Splunk Search

Ask a Question

Discussions

Thread Info

Getting time differences between sub events in a transaction

Hi all, I am have data about bus routes with arrival times at stops and I am trying to find the ride time between ...

by Path Finder in

Regex to cut the numerical portion of my search results

Query : error SourceName=PaymentProcessingService Example of a common search result for under the field Except...

by Explorer in

How to combine separate events with a unique identifier?

Hi, I get send-mail logs in separated events\lines (5 events). With a unique identifier that appears in any event....

by Path Finder in

Why is the predict command projecting past dates in the future?

What I thought was going to be a simple search: lucy | eval UsedT=UsedMB/1024/1024 | eval UsedTB=round(UsedT,1) ...

by Engager in

Is there a way to access data in Solarwinds IPAM via Splunk?

Hello, Is there a way to access data in Solarwinds IPAM via Splunk? For example, if I was wondering where an ip ad...

by New Member in

What considerations should I make when rewriting metadata for best efficiency?

I am in a situation where I need to rewrite metadata for each and every event. I need to rewrite index and sourcetype...

by Builder in

Is there a way for a query to take a value from lookup table and if it has a match it record down the value and continue the next search?

Hi, Is there a way for a query to take a value from lookup table and if it has a match it record down the value and c...

by New Member in

How to compare the row count of CSV or XLS files day over day and generate an alert if the threshold is greater than 10%?

How to compare the row count of CSV or XLS files day over day and generate an alert if the threshold is greater than ...

by New Member in

Manipulating SNMP Data: how to correlate fields

Hello Splunkers. I'm indexing some SNMP data from a server. Here is one event indexed: HOST-RESOURCES-MIB::hrSt...

by Communicator in

How to search a lookup file of IP ranges without changing the format into CIDR?

Hello, I have several lookup files in txt and it's in form like "blacksite1:123.123.123.1-123.123.123.17blacksite2:4...

by New Member in

How to receive an alert when a field value is missed?

index="main" | stats count by sourcetype | search count>40000, I will get 10 sourcetypes, If any source type doesn't ...

by Communicator in

Display peak value on radial gauge

Currently we have a radial gauge with current stats, and a single value with the peak. Is there a way of marking the ...

by New Member in

Help me with search query for my usecase

i want to list out the success count by time Example: index="ABC" sourcetype="XYZ" responsecode="200"| Time cou...

by Communicator in

Compare field values with field values from events before

Hello, I am currently trying to set up an alert in Splunk by checking my eventdata after events that contain a list o...

by Communicator in

chaining events together

I am trying to figure out the query that would allow me to chain a series of events together. The issue here is that ...

by Path Finder in

Regex/sed replaces and issues with succeeding numbers

Hi all, I'm having issues with a rex/sed replace not cleanly working. I'm trying to anonymise session IDs in order...

by Communicator in

Why does using the by and over clauses not work simultaneously with the chart command?

Hello guys, i have a csv file with rows Resource Contract Category Sub Activity Team Activity Des...

by New Member in

How to write regex to extract multi-value fields and graph data by time?

Hello, I have a log file with a bunch of entries like this: <carrier-index>[<error>]: 0[0], 1[0.0363152], 2[0.0228...

by Path Finder in

Removing duplicate entries considering multiple fields

Hi, I have a file containing 1000 records. There are multiple entries for each of the fields Eg- camp_label, del_...

by Communicator in

How to edit my search so that columns show events per date?

Hi, I am new to Splunk and I am having a hard time to achieve something I believe is basic. I am trying to run ...

by Engager in

Add column names to already existing column names

Hello, I have excel data as shown in the attached screenshot, I want to have same report in my splunk enterprise w...

by Explorer in

How to generate a search that will display values in my sample data in a table?

Hi I have events coming from the servers. here we have some sample data. 2017-03-29 13:57:09.892 [WMQJCAResourceAd...

by Explorer in

Alternative suggestions needed for join and subsearch commands as my Splunk instance is limited to 50k results

I am facing an issue with the subsearch limitations when using the join statement. My organizations Splunk implementa...

by Path Finder in

Searches not being scheduled on Search Head Cluster when created locally in an application

In order to organised things on a search head cluster for various teams/permissions we've been setting up application...

by Explorer in

how to extract string started with different words

Hi, I have logs like I want to extract the Bold string from the below logs. I used below rex but it's showing n...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Getting time differences between sub events in a transaction

Regex to cut the numerical portion of my search results

How to combine separate events with a unique identifier?

Why is the predict command projecting past dates in the future?

Is there a way to access data in Solarwinds IPAM via Splunk?

What considerations should I make when rewriting metadata for best efficiency?

Is there a way for a query to take a value from lookup table and if it has a match it record down the value and continue the next search?

How to compare the row count of CSV or XLS files day over day and generate an alert if the threshold is greater than 10%?

Manipulating SNMP Data: how to correlate fields

How to search a lookup file of IP ranges without changing the format into CIDR?

How to receive an alert when a field value is missed?

Display peak value on radial gauge

Help me with search query for my usecase

Compare field values with field values from events before

chaining events together

Regex/sed replaces and issues with succeeding numbers

Why does using the by and over clauses not work simultaneously with the chart command?

How to write regex to extract multi-value fields and graph data by time?

Removing duplicate entries considering multiple fields

How to edit my search so that columns show events per date?

Add column names to already existing column names

How to generate a search that will display values in my sample data in a table?

Alternative suggestions needed for join and subsearch commands as my Splunk instance is limited to 50k results

Searches not being scheduled on Search Head Cluster when created locally in an application

how to extract string started with different words

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!