Splunk Search

Ask a Question

Discussions

Thread Info

How can I show results for a field that is disabled and not re-enabled in a certain amount of time?

How can I show results for a field that is disabled and not re-enabled in a certain amount of time? I want to be a...

by Engager in

Values(x) showing too many results. Is there a way to limit the number of results to a field?

I am trying to limit the number of results shown when I use the values command. Here is my search: index="mydata" ...

by New Member in

How to generate a stats count search on field with interchanging values?

hi, looking to do a stats count something like below. Field1: A,B A B,A B,A,C A,C each row accounts for dif...

by Explorer in

Rex Help for fields extraction

Please help me with rex i have key and value in json format {"context":{ "sessionID":"1234567890", "eventSeverity...

by Communicator in

How to have a notable event search DHCP logs based on source in FW logs?

Hello i have been trying to figure this out for days now. i have logs coming in from multiple sources that only...

by New Member in

How to generate a search to compare the number of hosts in a CSV file to the number of hosts we are actually getting events from?

I have a list of Hostnames in a CSV. There are 2 fields 1) cn (hostname) and 2) ComputerType. I would like to compare...

by New Member in

How to edit my search to get the status of a log script?

log file:testscripts.log Date = 02/10/17 14:15:00,script = testscript, id = 29251, log=Script started Date = 02/10...

by New Member in

time difference of events

eval test_time = time() - _time | search (test_time > 1800 AND test_time < 86400)| I'm trying to see if the events...

by Explorer in

How to combine the results of two searches to display on one chart or visualization?

Hi all First search is ( host=wjb2* NOT host=wjb2stl22 NOT host=wjb2*23 NOT host=wjb2*24 NOT host=wjb2*25 NOT...

by New Member in

Wildcard expansion in case statement

I'll start with what works: If I do a search ERROR host="foobar0*" The wildcard(*) expands and I get a list of ...

by Explorer in

What does your splunk tell you about Valentines day?

Can a Splunk search tell you anything about love? Share your valentine's day searches here. Here's one to get you ...

by Influencer in

How to convert epoch to human readable in "KV_MODE = json" extractions.

I've recently installed the Tenable Nessus app, which is doing most of it's search-time field extractions using the "...

by Communicator in

How to show only single values of different fields in a single table?

I am very new to Splunk and have a requirement to show current values of multiple fields in a single table, my data g...

by Path Finder in

How include empty buckets in the start and end of timechart/bin output?

I have a scenario here. I have data in my local Splunk for time range from 6-Nov-2015 11:45 UTC to 10-Nov-2015 13:...

by New Member in

Need help with RegEx

Hi, I am trying to extract a field in Splunk but the field extraction doesn't work and throws this error "The ...

by Communicator in

How to edit an inputlookup search that displays table of hostnames against corresponding indexes?

I have an inputlookup called hosts.csv that looks like this: host ---------- hostname1 hostname2 hostname3 hostnam...

by Explorer in

How to apply Text Analytics on a field ?

How to apply Text Analytics on "Country" field in my dashboard to find out the top 3 countries most frequently used?

by Explorer in

Is there an efficient way to not allow * search

Often times users issue * search over a time range. With huge data on the indexes this becomes a problem taking unnec...

by Influencer in

Using timechat with 2 fields without any field calculation

Hi, I'm new in Splunk (and my knowledge is very very basic) and I have to build a complex dashboard with multiple in...

by Explorer in

Regex help on multiline fields and mvexpand

My data sample is as below C12345 my1Surname, my1First Role Access (Group1) - I ...

by Super Champion in

checking the duplicate sourcetypes for monitor stanzas in UF

what happens if 2 different monitoring stanzas have same source type name ? . Is there any query to verify whether di...

by Path Finder in

How can I dedup across rows and columns in a pivot table?

I have a pivot table with data, but I need to find the number of times these values occur. However, a user can input ...

by Engager in

How do I write a regular expression to return a matching pattern in my logs?

Any string starting with COLDAPP , ending with double colon, would be a Tx id in my logs. it can be at the beginning/...

by Explorer in

How to properly index data from a CSV input with timestamp column

I'm trying to index CSV format inputs and the timestamp can be indicated by the fields within, rather than the time t...

by Explorer in

how to eval new field to filter events by a number in the raw data

i want to filter my data, based on the key numbers present in raw events. example event1: sdfgn dfnlk 1/25/2017 ldjod...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I show results for a field that is disabled and not re-enabled in a certain amount of time?

Values(x) showing too many results. Is there a way to limit the number of results to a field?

How to generate a stats count search on field with interchanging values?

Rex Help for fields extraction

How to have a notable event search DHCP logs based on source in FW logs?

How to generate a search to compare the number of hosts in a CSV file to the number of hosts we are actually getting events from?

How to edit my search to get the status of a log script?

time difference of events

How to combine the results of two searches to display on one chart or visualization?

Wildcard expansion in case statement

What does your splunk tell you about Valentines day?

How to convert epoch to human readable in "KV_MODE = json" extractions.

How to show only single values of different fields in a single table?

How include empty buckets in the start and end of timechart/bin output?

Need help with RegEx

How to edit an inputlookup search that displays table of hostnames against corresponding indexes?

How to apply Text Analytics on a field ?

Is there an efficient way to not allow * search

Using timechat with 2 fields without any field calculation

Regex help on multiline fields and mvexpand

checking the duplicate sourcetypes for monitor stanzas in UF

How can I dedup across rows and columns in a pivot table?

How do I write a regular expression to return a matching pattern in my logs?

How to properly index data from a CSV input with timestamp column

how to eval new field to filter events by a number in the raw data

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions