Splunk Search

Discussions

Thread Info

How to determine if logs are not being used?

Is there a way to determine which logs are not being used anymore, and therefore can be deleted? For example, maybe a...

by New Member in

Why does my summary search not produce any results?

Hi to all, I have a summary search that doesn't produce results, if I copy and paste the same search in "search & ...

by Explorer in

How to append search results multiple times based on change in particular field value

Hi, I want to something like - append [Query-2] by clause Situation is I have a result set from query-1 and que...

by Path Finder in

Is it possible to search Splunk for list of concurrent searches usage over time?

Hello, is it possible to search Splunk for list of concurrent searches usage over time by searching internal log? ...

by Path Finder in

SPlunk Searches slow

Hello, I am facing challenges to search query in SPlunk 6.4.1 environment But Splunk Performance is very slow. We ...

by New Member in

Manage alert threshold and rows returned all within the custom condition in the alert

This kind of spiraled as I was helping a coworker with an alert they had all the duration and times hardcoded in the ...

by Builder in

Search event format in Splunk

Suppose I have a log file having 11 lines like below having two line same as in G: A B C G D E F G H I J Now in Sp...

by Explorer in

How to use rex to extract the values?

I want to make a table that shows ACTION, DATABASE USER, PRIVILEGE, CLIENT USER and DBID; I want the value between ' ...

by New Member in

Replacing part of string when it's equal to a field value

Hi! I have fields myfield and name which contains text of an email going like this: Example1: myfield="From: Smith...

by Explorer in

Can I add events to a transaction?

I have a transaction based on a bunch of events from a common source with a common transaction ID, something like ...

by Builder in

How to edit my regex to replace a number 0-9?

Hi Team, I have requirement, where I need to replace a series of numbers with something like this a/b/c/123456 wit...

by Path Finder in

question on search query

Looking for a single result that includes both values of clicked link then added up in a total column search... | ...

by Explorer in

Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command?

I want to do something like the below command but it is giving me an error. sourcetype=SplunkKafka_messaging | spa...

by Path Finder in

How to create splunk search for common filed/value across the multiple servers?

Hello All, I am trying to build search for common value across multiple host. For example , i have a common field ...

by New Member in

How to get timestamp of the beginning event in the stats count by

sourcetype=priorityEvents | rex field=_raw "User\sID\s(?<user_id>.\d{0,8}+)" | stats count by user_id | where count ...

by Communicator in

How to extract content between two strings?

Hi Team, I have an error message coming up in Splunk like below. The required log message will come in the middle ...

by Engager in

MAP command in splunk

Hi Team, I am having a difficulty in understanding map command. In the below commands, we need to extract work order ...

by Explorer in

map command not working

Hi All, when I am trying to run the subsearch separately, I am getting values. But when I am using map to run the...

by Explorer in

Time difference where values are at random place in a file.

Hi All, I need to search for time taken since a value popped up in the logs. The problem here is that this value ...

by Explorer in

tstats behaviour change in Splunk 6.6, expected change or bug ?

Hi ! Splunk 6.6 being out officially, I had the (bad) surprise to discover is very annoying change in tstats comma...

by Influencer in

regular express to stop at "="

Hi, I have a search string that does the following: temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash...

by Path Finder in

DHCP and Proxy Search - Join Performance Issues

I have a working search using join that correlates DHCP addresses by machine name to find web proxy traffic as the de...

by Engager in

Multiple regex in a field extraction

Hi, What I mean is that I want to parse all the error messages in my logs into one field called Errors but the reg...

by Path Finder in

stats by _time and field values in that time frame

Expected stats result Time every 5mins | Apps |count 1:00 |app1,app2,app3 |3 1:05 |app1,app4 |2 1:10 |app4 |1

by New Member in

How to get max value of string inside braces

Hi All, I am new to splunk and need help in creating a table to get max value. Below are my sample logs - 2017-...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to determine if logs are not being used?

Why does my summary search not produce any results?

How to append search results multiple times based on change in particular field value

Is it possible to search Splunk for list of concurrent searches usage over time?

SPlunk Searches slow

Manage alert threshold and rows returned all within the custom condition in the alert

Search event format in Splunk

How to use rex to extract the values?

Replacing part of string when it's equal to a field value

Can I add events to a transaction?

How to edit my regex to replace a number 0-9?

question on search query

Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command?

How to create splunk search for common filed/value across the multiple servers?

How to get timestamp of the beginning event in the stats count by

How to extract content between two strings?

MAP command in splunk

map command not working

Time difference where values are at random place in a file.

tstats behaviour change in Splunk 6.6, expected change or bug ?

regular express to stop at "="

DHCP and Proxy Search - Join Performance Issues

Multiple regex in a field extraction

stats by _time and field values in that time frame

How to get max value of string inside braces

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions