Splunk Search

Discussions

Thread Info

arules command returns no output

Hi, Basing on customers' purchases I'd like to make a proposition of what item can be probably purchased if a user ha...

by Builder in

What is the best way to search for patterns in username field values?

Need help with searching for patterns in username field values... I want to know if anyone has suggestions for the...

by New Member in

lookup table not visible when creating "New Automatic Lookup" until after server restart

I can upload a lookup table .csv fine, "| lookupinput <name.csv>" also works fine. When I create an autolookup, the l...

by Contributor in

Counting Specific Events Type?

Good Morning, Fellow Splunkers I have a field extraction that outputs four possible values [Example]: Field Ext...

by Path Finder in

How to write a regular expression to extract a long string until a group of multiple characters, and ignore if it begins or ends with double quotes?

I am trying to extract fields out of events that are tab-delimited unless there are quotes around them. For example, ...

by Communicator in

What is the best way to extract data when my log has with comma separated fields and the field-value pairs are separated by a colon?

How would I go about parsing out/extracting the field data for the following log format? "fieldname1":"fieldvalue1...

by New Member in

How to edit my search to show the last successful server imaging ("Build Succeeded") from the the failures ("Build Failed")?

sourcetype="my_sourcetype" ("Build Failed" NOT "Build Succeeded") earliest=@d+2h | rename host as "Imaging Server" | ...

by New Member in

Is there a way to determine days between with this search?

Is there a way to determine days between with the search below? convert ctime(LastScanDate)|eval tnow = now() | co...

by Engager in

What is the regular expression to replace a dash '-' in a string with a period '.'

12-000-000-222 for the above IP address, i want to change it to 12.000.000.222. pls help.

by New Member in

Field extraction using Splunk dashboard - appending constant text to an extracted field

I am wanting to extract a new field from the original source field, based on regex matches. I would then like to prep...

by Explorer in

How to edit my search to find the top 5 distinct count and the total?

Assuming I have a lookup table with movie title and location, and I got the top 5 location based on distinct title co...

by Communicator in

Break JSON file into separate events, removing the header and footer

I've just started using RegEx and I'm currently looking on a way to extract multiple events from my JSON flight infor...

by Path Finder in

Dropdown creation and configuration for a dashbaord

Hi, I wrote one simple query index=nmon host=* type=DISKXFER | timechart avg(value) by host and created a d...

by Engager in

Is there an alternative search approach to using a transaction with maxspan?

I'm curious if there is a way to get the same effect of transaction w/maxspan, without having to use that process int...

by Explorer in

How to verify if a document has been reviewed based on the last update date and the versioning?

Hi all, I need your help. I retrieve a log from Sharepoint which contains the list of all published document wi...

by Path Finder in

tcp data not replicated

I have replication factor of 3 but the data is not replicated to any other indexers. This is happening for tcp input ...

by Explorer in

Remove multiple values of attributes using single NOT

Hello Everyone, I want to block multiple IP address I got my using IP!=xxx.xx.xx.xx OR IP!=yyy.yy.yy.yy Is ther...

by Engager in

Index XML files from a url

How can we index XML files from a url ending in .xml in splunk? We have an XML URL that we need to index into splunk,...

by Path Finder in

Display Date on Dashboard panel

I want to show the previous week date on Title of panel. Can anyone have some thoughts for it?

by Path Finder in

Swap field and values

I have a list of fields within a Datamodel collected as values within the field named "unknown" | datamodel Authen...

by SplunkTrust in

append search incorrect time window

I have a multisearch to view data for yesterday only. [search index=... earliest = -1d@d latest=+0d@d| search ......

by Engager in

What to do when appendcols command can't handle larger counts?

We need to determine a 30 day average based on the count of two events, a request and a response. The issue is that e...

by Explorer in

How to combine my two search queries using join or subsearch?

Hi, I have 2 different search queries which i need to combine and generate the report as similar to dashboard and ...

by New Member in

setup.xml: problems with windows scripted input format

I have a setup.xml which uses the following format for scripted inputs on Unix systems: # inputs.conf [script://./...

by Splunk Employee in

Could not use strptime to parse timestamp

Hi all, I'm adding detail files from FreeRadius, which looks like following: Wed May 2 10:28:04 2012 NAS-IP-Add...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

arules command returns no output

What is the best way to search for patterns in username field values?

lookup table not visible when creating "New Automatic Lookup" until after server restart

Counting Specific Events Type?

How to write a regular expression to extract a long string until a group of multiple characters, and ignore if it begins or ends with double quotes?

What is the best way to extract data when my log has with comma separated fields and the field-value pairs are separated by a colon?

How to edit my search to show the last successful server imaging ("Build Succeeded") from the the failures ("Build Failed")?

Is there a way to determine days between with this search?

What is the regular expression to replace a dash '-' in a string with a period '.'

Field extraction using Splunk dashboard - appending constant text to an extracted field

How to edit my search to find the top 5 distinct count and the total?

Break JSON file into separate events, removing the header and footer

Dropdown creation and configuration for a dashbaord

Is there an alternative search approach to using a transaction with maxspan?

How to verify if a document has been reviewed based on the last update date and the versioning?

tcp data not replicated

Remove multiple values of attributes using single NOT

Index XML files from a url

Display Date on Dashboard panel

Swap field and values

append search incorrect time window

What to do when appendcols command can't handle larger counts?

How to combine my two search queries using join or subsearch?

setup.xml: problems with windows scripted input format

Could not use strptime to parse timestamp

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions