Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to extract XMP, parse XML, and split it up with eval?

I got some embedded XML in a Syslog message. I have no access to get under the bonnet in an admin sense. I need to ...

by Explorer in

How to count a field by another one and removes duplicates?

Hello everyone !After a few hours of research i come ask your help. Here is my data : Username_columnclientip_c...

by Explorer in

Why is stats(max) is not giving correct results?

Hi all, I have a set of data and i used stats(max) to get the maximum task number of every group. But the maximum ...

by Communicator in

How to achieve results only if another event is NOT true for the user?

Hi All, I already have a search that gives me a result. But what I desire to have is we want the results only if ...

by Explorer in

How to evaluate multiple fields to create new field based on priority?

I am trying to create a logic to choose a value to use from multiple fields based on a priority I can define. I have ...

by Explorer in

How to use 15m time value (epoch parameter) from chart on drilldown?

Hi. I have a classic dashboard and am using a bar chart with | timechart span=15m count ...

by Path Finder in

How to fill null values using another field value?

Hi,I need small to fill null values in search results I have search results like ID host country1 A CC2 A CC3 B...

by Communicator in

How to use a sub-search result as table fields?

I am trying to use a search to find fields that I want to use in another search as a table field. The first search...

by Engager in

How to remove unused FW rules?

Hi, I have about 100 rules and I want to count the number of logs are related to each rule. When I used "stats ...

by Explorer in

Hoew to remove paticular string from the value in a filed?

I have the Field with id i want to only 3 digits id For example:if i take t0123-123 here i want remove t0t456-45...

by Path Finder in

How do I remove all special characters from all field names?

I have a CSV with numerous fields with bad field names. They have spaces and special characters such as up and down a...

by Motivator in

How to query a table that shows field value changes using streamstat?

I am trying to get my query to work correctly and display it in a table format for easy analysis. The fields I am ...

by Observer in

How do I add a Role Restriction Search Filter on a field available in only one index?

Hi, I need to add a Role Restriction Search filter on a field which is only available in one index.My problem is...

by Path Finder in

How can I discover fiber cuts and power supply failures?

Hello, I am currently testing Splunk for our Cisco backbone network and I would like to filter out two scenarios. ...

by Engager in

Why am I not able to extract the _time field from the log?

I am trying to extract the _time from the log Jul 28 12:00:49 104.128.100.1 420391: Jul 28 06:30:25.023: %Sample: ...

by Observer in

How to search the table by the range set of size in the input?

I want to search file by range of size assigned in the input but I'm not sure how.Example: I pick 50M in the choices ...

by Loves-to-Learn Lots in

How to add dynamic timewrap to dashboard?

Hello everyone, I want to be able to have a dynamic timewrap option on my dashboard. Based on the user input (of ...

by Engager in

How to separate data into groups of how often they appear?

Looking to create a chart that can separate results into groups of how often they appear in a time range. We're l...

by Path Finder in

Sorting multi-series column chart by count field

Not sure why this is so perplexing, but or the life of me I can't get this to sort how I want. The following char...

by Builder in

How to use tstats count as output to eval subsearch?

Have a search that returns emails of interest (possibly malicious). Trying to add a subsearch that will return a coun...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract XMP, parse XML, and split it up with eval?

How to count a field by another one and removes duplicates?

Why is stats(max) is not giving correct results?

How to achieve results only if another event is NOT true for the user?

How to evaluate multiple fields to create new field based on priority?

How to use 15m time value (epoch parameter) from chart on drilldown?

How to fill null values using another field value?

How to use a sub-search result as table fields?

How to remove unused FW rules?

Hoew to remove paticular string from the value in a filed?

How do I remove all special characters from all field names?

How to query a table that shows field value changes using streamstat?

How do I add a Role Restriction Search Filter on a field available in only one index?

How can I discover fiber cuts and power supply failures?

Why am I not able to extract the _time field from the log?

How to search the table by the range set of size in the input?

How to add dynamic timewrap to dashboard?

How to separate data into groups of how often they appear?

Sorting multi-series column chart by count field

How to use tstats count as output to eval subsearch?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Splunk logs multiple lines as a single event

Splunk searches using lookup might get affected if...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?