Splunk Search

Discussions

Thread Info

Mass rename of fields

I want to rename any number of fields/columns based on simple patterns. From: randomfields, a1.name1.stuff, a2.nam...

by Motivator in

How to enable Search Assistant for all users on a Search Head Cluster?

I would like to enable to search assistant on my Search Head Cluster. The documentation recommends an edit to the fil...

by Builder in

get latest time stamp from two timestamps

HI I have two time stamps like "2017-01-30T19:22:39Z" "2017-01-29T19:17:33Z" From the above two timestamps I wan to g...

by New Member in

Cron expression for first two mondays of every month

I need a cron expression that would run a report on first two mondays of every month.What would be the expression?Tha...

by Engager in

fields - values search command breaks dashboard when edit mode was activated

Hi, I'm running Splunk 6.4.0 with two customers. When using the fields - values search command, the dashboard i...

by Path Finder in

EVAL is overwriting field of other add-on

Hi, I have an EVAL statements in two add-ons. The field names are same and the add-on that comes later in alphabet...

by New Member in

外部リンクをクリックし、外部リンクに直接ジャンプすることは可能でしょうか？

Webアクセスのデータの中にURL Link情報（例えばreferer)データの中に、例えば、www.splunk.comという文字があったとします。ダッシュボード内に、table refererというデータを表示することで、このU...

by Path Finder in

How to extract fields from my raw data?

Need help to extract fields between comma (,). The raw data below have two results, FAILURE and SUCCESS. I want to cr...

by New Member in

Is there a way to check for a file from n number of hosts and alert if there is no file from each host in last 30min?

index=test File="*.txt" | stats count by host | where count<1 -->with this I am getting NoResults found" but I need c...

by New Member in

Why is a Splunk search throwing errors on a lookup that isn't being called?

One of my users has a lookup table that they have saved appropriately into their app. It was running just fine. No...

by Path Finder in

How to remove leading periods from a field?

Hi I have a search that returns the following . Adobe Acrobat XI Pro DSC .. Adobe Flash Player ActiveX DSC .....

by Path Finder in

How to write count of (SUM(X,Y,Z)) instead of count of (X OR Y OR Z) ?

How can I change this query to count the SUM of my events/sec instead of the count of (X OR Y OR Z)/sec : host=myh...

by New Member in

How to edit my regular expression to extract the numbers and semicolons from my sample data?

I don't understand how Splunk does regex! I have this search below: ... | spath output=test path=a.b.c | rex field...

by Engager in

How to extract the nth letter from these sample host names using regular expression?

How to extract the nth letter from the host using regular expression? Sample hosts are :- host=abcdefpghijkl11 (p...

by Path Finder in

How to generate a line chart for disk space by server and hard drive?

I'm new to Splunk and need some help with a chart for disk space usage. I'm getting the data already in Splunk Light ...

by New Member in

Help recreating report from different souce

query: index=cat sourcetype=ctap host=sc58lcatp* source="*.out" "INFO: ZIP_SEARCH" OR "INFO: COMPARE" OR "INFO: CO...

by Path Finder in

Appendcols missing data in column

Here is my query: index search "INFO: ZIP_SEARCH" | stats count as "Uses" by cat_userid cat_role | appendcols[inde...

by Path Finder in

How to generate a search that will use values from my first search and find matching values on another index in a second search?

Hello everyone! I made a search, which returns some values like IP and Time and whatnot. Then, using these values...

by Explorer in

Replace default Splunk Logo with my own logo on PDF

Hi, When I export to PDF the default Splunk logo appears on the bottom right of the generated PDF. I am aware that...

by Motivator in

How to write a regular expression for my field?

i want to extract field by regular expression. how can i write regular expression for the below one? "responseCode...

by Communicator in

How to produce a column chart that compares each app's data between past 2 weeks?

Hi Team, I have a requirement where, I need to compare multiple apps' data for past two weeks. I have app1, ap...

by Path Finder in

How to search events from selected month?

Hi, i have a search that displays its result in a table in the following format: Time Value MM-YYYY HHHH MM-YYY...

by Path Finder in

What is the most efficient way to combine a Websense index and lookup?

We all know Websense has categories numbers instead of the category and child_category names. So, I have a question o...

by Path Finder in

How to edit my search to correlate values with a single index and invert results?

I have a list of pids, parent pids and hostnames that I am trying to reduce to pids without parent pids by hostname. ...

by Path Finder in

How to generate a timechart for every minute, going back 10 minutes?

My events has following time stamp and a count: TIME+2017-01-31 12:00:33 2 TIME+2017-01-31 12:01:39 1 TIME+201...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Mass rename of fields

How to enable Search Assistant for all users on a Search Head Cluster?

get latest time stamp from two timestamps

Cron expression for first two mondays of every month

fields - values search command breaks dashboard when edit mode was activated

EVAL is overwriting field of other add-on

外部リンクをクリックし、外部リンクに直接ジャンプすることは可能でしょうか？

How to extract fields from my raw data?

Is there a way to check for a file from n number of hosts and alert if there is no file from each host in last 30min?

Why is a Splunk search throwing errors on a lookup that isn't being called?

How to remove leading periods from a field?

How to write count of (SUM(X,Y,Z)) instead of count of (X OR Y OR Z) ?

How to edit my regular expression to extract the numbers and semicolons from my sample data?

How to extract the nth letter from these sample host names using regular expression?

How to generate a line chart for disk space by server and hard drive?

Help recreating report from different souce

Appendcols missing data in column

How to generate a search that will use values from my first search and find matching values on another index in a second search?

Replace default Splunk Logo with my own logo on PDF

How to write a regular expression for my field?

How to produce a column chart that compares each app's data between past 2 weeks?

How to search events from selected month?

What is the most efficient way to combine a Websense index and lookup?

How to edit my search to correlate values with a single index and invert results?

How to generate a timechart for every minute, going back 10 minutes?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions