Splunk Search

Discussions

Thread Info

i want to match the word "Modify" but it should skip the first match. i want the second match "Modify" till the semi colon delimiter

Modify:extended value attribut -"to be processed";Action:"will not be processed";Modify:attributs to be processed-"he...

by Builder in

Spath and Rename

Hi, I wonder whether someone may be able to help me please. I'm trying to create a query which extracts given valu...

by Motivator in

how to replace using SED command ?

Hi Splunker, I would like to know and learn how to replace ^ns4: with < Please find below dummy data. ^ns4:C...

by Explorer in

How to Extract exact result from rex command?

rex field=_raw "MemoryUsage %(?<MemoryUtilization>[^']+)" MY result is ------------ 41.4 expected result ...

by Builder in

Search output in tabular format

I am looking for help to extract the values from my log files my log file has a sequence of data as follows 1.)...

by Explorer in

Removing 1st line from the event

Hi, I have a event with the column names like Type Category Count CPU in my event 1st line. I don't want the columns...

by Explorer in

Multiple graphs in line chart

Hello All, I have a data as below : Where for every callId there are list of values in next column. So I have some...

by Explorer in

How to send an alert when a Job does not finish within expected time?

Hi Everyone, I am a newbie to Splunk and need little help with the alerting system. I want to setup a real time al...

by Explorer in

If I want to remove an IP address and do a wildcard search, are there any search filter priorities?

if I want to remove one IP address and then do a wildcard search, would that wildcard host IP search override the rem...

by Path Finder in

How to add custom time range to my xyseries search?

I have this search: index="tticket_contact_request" |eval date=strftime(_time, "%Y-%m") |stats count by d...

by Explorer in

How to create a search based on a conditional dashboard token value?

Psuedocode: If dashboard token is empty, run X search. If token is not empty, run Y search. if($field$ is omit...

by New Member in

Record value from a lookuptable at indextime

I would like to record a user's department at the time of the event rather than search time. I have username => depar...

by New Member in

Comparison of two date fields gives bad result

I use the following query in an attempt to view a subset of the file test10UniqueActiveUsers.csv |inputlookup test...

by Explorer in

extract field for below mentioned log

From the log mentioned below I need to extract the field 'Response Time' and then frame a query for response time < 1...

by Path Finder in

i want to match the text "followed the escaped error:" and remove the following text till the delimiter dot. it should cut other fields

followed the escaped error: "An error has happened executing a dash statement. hello good morning followed the escape...

by Builder in

How do I reuse multiple eval statements in multiple dashboards without recoding in every one?

I have a series of eval statements that I'd like to call from multiple dashboards, but have it coded in only one plac...

by Explorer in

Grouping by a substring

Hello, I'm having trouble grouping errors in our Splunk logs. The date and time is appended to the error messages,...

by Engager in

Is there any way to overlay vertical lines for event marking in Splunk timecharts?

Tools such as graphite allow for the concept of "infinity" in charts in order to display vertical lines to be overlay...

by Engager in

Regex to remove optional trailing text from field with transforms/props

I have a field called Title, where it may sometimes end with the text Ends 9 P.M. or varying case related var...

by SplunkTrust in

how to get the average time for latest event and previous event

I am looking for a solution to show for every latest event time and previous event time average duration (and the tim...

by Engager in

i want to remove the date occurrence for all the line

The value '20/SEP/13' can removed The hello '28/JUN/14' can be removed The today '23/JUN/14' can be removed

by Builder in

Adding an second identical column and field to Splunk table

In order to coincide with an excel spreadsheet, I was hoping that Splunk table can provide two columns that our ident...

by Path Finder in

Is there a limit on searchable characters in an event?

I am searching on an event with has on an average 25000 - 30000 characters. When I search on the auto extracted field...

by Path Finder in

filter stats on two different "where" clauses

Bonus points to the folks who can help me. I'm trying to first filter (stats count) results above a threshold of 100 ...

by Engager in

How to split my sample events using regular expression

Hi, i have a sample data file like this, all columns are tab separated TYPE Category ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

i want to match the word "Modify" but it should skip the first match. i want the second match "Modify" till the semi colon delimiter

Spath and Rename

how to replace using SED command ?

How to Extract exact result from rex command?

Search output in tabular format

Removing 1st line from the event

Multiple graphs in line chart

How to send an alert when a Job does not finish within expected time?

If I want to remove an IP address and do a wildcard search, are there any search filter priorities?

How to add custom time range to my xyseries search?

How to create a search based on a conditional dashboard token value?

Record value from a lookuptable at indextime

Comparison of two date fields gives bad result

extract field for below mentioned log

i want to match the text "followed the escaped error:" and remove the following text till the delimiter dot. it should cut other fields

How do I reuse multiple eval statements in multiple dashboards without recoding in every one?

Grouping by a substring

Is there any way to overlay vertical lines for event marking in Splunk timecharts?

Regex to remove optional trailing text from field with transforms/props

how to get the average time for latest event and previous event

i want to remove the date occurrence for all the line

Adding an second identical column and field to Splunk table

Is there a limit on searchable characters in an event?

filter stats on two different "where" clauses

How to split my sample events using regular expression

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions