Splunk Search

Discussions

Thread Info

How to use "rex" instead of "replace" to search for strings with spaces?

I was using REPLACE and that works fine until I found out that I cannot search for a string with spaces. For instance...

by Communicator in

How to edit my search to aggregate the values from all disks in a single value and display a line representing IOPS from these disks?

Hi folks, I'm using the following search to display a graph with the disk throughput (IOPS) for every disk in a host:...

by Explorer in

Retrace automatically

Hi! I successfully uploaded my ProGuard mapping. I also managed to retrace a stacktrace of an error. However, it w...

by New Member in

Using an app generated log file, how to generate a search that will determine and visualize a host's running status?

I'll include the "Splunk newb here" disclaimer to start off with... I have an agent that drops a new event every 5...

by Path Finder in

How to extract a multivalue index-time field from another multivalue index-time field?

I'm trying to extract two index-time fields from the input stream. Both should be multivalued. I successfully extract...

by Builder in

How to edit my search to allow filtering by date and time on a dashboard?

The search below works only in reports, not in dashboards sourcetype=ped_venda_e_remessa_via_arq Tipo_Linha=WS |fi...

by Splunk Employee in

How to use the earliest and latest value found (passed from subsearch to outer search) to calculate duration?

I have a batch job that may run multiple times per day. The log format is as follows, I need a table with the ...

by Path Finder in

How to append columns based on searches, and row values with lookups?

Hi all. I have a lookup table (data.csv) that looks like: ID TYPE PRICE 1 Type1 3,23 2 ...

by Builder in

How to extract a new field that contains the domain name for machines on the network?

Hi, I'm importing data from Nmap and would like to get the full domain name for the machines on the network. The ...

by Engager in

How do I configure a search to count 14 days between now and a timestamp within my event?

We've ingested some database tables for data that consists of changes being made in our environment. I'm looking to c...

by Communicator in

Extracting multiple values from a multivalue field: using rex vs. props.conf or transforms.conf

This is a follow-up to my previous question. In there, I managed to extract a multivalue index-time field, but cou...

by Builder in

Is there an efficient way to search for entries containing a specific substring of an indexed word?

I'm not entirely certain exactly how the search optimization in Splunk works. Certainly, if I search only for a rare ...

by Explorer in

How to edit my search to separate values in a column into two columns in my resulting table?

I have the table like this: time info id response time start time1 in 571 end t...

by Explorer in

How do I aggregate individual searches into a single search?

Hi. My organization is looking at identifying individual users (UserID) who have failed authentication(logon) >5 t...

by New Member in

rex construction help

Hi there I´m creating a REX to extract data from a raw field like this 2013-07-08T09:33:59.899088-05:00 10.27.253.125...

by New Member in

How to edit my search to replace an eval field with another field using stats sum?

Hi all. I have a search like this: index=data sourcetype=log* Type=INS finalStatus=done | eventstats values(f...

by Builder in

How to dynamically exclude a value for a day in a graph if the day is incomplete?

If I have a search for using earliest and latest, say 1st of Dec 16 to 1st Feb 2017, this will draw a graph. But if I...

by Motivator in

How to extract a field value to use as a search term for filtering?

Hello, I need a way to extract/convert a field value to a search condition. Example: field_value= "src_ip=1...

by Explorer in

Is the duration field always in seconds? (transaction command)

Greetings everyone, I just want to verify that the transaction generated duration field is always in seconds. it does...

by Builder in

How to create a time chart with values from eventstats?

Hi all. I have a search like this: index=log sourcetype=data TYPE="PLATFORM" | timechart span=1d count by ARE...

by Builder in

Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs?

I have a scheduled report, which is generating a lookup table. In this lookup csv, there is a field called "adjust", ...

by Communicator in

How to compare two fields values for two different time ranges

index=nessus severity!=informational severity!=low severity!=medium earliest=-1mon@mon latest=-0mon@mon | top 0 signa...

by New Member in

Is there a way to instruct Splunk to begin a search with the oldest event?

Is there a way to instruct Splunk to begin searching from a specific time forward instead of backwards from the curre...

by Explorer in

How to combine my 2 searches?

Hi, splunk Version 6.5.0 I try to combine 2 seaches and get 1 result of them, I tried the following without any...

by Path Finder in

How to filter on multiple values from multiple fields?

Hi, I have a log file that generates about 14 fields I am interested in, and of those fields, I need to look at a...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use "rex" instead of "replace" to search for strings with spaces?

How to edit my search to aggregate the values from all disks in a single value and display a line representing IOPS from these disks?

Retrace automatically

Using an app generated log file, how to generate a search that will determine and visualize a host's running status?

How to extract a multivalue index-time field from another multivalue index-time field?

How to edit my search to allow filtering by date and time on a dashboard?

How to use the earliest and latest value found (passed from subsearch to outer search) to calculate duration?

How to append columns based on searches, and row values with lookups?

How to extract a new field that contains the domain name for machines on the network?

How do I configure a search to count 14 days between now and a timestamp within my event?

Extracting multiple values from a multivalue field: using rex vs. props.conf or transforms.conf

Is there an efficient way to search for entries containing a specific substring of an indexed word?

How to edit my search to separate values in a column into two columns in my resulting table?

How do I aggregate individual searches into a single search?

rex construction help

How to edit my search to replace an eval field with another field using stats sum?

How to dynamically exclude a value for a day in a graph if the day is incomplete?

How to extract a field value to use as a search term for filtering?

Is the duration field always in seconds? (transaction command)

How to create a time chart with values from eventstats?

Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs?

How to compare two fields values for two different time ranges

Is there a way to instruct Splunk to begin a search with the oldest event?

How to combine my 2 searches?

How to filter on multiple values from multiple fields?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions