Splunk Search

Discussions

Thread Info

Why is summary index is missing a few indexes in its output?

Hi, I am using around 8 indexes to create a summary index. But after creating the summary index, i am seeing the d...

by Path Finder in

Extend finite fields into the future in conjunction with the predict command

I'm attempting to build out a capacity chart that shows total elements used in a system and predicts the future count...

by Communicator in

What is the regular expression to extract "java.net.SocketTimeoutException: Read timed out" from my raw event?

please help me with rex i want to retrieve java.net.SocketTimeoutException: Read timed out from below _raw "msgCon...

by Communicator in

How to use tstats to show the last event and event time from 30 hosts (in lookup)?

How to use tstats to show the last event and event time from 30 hosts (in lookup)? If I can't use tstats, is there an...

by Builder in

What is the regular expression to extract "a1234567" from my event?

Please help me with regular expression i want to extract a1234567 "INDV=1234566|RSPAR|a1234567|RSPAR"

by Communicator in

Inconsistent Delimited Values

Here's my search: base search | rex "^(?<field1>[^:]+):\|:(?<field2>[^:]+):\|:(?<field3>[^:]+):\|:" The logs ...

by Builder in

How to create regular expressions for these Exceptions?

I want to know how can i create regular expressions for the following exceptions... java.io.IOException java.lang...

by New Member in

lookup does not show new added lines

All, i've got a strange issue regarding lookup tables. ((and seen in two lookup tables now) I have a lookup table "se...

by Explorer in

Splunk strange bug with the command "Fields" and space

Hello Community, I have a strange behavior with a command when it is on the search field of a Dashboard. In my ...

by New Member in

How can I use timechart to report IIS time_taken by location, using a CIDR inputlookup to compute the location by the client's IP?

Hello Splunk peoples! Would someone please help me figure out how to use timechart to find IIS time_taken by locat...

by Explorer in

How to generate a search to calculate the duration when a pressure value drops below a certain threshold?

Hi, assume I have the following type of data for pressure sensors in multiple sites. What we need to do (preferably w...

by Engager in

How to set up an alert for VPN user who connects from a different city and country?

am new to Splunk and have a very basic search that give output as below for vpn users.. User Group ASA_Device...

by New Member in

How to convert this SQL query to splunk search

Hi , I have a sql query , Count distinct CHNL where MSG_NUM like 'cma%' group by MSG_TM. Result should get display ...

by Explorer in

How to edit my search to calculate the error ratio by a certain field?

My website has multiple widgets owned by various team and hosted on various CDN. I want to see the error rate by widg...

by Path Finder in

How to use regular expression to cut the beginning of an Exception message?

How to use regular expression for an Exception message from a Source=Windows:Application to cut the beginning of the ...

by Explorer in

How to enable users to select from a set of chart types on a panel?

Expected result: I have a panel displaying a line chart, the user can access (without the "Edit" option) the pre-set ...

by Path Finder in

How to add my regular expression to a search?

Hi all, I have a regular expression ^(.*)bytes read (?P\d+) written (?P\d+)$, where i edited the proper regular ex...

by New Member in

Why is my table search not displaying the application name?

Hi, i am trying to display success,error and others with percentage in a table but application name is not displaying...

by Communicator in

Is there a search to check if the universal forwarder has enabled forceTimeBasedAutoLB?

I have enabled forceTimeBasedAutoLB on universal forwarder, but i want check whether that forwarder is making use of ...

by Path Finder in

Why does my regular expression ignore escaped double quotes in value?

When extracting the request or cookie from httpd logs I'm having problems capturing an entire request when the reques...

by Explorer in

How to add values of multiple fields and display daily total for past 7 days

Hi all, I am having trouble figuring out how to multiply the number of events by the values that are given in the...

by Explorer in

How can i return values for a field that has 0 events?

Here is my query. sourcetype="access_combined" product_name=* action=purchase | chart count over product_name by a...

by New Member in

how to edit my search to set an alert when disk usage is 60% and above?

There are c/d/e/f/p disk in servers, i want to set alert for the servers whose drive utilization is 60% and above.. ...

by Explorer in

How to ignore some events at index time?

Hello, I have to index only events that contains the string "$$log$$". I try with a transforms like [ignore] REGEX...

by Path Finder in

how to remove white space in the beginning of string value in field?

In my field value are unstructured, few of the strings having space at beginning. Do anyone help, how to eliminate th...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is summary index is missing a few indexes in its output?

Extend finite fields into the future in conjunction with the predict command

What is the regular expression to extract "java.net.SocketTimeoutException: Read timed out" from my raw event?

How to use tstats to show the last event and event time from 30 hosts (in lookup)?

What is the regular expression to extract "a1234567" from my event?

Inconsistent Delimited Values

How to create regular expressions for these Exceptions?

lookup does not show new added lines

Splunk strange bug with the command "Fields" and space

How can I use timechart to report IIS time_taken by location, using a CIDR inputlookup to compute the location by the client's IP?

How to generate a search to calculate the duration when a pressure value drops below a certain threshold?

How to set up an alert for VPN user who connects from a different city and country?

How to convert this SQL query to splunk search

How to edit my search to calculate the error ratio by a certain field?

How to use regular expression to cut the beginning of an Exception message?

How to enable users to select from a set of chart types on a panel?

How to add my regular expression to a search?

Why is my table search not displaying the application name?

Is there a search to check if the universal forwarder has enabled forceTimeBasedAutoLB?

Why does my regular expression ignore escaped double quotes in value?

How to add values of multiple fields and display daily total for past 7 days

How can i return values for a field that has 0 events?

how to edit my search to set an alert when disk usage is 60% and above?

How to ignore some events at index time?

how to remove white space in the beginning of string value in field?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!