Splunk Search

Ask a Question

Discussions

Thread Info

How can I use the lookup command where the target field is the root of the source field?

Hello all, I have to use a lookup to get data but the problem is that the source field for the lookup is longer th...

by Motivator in

How to display my table in xyseries?

I Have the following Display Domain Application ReportingMonth Price ADD Dotnet ...

by Engager in

How to write a search to monitor data center traffic?

Hello All, I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup fi...

by Explorer in

How to search for a pair of substrings in a subsearch to filter my results?

Hi at all, I have a lookup with two fields: field1field2 I have to filter a search using the pairs of the two f...

by SplunkTrust in

How to edit my regular expression to extract a field value?

I have the following field value in field script_field. Test script /name/name/check.sh ran VM Script - xi2v I wan...

by Explorer in

What is the regular expression that will get the servlet name in a URL?

Taking an example below, I am looking to be make a regular expression that will give me name of servlet form below (a...

by New Member in

How can I combine several transactions into one search and chart

Hi, I am trying to get some performance/profiling statistics from our system. The log is very elar and aesy to rea...

by Communicator in

How to apply the predict command with group by for multiple column values in one search ?

I want to apply the predict command on multiple column values with one search. My table values are like this: ...

by Explorer in

How to create a search that will trigger an alert when there are no events?

I want to trigger an alert if there are no events in the selected time range. please help me with sample search.

by Communicator in

How to match two CSV files using lookup?

How would I match two csv files using lookups? The first csv contains a list of CIDR subnet ranges for each site and ...

by New Member in

How to find daily maximum and minimum failure rates over the last 7 days?

Hi all, the following search I have is calculating the failure rate per day over the last 7 days (set by the time pic...

by Explorer in

Why is Splunk not finding all events based on a field in a lookup file?

Hi, I have a lookup file that looks like this (filename=12-07-16_CPEs.csv) Cpe_ID 9c97265f6d0f 5898353e54ab 589...

by Motivator in

How to generate a search that displays a cumulative percentage column?

Hi I have the log below. score 1 10 2 22 3 33 4 ...

by Explorer in

How to extract the last 5 digits in my results as a new field?

How to extract the last 5 digits from the following results, I need last 5 digits as a new field 00022234 001234 0...

by Builder in

Why does highlight not highlight? What am I doing wrong?

This should be dead simple. Obviosuly I am missing something. host=tcserver1 | highlight ERROR I just want a pr...

by Communicator in

Why does my search for total index size per day not match the Distributed Management Console?

I have searched for data ingestion rate per day for a particular index using below search. And verified it with index...

by Contributor in

How to convert time format to epoch time in order to calculate difference?

Hi How to convert the time format ‎"2016‎-‎12‎-‎07T09:33:33.040875200Z" to epoch time for calculating difference ...

by Builder in

How to extract portions of an event?

I have a event which is like below. "searchString" index=ABC1............XYZ1"/searchString" 123456789 "searchStri...

by New Member in

Feature Request: CIDR matching for IPv6 in search

Could CIDR matching for IPv6 be enabled in the search command instead of piping to a where command? I have had some d...

by New Member in

How to extract fields from two separate events into two separate fields, not one single field?

The following block shows two events with their headers. The first event has four fields. The second event has five f...

by Explorer in

How to define a transaction search based on different start and end formats?

I am a Splunk newbie at beginner level. Trying to use transactions to get the length of duration of a given user sess...

by Engager in

How to generate a search that will count based on filename in the log?

Hi, i need to count the stat based on different type of source and field (based on 1st 3 char of the filename of the ...

by Path Finder in

How to generate a search that will calculate response time based on my event?

I have to take response time from given 12/07/2016 07:36:49 :: :: 090A24936 Req. : 07:36:49:450 --- 090A24936 Reply :...

by Builder in

How to create a field from value of an existing field?

i have this search index=cmedia sourcetype="adspecificsnmp" | rex field=_raw mode=sed "s/=,/=NA,/g" | rex field...

by Explorer in

Are there any limitations using on using the _raw field in an eval case statement?

Hi, I was trying to construct an eval case statement using default _raw field and observed strange results. Here i...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I use the lookup command where the target field is the root of the source field?

How to display my table in xyseries?

How to write a search to monitor data center traffic?

How to search for a pair of substrings in a subsearch to filter my results?

How to edit my regular expression to extract a field value?

What is the regular expression that will get the servlet name in a URL?

How can I combine several transactions into one search and chart

How to apply the predict command with group by for multiple column values in one search ?

How to create a search that will trigger an alert when there are no events?

How to match two CSV files using lookup?

How to find daily maximum and minimum failure rates over the last 7 days?

Why is Splunk not finding all events based on a field in a lookup file?

How to generate a search that displays a cumulative percentage column?

How to extract the last 5 digits in my results as a new field?

Why does highlight not highlight? What am I doing wrong?

Why does my search for total index size per day not match the Distributed Management Console?

How to convert time format to epoch time in order to calculate difference?

How to extract portions of an event?

Feature Request: CIDR matching for IPv6 in search

How to extract fields from two separate events into two separate fields, not one single field?

How to define a transaction search based on different start and end formats?

How to generate a search that will count based on filename in the log?

How to generate a search that will calculate response time based on my event?

How to create a field from value of an existing field?

Are there any limitations using on using the _raw field in an eval case statement?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!