cisco ASA Logs with Datamodel?

Hello together, I probe to get the active session count from our asa logs per minute. I created a datamodel (CASA)...

by Explorer in

How to add trend to event counts?

I have the below search which shows 3 columns....the field1, index list and count of events. How can I add a trend li...

by Explorer in

How to display the event count per index and distinct host count per index with a trend line.

by Explorer in

Duration of a single event

Splunkers! I need to compute the duration of a event, as the difference between the two field (END_TIME and OPEN_T...

by Path Finder in

Why does my search not finish?

index="king" source ="/King/East" I am confused why my search doesn't finish. I have a '2 month window' applied to...

by Engager in

how to search for a field containing timedate relative to todays date?

I have a field named "Expiry date" that contains future dates. I want to make a search that list will all entries tha...

by Explorer in

What is the search range given for beginning and end query?

Given the following log lines: Alpha Beta Gamma Hello World Soup I would like to query ` | first="Beta" | las...

by New Member in

How to fix the mismatched bracket in regex?

Hi, I have the below regex and Splunk keeps telling me I have a mismatched "[" and for the life of me I can't figu...

by Motivator in

How to pair values of the "FIELD" with values of the "VALUE" field?

I'm trying to figure out the best way to extract values currently displayed under the field name "FIELD", for example...

by Communicator in

How to keep the original start time, but continuously update the end time using the dedup command?

So the query that is currently in use is: index=name source=source_name | fields start_time end_time src subject c...

by New Member in

How to get multiple search condition on a single query?

Hi Team I have this requirement .Could you please help me on it .Here is my question I wanted to get result fo...

by New Member in

transform field in sha256 before indexation

is there a way to transform a field in sha256 before indexation? in the sourcetype ? I can do that after using ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What search string do I need to get Pie Graph by Field Value?

I am using a lookup table and I only want the results that have a match in the look up table.

How to get multiple events in single row of table?

How to get the type extracted in regex?

How to write a regular expression to extract and count the number of calls per URL from Apache web access logs?

How to use rex and sed to remove field prefix?

How to get event count hourly the last 7 days graph each day need to display different line ?

How to use a event value to create new field

How to get active VPN Sessions Cisco ASA Logs with Datamodel?

How to add trend to event counts?

How to display the event count per index and distinct host count per index with a trend line.

Duration of a single event

Why does my search not finish?

how to search for a field containing timedate relative to todays date?

What is the search range given for beginning and end query?

How to fix the mismatched bracket in regex?

How to pair values of the "FIELD" with values of the "VALUE" field?

How to keep the original start time, but continuously update the end time using the dedup command?

How to get multiple search condition on a single query?

transform field in sha256 before indexation

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

How to extract field names against values in one (...

How to compare data between two business weeks usi...

Help with non eng word rex search?

Cannot export search results- How to fix error?

How to remove null values then add fields?