Splunk Search

Discussions

Thread Info

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

Hi all, I have this expression to extract the character part of one string: ... | rex field=Equipment "^(?<TEST...

by Builder in

How do I get Splunk to use meaningful variable name labels?

I'm a Newish Splunk Power-user. I have indexed results from analyzed emails from the publicly available Enron /maildi...

by Explorer in

Why does Splunk Cloud Instance URL return "Error 500"?

My Splunk Cloud trial URL returns "Error 500". How do I recover and complete the eval? URL is https://prd-p-wls4v9...

by New Member in

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Currently I'm doing an extraction on a log file like so: [AUDIT_PARSE] REGEX = \x5b[^\x5d]+\x5d\s+(\w+)\s+(?:\x7b(...

by Explorer in

Mixed column and line chart

Is it possible to create a mixed column and line chart? Ideally, I'd like to create a chart with a couple of stacked ...

by Communicator in

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

One of our clients is trying to use REST API services. He is working on a Web/mobile team which is considering an inn...

by Explorer in

How to edit my search to find the amount of license usage per Active Directory event code?

how would i search to see how the amount of license usage per Active Directory (AD) event code? looking to add it to...

by Contributor in

How to compose a search to compare the difference between hosts?

I am trying to build an alert off based of a search that shows me only hosts that have not logged the following strin...

by New Member in

How to use an existing saved search/report as a subsearch?

I'd like to prevent code / search syntax duplication; but often times I want to use the results of a saved search to ...

by Communicator in

Save value into a variable

Hi, I use Talend Open Studio to collect data on Gitlab (via Gitlab API) and send them to Splunk. As Gitlab cont...

by New Member in

How to make combine multiple string searches and count all combinations

I am logging some settings and whether they are enabled or disabled. I want to make a table combining some of the opt...

by Engager in

extract field using rex

Hello All I have used below rex to get 585315 into field Username (?<=User\.\.\.\.\.\.\............).*?(?=\s) ...

by Path Finder in

How to edit my search to improve the performance?

One of our searches is too slow, it takes more than few minutes to execute results. We have indexed lookup data (firs...

by Explorer in

Count table value pair

I have a table like this derive from search I need to have it formatted like this. Like counting the username-de...

by New Member in

How to edit my search to calculate the average number of tickets per week based on categories?

I am trying to determine the average number of tickets per week based on the unique number of categories for the tick...

by Explorer in

How to search for all events for a transaction if there is no unique ID?

Hi everybody ... i have these kind of logs in my environment. every transaction has these 4 log messages but there is...

by Explorer in

How do I insert a label into a field using the stats command?

Good day I have been trying to create a summary row for columns of a table. I started using the addcoltotals comma...

by Explorer in

How do I pull data from a subsearch?

So I have the following search: search host="MY_IP_LIST" index="test" earliest="1/5/2017:00:00:01" latest="1/5/2017:1...

by Explorer in

How to create a new internal IP field, at search time, from src and dest IP fields?

I'd like to create a field at search time, we'll call it internal_ip. I can already filter by CIDR block and get the ...

by Communicator in

How to force a scripted input to be run at search time, in order to use remote data?

I'm writing a health check dashboard and I want to invoke one of my normal input scripts, on demand, at the time the ...

by Path Finder in

Why does using "xyseries" command return extra digits attached with the _time label?

I am trying to get a nice Y-m-d on my x axis label using xyseries but am getting a long value attached with the date ...

by Communicator in

how to restart the splunk service on Search head polling environment

Hi Team, we have search head polling environment and we have two search head in our environment, Could you please ...

by Explorer in

How to use two fields from my lookup table as search parameters?

Can someone help me with a query? I have an index which contains user login data having the date format yyyy-mm-dd hh...

by New Member in

how to detect the patterns in time series?

i want to detect the patterns in time series

by Explorer in

Timechart Table Question

Is there a way to add a column to the table below that divides each value by the IS&O to value to get a column that s...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to make a "rex" search a permanent field extraction in props.conf and transforms.conf?

How do I get Splunk to use meaningful variable name labels?

Why does Splunk Cloud Instance URL return "Error 500"?

Is there a way to to further extractions from an existing search time extraction using props.conf or transforms.conf?

Mixed column and line chart

How to troubleshoot why users get 404 not found error when querying the REST endpoints?

How to edit my search to find the amount of license usage per Active Directory event code?

How to compose a search to compare the difference between hosts?

How to use an existing saved search/report as a subsearch?

Save value into a variable

How to make combine multiple string searches and count all combinations

extract field using rex

How to edit my search to improve the performance?

Count table value pair

How to edit my search to calculate the average number of tickets per week based on categories?

How to search for all events for a transaction if there is no unique ID?

How do I insert a label into a field using the stats command?

How do I pull data from a subsearch?

How to create a new internal IP field, at search time, from src and dest IP fields?

How to force a scripted input to be run at search time, in order to use remote data?

Why does using "xyseries" command return extra digits attached with the _time label?

how to restart the splunk service on Search head polling environment

How to use two fields from my lookup table as search parameters?

how to detect the patterns in time series?

Timechart Table Question

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions