Splunk Search

Discussions

Thread Info

Splunk has to segregate the Logs when we imported.

Hi I need to segregate the logs which we imported splunk. Ex:- I want to extract the logs by using the word err...

by New Member in

How to automatically remove extraneous characters from field value?

Splunk is automatically (and correctly) extracting a user field/value in a particular set of logs, I'm looking for a ...

by Path Finder in

Plot the average of a field across all locations and have it as an overlay on a chart with the count of a field across a specific location

I am trying to do a timechart on the number of rows on a particular location as shown below. Pivot Query | search...

by Explorer in

How to generate a search to find the number of created accounts?

Hi, I'm trying to run a search that alerts me when 40 accounts is created within 1 minute. I'm talking about linux...

by Explorer in

Two index related inquiries

I now have two index needs related inquiries, which indexB the B field is a subset of A field of indexA, how do I cha...

by Engager in

Joining Two Sources

Hi, i was using data from 2 different sources, and joining with join key word, my question is when i want to displ...

by Explorer in

How to extract fields from json and apply stats to plot a bar graph?

I have JSON formatted data in event as below: { "stats": [ {"name":"Facebook", "count":50}, {"name":"yahoo", "coun...

by Explorer in

what is best way to modify data before ingesting to Splunk

Hi, I am injesting some data to splunk and in my data there is no unique field to sperate different rows. So I am ...

by Builder in

using lookups to rename field values

I have a lookup file severity_lookup with two columns. One having 1,2,3,4 and other having p1,p2,p3,p4. I need to cha...

by Path Finder in

Event Breaks with FlexLM Licenses not ingesting consistently

I'm individually bringing in FlexLM files into Splunk, but alas, some of them are not parsing correctly. Some are fin...

by Explorer in

Adding 'host' field to a set diff command

My set diff query compares the values of one field from two different hosts and outputs a list of the field values th...

by Engager in

How do i display only events that aren't "backed out"?

I have a table of fields with items that are either a Credit or Debit There can be multiples of the same item. Also, ...

by Communicator in

how do you concatenate the avg(value) for perfmon process coming from two servers

Very new to Splunk and need some guidance. I believe there must be a way to index the servers to differentiate them s...

by New Member in

Filter results AFTER transaction function

I have data that requires I use "transaction" to form events. I would like to filter the resulting data by a field (S...

by Communicator in

How can I count/sum single values of ONE field

Hello together, I am new at Splunk and need help for the following issue. I have the field KitchenStuff with 5 val...

by New Member in

Extraction using regular expressions

I want to extract a character string using a regular expression. I am considering extracting the field (message ID...

by Explorer in

how to extract date from filename and add it with time from event in the same file

We have log files with names like: " my-file-log1.2017-07-25.name.log" The events in the log are like this: 060047.34...

by Contributor in

Creating a new field from a default field

MessageText= [2017-07-25T16:29:01.694+10:00]...XXXXXXXXXXXXXXXXXXXXXXXXXX at com.ofss.fc.app.Interaction.analyzeAndTh...

by New Member in

How to reverse results of dedup in the same command ?

Im having an issue when trying to dedup some values. Here are the logs of servers states im having in Splunk, from th...

by New Member in

Search for events from ip addresses in the file

Hello, This seems to be like a very easy thing to do which I can't figure out. I have a csv file with ip addresses...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk has to segregate the Logs when we imported.

How to automatically remove extraneous characters from field value?

Plot the average of a field across all locations and have it as an overlay on a chart with the count of a field across a specific location

How to generate a search to find the number of created accounts?

Two index related inquiries

Joining Two Sources

How to extract fields from json and apply stats to plot a bar graph?

what is best way to modify data before ingesting to Splunk

using lookups to rename field values

Event Breaks with FlexLM Licenses not ingesting consistently

Adding 'host' field to a set diff command

How do i display only events that aren't "backed out"?

how do you concatenate the avg(value) for perfmon process coming from two servers

Filter results AFTER transaction function

How can I count/sum single values of ONE field

Extraction using regular expressions

how to extract date from filename and add it with time from event in the same file

Creating a new field from a default field

How to reverse results of dedup in the same command ?

Search for events from ip addresses in the file

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...