Splunk Search

Discussions

Thread Info

Transactions based on distinct values of extracted field

Hi, I'm trying to create transactions from events like this: Session opened: [some id] Session closed: [some...

by New Member in

How to do the time conversion for 2017-04-14T13:52:21.000Z to a readable format?

How to do the time conversion for 2017-04-14T13:52:21.000Z to an understandable format? Any one please tell me the Qu...

by Path Finder in

Splitting one event into multiple events

This should be a simple question. In fact, I've succeeded in doing this before, but I no longer have that app and I c...

by Builder in

How to edit my search to remove duplicates from a table?

hi, I am using table which shows up duplicates, shown below. Here some track has multiple status (eg: Yellow and Red)...

by Communicator in

How to show results from two indexes in single timechart visualization?

HI I have two data sources, how can I show them in a single time chart graph? Search I'm trying (index=abc re...

by Builder in

How to develop a search to find what is NOT in a lookup table with another lookup comparison?

I have two lookup tables and I want to search what is NOT in lookup2 but in lookup1. I have tried: ... NOT [|input...

by Path Finder in

Is it possible to create an input that has a regular expression for digits?

Hi, Is it possible to create an input that has a regex on digits? For example, I have a source that begins with /g...

by Champion in

about Extract the field

This is a problem that occurs on the cluster I have a index is "apache_access"，It mainly collects apache access in...

by Communicator in

How to match folders only from file path search results by using regular expression?

I have a search which produces c:\folder\folder\folder\folder\file.exe as results. I want to remove file.exe so that ...

by New Member in

How do I create a dashboard that searches other dashboards for recently modified or updated dashboards?

So I was just wondering if it was possible to create a dashboard that searches for all other recently modified or upd...

by Path Finder in

geostats sorting

I have a geostats map that is powered by this query: | stats count by src,http_user_agent | iplocation src | geost...

by Path Finder in

how to ignore a transaction

How to ignore a transaction (not an event) if any of its events contain a "abcd" string

by Explorer in

How to find top 10 hosts after a sort?

The following search will give the count of events by host and sort the hosts by count, highest to lowest. index=...

by Communicator in

A user account was changed 4738 642

All, I am at a loss. I am trying to pull EventCode 642 and 4738 so i can identify when a user account has been cha...

by Path Finder in

Extracting information from data points directly before/after specific data points

I have a whole list of logs that records information about a user's access to different services in the network. I wa...

by Explorer in

Standardizing field values

I have field values that are the same as each other but in different cases. How can I standardize them to prevent ...

by Explorer in

How to generate a search to find the number of users and their bandwidth consumption using timechart?

I'm running some script to gather logs every 10 mins, one of them is Cisco ASA VPN-sessiondb info, I'd like to use Sp...

by Explorer in

How to get the difference of two different fields?

I have a log file that produces two fields - kernel_packets and kernel_drops. These values are updated every 5 minute...

by Path Finder in

How to edit my timechart search to include the top command?

I want to raise an alert when the topmost field changes.. my weblog | implication prefix=geo client | time chart s...

by New Member in

how to use rex commmand?

this is my data. Field:time Value:2017-05-02 06:31:04 I want to capture the value to use ''rex'' command .for e...

by New Member in

What is the best way to visually represent 15 values ?

I have more than 15 Values in a table(statistics) format. I want to display them in a good graphical representation. ...

by Path Finder in

Is it normal for the loadjob command in 4.0.10 to only load of approx. 150k events with events=t parameter?

I'm currently experiencing this: 1) Run a query that returns a large number of events (say, 1mil) 2) Save the j...

by Path Finder in

how to match partial string in search query

Hi I have a errors in the field (say myfield) Error xyz : 123 Error xyz : 456 Error xyz : 789 Error xyz : 135 E...

by Communicator in

[SPLUNKD] Not Found for lookup REST api call

Hi Splunkers, I have a curl for changing ownership of lookup file present app level to user level by this curl cur...

by Path Finder in

How to use values of a field as part of regular expressions and match with values in other fields, this being done for a large data-set?

I have tables like below: Personnel Name ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Transactions based on distinct values of extracted field

How to do the time conversion for 2017-04-14T13:52:21.000Z to a readable format?

Splitting one event into multiple events

How to edit my search to remove duplicates from a table?

How to show results from two indexes in single timechart visualization?

How to develop a search to find what is NOT in a lookup table with another lookup comparison?

Is it possible to create an input that has a regular expression for digits?

about Extract the field

How to match folders only from file path search results by using regular expression?

How do I create a dashboard that searches other dashboards for recently modified or updated dashboards?

geostats sorting

how to ignore a transaction

How to find top 10 hosts after a sort?

A user account was changed 4738 642

Extracting information from data points directly before/after specific data points

Standardizing field values

How to generate a search to find the number of users and their bandwidth consumption using timechart?

How to get the difference of two different fields?

How to edit my timechart search to include the top command?

how to use rex commmand?

What is the best way to visually represent 15 values ?

Is it normal for the loadjob command in 4.0.10 to only load of approx. 150k events with events=t parameter?

how to match partial string in search query

[SPLUNKD] Not Found for lookup REST api call

How to use values of a field as part of regular expressions and match with values in other fields, this being done for a large data-set?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions