Splunk Search

Discussions

Thread Info

Comma separated field value, adding a carriage return

Hi folks, I think this should be easy, but it is hard to search for the solution because the terms I'm using are b...

by Communicator in

how to rex field number of infected file for clamav scan report?

Jul 10 06:59:22 icopenstack01 clamav[9040]: Infected files: 0 source = /var/log/remote/icopenstack01.log sourcetype =...

by Explorer in

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

The following search: sourcetype=my_log_type | timechart count by conn_type generates the chart I want, with o...

by Builder in

What kind of syntax is limit and span?

I noticed that limit and span always turn green. What kind of component are they? For instance: blue is used for c...

by Path Finder in

Work of OR/AND condition search query based on the match & should give the result.

Hi Team, I am trying to populate a panel on the dashboard on the basis of two input fields Profileid & Transact...

by Explorer in

Unrelated lookup table goes missing after setting [replicationBlacklist]

Hi all, we have a non-clustered distributed Splunk. It has a number of big lookup files that are updated regularly. A...

by Path Finder in

Regex help in transforms : key-value extraction and assigning to key

I'm trying to match key-value pair within an SNMP trap message whereby the KEY and VALUE are present in two fields ...

by Super Champion in

How to edit my search to create a table grouped by User based on multiple events?

Hi, I am struggling with the correct way to approach this. I have VPN data that performs 5 posture checks before c...

by Explorer in

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Can you please help with the following search? It returns 0 events. I want all the errors that occurred today, and no...

by New Member in

Best practice for forwarding data to a differently named index?

I have three independent geographic sites, A, B, C. A forth site, Z, needs a searchable copy of all data from A, ...

by Engager in

Does transforms.conf support a regex group based rerouting?

Hi all; I am trying to build some logic for a docker/k8s integration that we are doing through fluentd. Basically ...

by Builder in

How to edit my search to add the total count for the number of times process appears in the logs per host?

index=GenericHostName host=GenericServerName process="GenericServiceName" | fields _time, host, PID, process, source,...

by New Member in

Which online, regular expression editors can I use to validate a regex I generated?

I have extracted regex for a log, need to validate it on programming editor. Which platform do i need to use? Any Onl...

by New Member in

How to set the X-axis range in a time chart

Hi all, I am a relatively new user of splunk, so do be patient with me if you think that my questions had been ans...

by New Member in

Using head command

I have the query with stats, and I want to use head command to retrieve limited events for everyday. But head command...

by Explorer in

Top 10 for every timespan

I have data of mail sending activities of 1000s of customers and need to find the top 10 mail sending customers for e...

by Explorer in

how to iterate a column's values like python in command?

"daily.cld" | rex field=_raw "version: (?\d+.)," | rex field=_raw "sigs: (?\d+.)," | convert timeformat="%Y-%m-%d" ct...

by Explorer in

How to get " stats count as hitcount " for logs saprated by commas in rows

Hi All, Requesting your help with Log Example. I have 54 fields separated by comma The field data is variable ...

by New Member in

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

Hello All, We are in the process of cleaning up unused and Real Time Searches from the system. I can see there are...

by Path Finder in

splunk monitoring console output

Can anyone please explain what is instance freezing due to size , median data age , oldest data age , instances freez...

by Path Finder in

Highlight with color if SLA missed

Hi Team, Below my search from which i am getting the completion time of job. I need ur help for couple. 1 - If ...

by Path Finder in

Splunk Data Input Whitelist: Regex not matching

I am trying to add a directory input monitor to Splunk. In this directory I have many different CSV files. Since ther...

by Engager in

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

When I upgrade Splunk from 6.4.2 to 6.5.1 and search in Splunk Web, then get error: JournalSliceDirectory: Cannot ...

by New Member in

How to find which group was matched in a regex when multiple groups are extracted to the same field?

I am using multiple capturing groups in regex and extracting the value of multiple groups to same field. For ex: ...

by New Member in

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

Basically looking to create a table with matching items ie if I search for the following field username in active dir...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Comma separated field value, adding a carriage return

how to rex field number of infected file for clamav scan report?

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

What kind of syntax is limit and span?

Work of OR/AND condition search query based on the match & should give the result.

Unrelated lookup table goes missing after setting [replicationBlacklist]

Regex help in transforms : key-value extraction and assigning to key

How to edit my search to create a table grouped by User based on multiple events?

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Best practice for forwarding data to a differently named index?

Does transforms.conf support a regex group based rerouting?

How to edit my search to add the total count for the number of times process appears in the logs per host?

Which online, regular expression editors can I use to validate a regex I generated?

How to set the X-axis range in a time chart

Using head command

Top 10 for every timespan

how to iterate a column's values like python in command?

How to get " stats count as hitcount " for logs saprated by commas in rows

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

splunk monitoring console output

Highlight with color if SLA missed

Splunk Data Input Whitelist: Regex not matching

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

How to find which group was matched in a regex when multiple groups are extracted to the same field?

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions