Splunk Search

Ask a Question

Discussions

Thread Info

Why does PREAMBLE_REGEX work on Windows Splunk but not Linux Splunk?

Hello, I am currently using the following REGEX for PREAMBLE_REGEX in props.conf which works on Splunk 6.4.x runni...

by Motivator in

Set Field=Value when Field not present in some logs

Hi all, I am running a search that in some cases has: Field=Values In other cases, Field is completely missing ...

by Path Finder in

Filter a Search by Field Value, using Rex

Hi, I'm looking for a way to run one summary index search on all files of the same sourcetype, and then identify indi...

by Path Finder in

Problem with my custom drill down source code

My problem is that after I add my custom drilldown code and select an item in my results, it takes me to the specifie...

by Explorer in

Regex help - IIS logs

I'm an absolute Regex idiot. I'm sure this is easy if you know what you're doing. I have an IIS log file, which is...

by New Member in

customerID percentage on a particular channelID based on specific event value

I am running this query but not getting desired output. index=myapp sourcetype=log_source host="*myhost*" "Event*"...

by Path Finder in

show only fields values with alphanumeric value

Hi, I have a field suser in my table, in that i have many values like Password Manager, Batcch , s4545 , Wb 5245 l...

by Path Finder in

Query to Display change in values of fields

I trying to write a query to check the changes in versions of a software. When using timechart (stacked) I can see mu...

by Communicator in

Single Value - Displays differently when on Search and on Dashboard

Hi fellow Splunkers. I have a scenario where my query that I want to show as a Single Value displays differently w...

by Path Finder in

Chart field value over time

Hi, I am very new to Splunk and I would like to make a graph that shows the average value of response_time over the t...

by Engager in

How can I search all the XML nested data?

Dear all, I need to search all XML tagged data including nested data but I only get first data by a search command...

by Path Finder in

Report on changes to a field over a specified time

I would like to display a table of all occurrences of a change to the value of a field over a period of time. i.e. la...

by Motivator in

How can we extract transaction id from an event and do a search to display all events having that transaction ID?

I am fairly new to Splunk queries. I have below mentioned logs: INFO [HTTP-120]: 2017-08-02T18:00:03,157 - tran...

by New Member in

extract a matching string into field

I have an event with a text spans over multiple lines. it has no key-value pattern. the body string has a uuid value....

by New Member in

How to group evaluated columns into 3 specific columns ?

Hi, I am very new to splunk and wanted to know if someone can help me in groping columns fo rmy query below : source...

by Explorer in

Why are users unable to see the results of this search?

Base users are unable to get results of the search. As an Admin, I am able to view the data. Search is below. I can q...

by New Member in

eStreamer data not showing in ES Intrusion Detection Datamodel after upgrade

Hello All, I am having an issue after upgrading our ES app from 4.0.0 to 4.5.2. Currently i am not getting the eve...

by New Member in

No.of Db inputs

Do i need to create separate db input for each table we are loading data from sql server into splunk

by Explorer in

Why is the lookup command not giving results that exist in the lookup table?

I have a lookup table with user data called id_lookup.csv username,hostname,ip user1,computer1,1.1.1.1 user2,compu...

by Explorer in

Reformat data into 2 dimensional table for charting

I keep going around in circles with this and I'm getting nowhere so I'm asking for help. My events look like this...

by Motivator in

earliest/latest returning zero results

I apologize as I feel I am missing something very basic, but for the life of me I cannot get this query to work. I ha...

by Builder in

blacklist not working * condition

sourcetype=XyzProd blacklist = MethodExecutionInfo(\d{8})-(\d{2}).txt|DebugInfo(\d{8})-(\d{2}).txt|CacheRefreshInfo(...

by Communicator in

Transpose and Timechart giving unnecessary fields

After I transpose my timechart, I'm getting 3 fields under my Column that I want to get rid of: _span, _spandays, and...

by Explorer in

Creation and Login Time

Hi Guys, I need to create an alert that returns the creation time of an account and the first login. How can I ...

by Explorer in

How to add a percentage column to a table

I have a query that ends with: | chart count by suite_name, status suite_name consists of many events with a...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does PREAMBLE_REGEX work on Windows Splunk but not Linux Splunk?

Set Field=Value when Field not present in some logs

Filter a Search by Field Value, using Rex

Problem with my custom drill down source code

Regex help - IIS logs

customerID percentage on a particular channelID based on specific event value

show only fields values with alphanumeric value

Query to Display change in values of fields

Single Value - Displays differently when on Search and on Dashboard

Chart field value over time

How can I search all the XML nested data?

Report on changes to a field over a specified time

How can we extract transaction id from an event and do a search to display all events having that transaction ID?

extract a matching string into field

How to group evaluated columns into 3 specific columns ?

Why are users unable to see the results of this search?

eStreamer data not showing in ES Intrusion Detection Datamodel after upgrade

No.of Db inputs

Why is the lookup command not giving results that exist in the lookup table?

Reformat data into 2 dimensional table for charting

earliest/latest returning zero results

blacklist not working * condition

Transpose and Timechart giving unnecessary fields

Creation and Login Time

How to add a percentage column to a table

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions