Splunk Search

Discussions

Thread Info

What is the best way to count the number of times a field has been changed or toggled?

Hi Everyone, I've been using Splunk for a few years but I'm looking for a nice way to capture the number of times ...

by Path Finder in

How to edit my search to find events that did not occur right before a machine restart?

I'd like to look for events of a Windows service stopping but ONLY if it did not occur while the machine was being re...

by Communicator in

Difference between stats and chart

Hi all, I have been working with Splunk for quite a while now. Still I am wondering: Whatis the difference betw...

by Path Finder in

Hyperion Logs - How to extract a particular value from Log

My events are in the below format in splunk: [Wed Feb 15 16:41:07 2017]Local/ESSBASE0///139702560335616/Error(1040...

by Path Finder in

How to display a single value in my search results?

hi all, this is my search, sorry newbie here: source=*DT* index=index001 | dedup _raw | convert rmcomma("duratio...

by Communicator in

What is the regular expression to extract substring from a string?

My log source location is : C:\logs\public\test\appname\test.log I need a regular expression to just extract "appn...

by New Member in

When overriding configs in apps or add-ons with minimal system impact, how is the order of precedence determined?

I know there is some general documentation out there on config precedence, but I'd like to know the range of configur...

by Communicator in

how to get the hourly increase or decrease of a numeric field (hour 1: 10, hour 2: 20 --> increase = 10)

Hi, i have hourly values and i want to see the difference to the hour before. So instead of hour 1: 10€, hour 2: 2...

by Engager in

time field extraction

How to extract the below data as time field, 2016-10-20 INFO .......................................................

by Explorer in

Regex to return full string or string untill first match of :

My raw data is in the format Sample 1) [02-10-2017_13:11:10.973_PST] [ERROR] - [kH8p2xg4k-] [user@ABCmail.com] [] ...

by Explorer in

How to find the duration of individual steps in a transaction search?

Hi, I need to find the duration taken by each step of a single transaction. We are trying to find out the duration...

by New Member in

How to run a search using a lookup to find all hosts that have no events in the index?

I have a device matrix of all the hosts I want to receive data from configured in a lookup file. I'm trying to run a ...

by Explorer in

JSON + KV Extraction

I have some JSON events, with fields extracted correctly. Inside the JSON event is a key value dictionary like so ...

by Contributor in

How to convert date time format from EST to UTC?

I have a date field in the format "2017-02-10T10:24:58.290-05:00", which means 10:24:58 in EST timezone. How do I con...

by Communicator in

How do I find the latest value of multiple parameters in an event and display Zero if there is no data?

The data from multiple sensors comes into SPlunk though a single DB connection as: SensorId ParamA ParamB ParamC 1 33...

by Path Finder in

Unable to add numbers because of currency sign and commas present in the field

I saw some answers already however did not find anything concrete so asking a new question. I have a field where ...

by Communicator in

How to pass an input variable from Splunk dasboard to a search string in the java script?

I have a dashboard with an input variable that displays data in an a table with row extension functionality using JS....

by Path Finder in

How to create a new field:value pair based on values of another field?

Hi, From our IDS logs, we have a field named "blocked" where value is 0 for allowed and 1 for blocked. How can I c...

by Builder in

I have large and long Regex with tens of thousand characters (approx 21k)

I have Regex with tens of thousand characters (approx 21k), Its for event filtering, with config model like below: ...

by Path Finder in

INDEXED_EXTRACTIONS after data passed through a Universal Forwarde

Hello I have a UF that will send the data to another UF. I want to send the data uncooked to the second UF, and on...

by Communicator in

can if , then only be used inside of a search string (w/eval)

can [if , then ] only be used inside of a search string (w/eval) ? im asking coz i have a dual drop down setup. The ...

by Engager in

Which is the prediction/forecasting method wherein the mean square error is the least?

I need to predict/forecast the actual cost which will be incurred in the future sprints depending upon the hourly cha...

by Engager in

How to get out in desired format

host=aa* | search env=CERT (job=AJOB OR job= BJOB OR job= CJOB ) | eval desired_time=strftime(_time, "%d/%m/%Y %I:%M:...

by Path Finder in

How to filter out filter out unmitigated hosts with virus/malware with my sample events?

For example: action actual_action process user hostname Time Event 1: allowed Left alone...

by New Member in

PIVOT vs DATAMODEL vs TSTATS

Why do some splunk users say that the | pivot command isn't for ninjas? Which is better then, pivot, datamodel, tstat...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the best way to count the number of times a field has been changed or toggled?

How to edit my search to find events that did not occur right before a machine restart?

Difference between stats and chart

Hyperion Logs - How to extract a particular value from Log

How to display a single value in my search results?

What is the regular expression to extract substring from a string?

When overriding configs in apps or add-ons with minimal system impact, how is the order of precedence determined?

how to get the hourly increase or decrease of a numeric field (hour 1: 10, hour 2: 20 --> increase = 10)

time field extraction

Regex to return full string or string untill first match of :

How to find the duration of individual steps in a transaction search?

How to run a search using a lookup to find all hosts that have no events in the index?

JSON + KV Extraction

How to convert date time format from EST to UTC?

How do I find the latest value of multiple parameters in an event and display Zero if there is no data?

Unable to add numbers because of currency sign and commas present in the field

How to pass an input variable from Splunk dasboard to a search string in the java script?

How to create a new field:value pair based on values of another field?

I have large and long Regex with tens of thousand characters (approx 21k)

INDEXED_EXTRACTIONS after data passed through a Universal Forwarde

can if , then only be used inside of a search string (w/eval)

Which is the prediction/forecasting method wherein the mean square error is the least?

How to get out in desired format

How to filter out filter out unmitigated hosts with virus/malware with my sample events?

PIVOT vs DATAMODEL vs TSTATS

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions