Splunk Search

Discussions

Thread Info

How to use a file to map results from fields to more meaningful names?

I have log files that contain compCodes (over 500 different types of them). Is there a way I can create a mapping fro...

by Path Finder in

How to edit my search to create a bubble chart with dates shown on X axis?

I have a search that returns me 3 fields (let's say country, _time, count) I want to show these results in a bubbl...

by New Member in

How to write a regex to extract a field within a particular field?

I am looking for a way to some how extract and mask some of important information that comes within logs. I don't hav...

by Path Finder in

Transforming tables without hacky chart(first) usage

I have some data I'm trying to rearrange into an appropriate table for visualization. It starts out like this: G...

by Path Finder in

How to generate a search when a field value total is less than 21?

The Log output is below: Need to search if Port 2003 farm total < 21 6/6/17 3:35:01.000 PM Tue Jun 6 15:35:01 E...

by New Member in

Modifying Timeline Scale

Is there a way to specify the scale of the time chart when performing a search. For instance, if you perform a sea...

by Explorer in

If - Then Logic in Table Results With Column Value Based on Field Results in Search

Good morning, I have a search that looks through and Oracle database for an ACTION_NAME: source="dbx:[DB source...

by Path Finder in

Pass a variable to a rex command

Hey Community, I'm trying to pass a variable including the pattern to a rex command mode=sed. This is my approach ...

by Path Finder in

Remove first word with rex

Hey Community, I'm trying to remove the first word of a Uri with a rex. /test/contentA/contentB.html It shou...

by Path Finder in

splunk - create alert for a specific host not sending data in last 30 min using metadata

Below is the search that i have prepared to check for the host named nmshost01 not sending data for over 30 min | ...

by New Member in

When applying a table view to my search, the Java stack exception is not display well. How to resolve this?

Hi, i have the below json object that is being returned when applying my search: index="devops" sourcetype="_j...

by New Member in

Why do my post-process timecharts display "no results found" in dashboard, but the query on its own is fine?

I have a simple-xml Splunk dashboard with a base query, and two post-processing queries inheriting from the base. How...

by Engager in

How to filter if a user has events in the last 60 days?

I have a table which consists of user names, events triggered by the user and the timestamps when the events were tri...

by Path Finder in

Why "$SPLUNK_HOME/var/run" in my environment had temporarily huge size.

"$ SPLUNK_HOME / var / run" in my Splunk environment gradually increased from 15:00 PM on 2017/6/5 to 2017/6/6 09: 00...

by Builder in

How extract fields within my sample log?

Below is my log Database-Error(3100)\nCONF-01083 - Count of positive/negative confirmations do not match the servi...

by Path Finder in

Remove part of values of a field without affecting its role.

I have three colums Track, Flow and Job. I want to plot 'Track+Flow' vs 'Job' as 'Track+Flow' giving uniqueness. Eg: ...

by Communicator in

Group users by computer name based on usage

I am trying to display a table of users usage for each individual computer that they have used. I can get the result ...

by New Member in

How to edit my search to find any results where values(user) by hostname contains a specific user?

If you have a sample search such as the below sourcetype=HOSTS | stats values(user) as USERS_OF_COMPUTER dc(user) ...

by New Member in

how to use rex for non-alphanumeric fields?

Hi, I am trying to use rex function to extract "/" from my data which lookslike: Database User [1] : "/" h...

by New Member in

No results on first run of Search - correct results on second run

I have been modifying searches to accommodate Windows data in the CIS Top 20 Critical Controls app. The following sea...

by Explorer in

How can I view when the last data imports were?

I have a dashboard that lists/groups recently updated dashboards and I just wanted to know if there was a way to also...

by Path Finder in

Trouble creating a new field

2017-06-06 08:30:56,761 [ajp-127.0.0.4-8009-44] INFO Weblogger - 3B08FDCAF216658E81536A07B9D5772E: cdbarnes: reset ...

by New Member in

How to get a report on latency between End point ( log source) and Heavy Forwarder?

In our environment we have syslog sources that forward data to HFs via load balancer. I would like to get the report ...

by Path Finder in

What would be the correct regular expression to capture lines that include these messages in my data?

Hello, I'm trying to set up my Splunk instance so that it filters out some lines and then leaves everything else. ...

by Explorer in

Calculating a sum of a list of numeric values

Hello everyone! I have a field called word_score_cat1 that looks like this: word_score_cat1=7.12500 1.5171 2.1923 1.6...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use a file to map results from fields to more meaningful names?

How to edit my search to create a bubble chart with dates shown on X axis?

How to write a regex to extract a field within a particular field?

Transforming tables without hacky chart(first) usage

How to generate a search when a field value total is less than 21?

Modifying Timeline Scale

If - Then Logic in Table Results With Column Value Based on Field Results in Search

Pass a variable to a rex command

Remove first word with rex

splunk - create alert for a specific host not sending data in last 30 min using metadata

When applying a table view to my search, the Java stack exception is not display well. How to resolve this?

Why do my post-process timecharts display "no results found" in dashboard, but the query on its own is fine?

How to filter if a user has events in the last 60 days?

Why "$SPLUNK_HOME/var/run" in my environment had temporarily huge size.

How extract fields within my sample log?

Remove part of values of a field without affecting its role.

Group users by computer name based on usage

How to edit my search to find any results where values(user) by hostname contains a specific user?

how to use rex for non-alphanumeric fields?

No results on first run of Search - correct results on second run

How can I view when the last data imports were?

Trouble creating a new field

How to get a report on latency between End point ( log source) and Heavy Forwarder?

What would be the correct regular expression to capture lines that include these messages in my data?

Calculating a sum of a list of numeric values

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions