Splunk Search

Discussions

Thread Info

Field conditions with custom delimiter

I'm using custom delimiters to extract fields from the logs of a rails app. Following the advice of an answer on this...

by Engager in

How do I create a query to retrieve all info in one row from the following table below?

I need to create a query that will show all the cells from the table below which exceed 80%. Here is the q...

by Communicator in

How to group by country and concatenate the cities into one row?

giving the folowing scenario: ... | table Country City Population > Country City Population > ...

by Communicator in

How to correlate Dense Sensor Data with a Sparse Data Set?

I have dense sensor data (~75k events in a 3 week period) from multiple sensors that I would like to correlate to a s...

by Communicator in

Join Datasets from two sourcetypes but only display them if there is a dataset on the left side

This Question is based on this question which solved my initial problem but created a new one. No matter which of thi...

by Engager in

How do I create a chart that only shows columns with greater than 1000 events?

I'm trying to make a stacked column chart showing how users are changing some setting ("powerChanged") by build. H...

by Engager in

Dedup / merge multiple events relating to one transaction

Hi, Our system logs events in a bizarre way in which multiple lines of data will all relate to a single transactio...

by Communicator in

dbquery - create a field using a field value

Hi, I am using sql query with dbquery to get data of an item from 2 different tables. In the first table I have th...

by Contributor in

How to extract values from a String.

Hi i have values in a column like AA(15), ABC(20), ADSF(90).Now i need a regular expression which gives me only value...

by New Member in

How do you restrict user searches to only return data injected by themselves?

I have a subset of users who should only be able to view data injected by themselves. To know the event in Splunk was...

by Engager in

Average of results from input search

So I have a search set up where I can find the cpu of a server for a given host. However, now I want to add an option...

by New Member in

Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"?

I had this search working and now it seems to have stopped gives an error. Thoughts? Search: index=symantec sou...

by Explorer in

Field Extraction errors

I keep receiving this error: The extraction failed. If you are extracting multiple fields, try removing one or more f...

by Path Finder in

entire file to a single event

SHOULD_LINEMERGE = true MAX_EVENTS = 99999 TRUNCATE = 9999999 SHOULD_LINEMERGE = false LINE_BREAKER = ((FAIL*)...

by Path Finder in

How do we keep the null results obtained from stats count by field to match the table?

I am trying to obtain the DailyTransactions and WeeklyTranscations . The following is my Query -> index=INDEXA sou...

by Explorer in

Why Splunk results are not showing properly?

Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the r...

by Path Finder in

Find computer availability

index="windows_logins_test" LogName="Security" (EventCode=4624 AND EventCode!=4647) |table ComputerName when I se...

by New Member in

How to use Regex to extract the fields in the windows application event?

HI, How to extract the field user, action and src_ip from the below event? 05/31/2017 11:59:52 PM LogName=Applicat...

by Builder in

Eval Match function Issue

I need to extract the date from the file name,But the format of the data on different files are different for eg:D201...

by Explorer in

How to exclude NULL return fields from my search?

eventtype=qualys_vm_detection_event STATUS!="FIXED" | fillnull value=- PROTOCOL | dedup 1 HOST_ID, QID, PROTOCOL, ST...

by Path Finder in

What is the search engine Splunk uses to retrieve the data instantly ?

I need to understand the backend search engine Splunk uses to retrieve the data instantly upon a search in the UI. Al...

by New Member in

How to remove fields from a search that will be used in dashboard drill down panel in dashboard.

All, I am running this search to build a drilldown panel in a dashboard: index=os "invoked oom-killer:" | eval st...

by Path Finder in

Can I display the variable concatenated in a table?

Hi, everyone When I create a field concatenated with eval, example: |eval date = day. "/" .month." /". year. | Can...

by Explorer in

How to find alerts and dashboards that were created a long time ago?

Is there any way to find out the alerts and dashboards created like 5 months ago and with the respective user names?

by Path Finder in

How can I identify missing log inputs on Splunk Enterprise?

I am trying to develop a search that can identify missing logs based on average of time between log entries for each ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field conditions with custom delimiter

How do I create a query to retrieve all info in one row from the following table below?

How to group by country and concatenate the cities into one row?

How to correlate Dense Sensor Data with a Sparse Data Set?

Join Datasets from two sourcetypes but only display them if there is a dataset on the left side

How do I create a chart that only shows columns with greater than 1000 events?

Dedup / merge multiple events relating to one transaction

dbquery - create a field using a field value

How to extract values from a String.

How do you restrict user searches to only return data injected by themselves?

Average of results from input search

Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"?

Field Extraction errors

entire file to a single event

How do we keep the null results obtained from stats count by field to match the table?

Why Splunk results are not showing properly?

Find computer availability

How to use Regex to extract the fields in the windows application event?

Eval Match function Issue

How to exclude NULL return fields from my search?

What is the search engine Splunk uses to retrieve the data instantly ?

How to remove fields from a search that will be used in dashboard drill down panel in dashboard.

Can I display the variable concatenated in a table?

How to find alerts and dashboards that were created a long time ago?

How can I identify missing log inputs on Splunk Enterprise?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions