Splunk Search

Ask a Question

Discussions

Thread Info

Get a distinct count of field values matching a regex

I am doing this - <<>> | search $country$ $campaign_name$ event_name=email OR event_name=event|stats dc(person_id) ...

by New Member in

Constructing a search term with ( AND ) statement (WITHIN) nth Characters

Hello , I am constructing search At the moment I am looking for ( X AND Y AND Z) This is working well but ...

by New Member in

IS there any script how we can check SPlunk agent is inactive in user server.

IS there any script or how we can check SPlunk agent is inactive in user server. I received email or notification If ...

by New Member in

Extracting kv pars from a field in a json string

I have a field in my JSON string like: message: caas_tcp_est=12326 caas_bgp_est=0 caas_ovpn_elapsed=2288881 caas_o...

by Builder in

How to create 24/7 real-time search using the Java SDK?

I am looking for a few parameters to make my RT search work better. Current, I am limited using Java search with the ...

by Engager in

Why do real-time queries include duplicates or are incomplete?

I am absolutely new to Splunk and having a play. I was trying to use the java API (through scala, but that shouldn't ...

by New Member in

Timestamp in Table

When I pipe my search results to a table, how do I include the timestamp as a column?

by Path Finder in

Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group listed?

Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group...

by New Member in

Search based on word match

I have a search built off of a lookup file that generates a list of words. I'm looking for assistance with a search t...

by Explorer in

Field conditions with custom delimiter

I'm using custom delimiters to extract fields from the logs of a rails app. Following the advice of an answer on this...

by Engager in

How do I create a query to retrieve all info in one row from the following table below?

I need to create a query that will show all the cells from the table below which exceed 80%. Here is the q...

by Communicator in

How to group by country and concatenate the cities into one row?

giving the folowing scenario: ... | table Country City Population > Country City Population > ...

by Communicator in

How to correlate Dense Sensor Data with a Sparse Data Set?

I have dense sensor data (~75k events in a 3 week period) from multiple sensors that I would like to correlate to a s...

by Communicator in

Join Datasets from two sourcetypes but only display them if there is a dataset on the left side

This Question is based on this question which solved my initial problem but created a new one. No matter which of thi...

by Engager in

How do I create a chart that only shows columns with greater than 1000 events?

I'm trying to make a stacked column chart showing how users are changing some setting ("powerChanged") by build. H...

by Engager in

Dedup / merge multiple events relating to one transaction

Hi, Our system logs events in a bizarre way in which multiple lines of data will all relate to a single transactio...

by Communicator in

dbquery - create a field using a field value

Hi, I am using sql query with dbquery to get data of an item from 2 different tables. In the first table I have th...

by Contributor in

How to extract values from a String.

Hi i have values in a column like AA(15), ABC(20), ADSF(90).Now i need a regular expression which gives me only value...

by New Member in

How do you restrict user searches to only return data injected by themselves?

I have a subset of users who should only be able to view data injected by themselves. To know the event in Splunk was...

by Engager in

Average of results from input search

So I have a search set up where I can find the cpu of a server for a given host. However, now I want to add an option...

by New Member in

Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"?

I had this search working and now it seems to have stopped gives an error. Thoughts? Search: index=symantec sou...

by Explorer in

Field Extraction errors

I keep receiving this error: The extraction failed. If you are extracting multiple fields, try removing one or more f...

by Path Finder in

entire file to a single event

SHOULD_LINEMERGE = true MAX_EVENTS = 99999 TRUNCATE = 9999999 SHOULD_LINEMERGE = false LINE_BREAKER = ((FAIL*)...

by Path Finder in

How do we keep the null results obtained from stats count by field to match the table?

I am trying to obtain the DailyTransactions and WeeklyTranscations . The following is my Query -> index=INDEXA sou...

by Explorer in

Why Splunk results are not showing properly?

Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the r...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Get a distinct count of field values matching a regex

Constructing a search term with ( AND ) statement (WITHIN) nth Characters

IS there any script how we can check SPlunk agent is inactive in user server.

Extracting kv pars from a field in a json string

How to create 24/7 real-time search using the Java SDK?

Why do real-time queries include duplicates or are incomplete?

Timestamp in Table

Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group listed?

Search based on word match

Field conditions with custom delimiter

How do I create a query to retrieve all info in one row from the following table below?

How to group by country and concatenate the cities into one row?

How to correlate Dense Sensor Data with a Sparse Data Set?

Join Datasets from two sourcetypes but only display them if there is a dataset on the left side

How do I create a chart that only shows columns with greater than 1000 events?

Dedup / merge multiple events relating to one transaction

dbquery - create a field using a field value

How to extract values from a String.

How do you restrict user searches to only return data injected by themselves?

Average of results from input search

Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"?

Field Extraction errors

entire file to a single event

How do we keep the null results obtained from stats count by field to match the table?

Why Splunk results are not showing properly?

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions