Splunk Search

Discussions

Thread Info

How to search a lookup file of IP ranges without changing the format into CIDR?

Hello, I have several lookup files in txt and it's in form like "blacksite1:123.123.123.1-123.123.123.17blacksite2:4...

by New Member in

How to receive an alert when a field value is missed?

index="main" | stats count by sourcetype | search count>40000, I will get 10 sourcetypes, If any source type doesn't ...

by Communicator in

Display peak value on radial gauge

Currently we have a radial gauge with current stats, and a single value with the peak. Is there a way of marking the ...

by New Member in

Help me with search query for my usecase

i want to list out the success count by time Example: index="ABC" sourcetype="XYZ" responsecode="200"| Time cou...

by Communicator in

Compare field values with field values from events before

Hello, I am currently trying to set up an alert in Splunk by checking my eventdata after events that contain a list o...

by Communicator in

chaining events together

I am trying to figure out the query that would allow me to chain a series of events together. The issue here is that ...

by Path Finder in

Regex/sed replaces and issues with succeeding numbers

Hi all, I'm having issues with a rex/sed replace not cleanly working. I'm trying to anonymise session IDs in order...

by Communicator in

Why does using the by and over clauses not work simultaneously with the chart command?

Hello guys, i have a csv file with rows Resource Contract Category Sub Activity Team Activity Des...

by New Member in

How to write regex to extract multi-value fields and graph data by time?

Hello, I have a log file with a bunch of entries like this: <carrier-index>[<error>]: 0[0], 1[0.0363152], 2[0.0228...

by Path Finder in

Removing duplicate entries considering multiple fields

Hi, I have a file containing 1000 records. There are multiple entries for each of the fields Eg- camp_label, del_...

by Communicator in

How to edit my search so that columns show events per date?

Hi, I am new to Splunk and I am having a hard time to achieve something I believe is basic. I am trying to run ...

by Engager in

Add column names to already existing column names

Hello, I have excel data as shown in the attached screenshot, I want to have same report in my splunk enterprise w...

by Explorer in

How to generate a search that will display values in my sample data in a table?

Hi I have events coming from the servers. here we have some sample data. 2017-03-29 13:57:09.892 [WMQJCAResourceAd...

by Explorer in

Alternative suggestions needed for join and subsearch commands as my Splunk instance is limited to 50k results

I am facing an issue with the subsearch limitations when using the join statement. My organizations Splunk implementa...

by Path Finder in

Searches not being scheduled on Search Head Cluster when created locally in an application

In order to organised things on a search head cluster for various teams/permissions we've been setting up application...

by Explorer in

how to extract string started with different words

Hi, I have logs like I want to extract the Bold string from the below logs. I used below rex but it's showing n...

by Communicator in

Count each Item of a multivalue table field

Hey everybody, I got a search in which I'll try to visualize who many calls from an IP a calling a specific URL. T...

by Path Finder in

Compare Lookup CSV with Search

Dear Experts , I have created the Lookup Hostname.csv(Contain only one field Hostname) which contain 100 number of...

by Path Finder in

Help extracting fields from raw event

Here's what my raw event looks like: 58daf92d66c83d000e469dfd.txt unsupported file format I'd like to extract...

by Explorer in

Merge results of multiple queries

I have used the multiple queries and merged them in single output. When I using timechart, getting the expected resul...

by Communicator in

Why are searches only showing "Parsing job...", and drilldowns do not render properly in Firefox with version 6.5.0?

Our users are encountering intermittent problems with using Firefox after we've upgraded to version 6.5. In basic...

by SplunkTrust in

create a table by comparing data from 2 different indexes

Hi, I am trying to create a table by comparing data from 2 different indexes & compare certain search terms from one ...

by Explorer in

How to escape a parentheses in sed rex command ?

Hello dearest Splunkers, I am trying to convert "(A=hi) OR (B=bye)" to "(A=hi) NOT (B=bye)" using sed. So far I ha...

by Super Champion in

how to create a single search where the output of the first query should act as input to the second query.

We have two indexers in place. index=A & index=B. From index=A I have queried out the field which I want the value fo...

by Engager in

Predict - 95% Confidence Interval

I have read through Splunk docs that Splunk defaults lower and upper Confidence Interval to 95% for its prediction us...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search a lookup file of IP ranges without changing the format into CIDR?

How to receive an alert when a field value is missed?

Display peak value on radial gauge

Help me with search query for my usecase

Compare field values with field values from events before

chaining events together

Regex/sed replaces and issues with succeeding numbers

Why does using the by and over clauses not work simultaneously with the chart command?

How to write regex to extract multi-value fields and graph data by time?

Removing duplicate entries considering multiple fields

How to edit my search so that columns show events per date?

Add column names to already existing column names

How to generate a search that will display values in my sample data in a table?

Alternative suggestions needed for join and subsearch commands as my Splunk instance is limited to 50k results

Searches not being scheduled on Search Head Cluster when created locally in an application

how to extract string started with different words

Count each Item of a multivalue table field

Compare Lookup CSV with Search

Help extracting fields from raw event

Merge results of multiple queries

Why are searches only showing "Parsing job...", and drilldowns do not render properly in Firefox with version 6.5.0?

create a table by comparing data from 2 different indexes

How to escape a parentheses in sed rex command ?

how to create a single search where the output of the first query should act as input to the second query.

Predict - 95% Confidence Interval

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions