Splunk Search

Discussions

Thread Info

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

When I attempt to enter very large queries into the search bar I get errors in chrome and eventually a "disconnected"...

by Path Finder in

Can you specify timezone in a REST API search?

I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexi...

by Builder in

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

| rex field=_raw max_match=0 "BodyOftheMail_Script\s=\s\[\sBEGIN\s{0,}(?<BodyOftheMail>.((.|\n)*?)(?=\s{1,}END\s\]))"...

by Engager in

How to merge two events with same field into one

I have two rows having follwing values: Name Text Count A ABC 1 A EFG 1 I want that my result should be displayed ...

by Explorer in

How to count the number of opened and closed incidents?

Hi There, I have got incidents data in below format: dateRaised, IncID, Location, Status, closedDate 05-05-20, ...

by Path Finder in

timechart linechart to display in and out per device

Hi, I have a query which gives me in_usage and out_usage for a device per metric bla bla ...| table Device metr...

by Communicator in

Not able to get number of days between now() and a date

Hi Experts, I am trying to get number of days between current date and another date being generated by my query an...

by Path Finder in

Combine Data model data with another search for a match

Hi all, I have CTI data that somes into splunk and id like to correlate for matches in indexes against the CTI dat...

by Path Finder in

Rename a field Value in a lookup file?

I have a lookup file called template.csv and it has field values, I want to rename a field value with another say man...

by Path Finder in

How can we deal with a negation of a transaction?

We have a working code that captures transactions from the firewall into the windows servers and all is perfect as th...

by Motivator in

subtract meterRead from Yesterday’s meterRead

My electric meter sends a number but I want to subtract the current from the number an hour ago, so I can chart the u...

by Explorer in

How do I change the value of a field if a condition occurs?

Hi community! I'm using Splunk Entreprise to create dashboards with my client's ServiceNow incident information. ...

by Engager in

Weekly Average Append Subsearch Optimization

Hello, I have a search where I would like to compare the count of one search result against its running weekly averag...

by Explorer in

Concurrent Active VPN Sessions on a Timechart

I'm struggling to find a working solution to show cumulative active VPN sessions on a timechart with 20m data points....

by Explorer in

How to join and get stats from same index?

Hi Experts, I have data set like below from same index but from different sourcetype, common field on which I can...

by Builder in

Why does my division of two fields return nothing?

I have the following query that is inteded to divide the "stats.hypervisor_cpu_ppm" field by 10000 and then show that...

by Explorer in

Need every time interval as a row even though the count of records is 0 in that interval

Hi, I am using below query to get the stats o/p of Total, Failure & Failure percent by couple of fields for every 15 ...

by Explorer in

Why am i unable to search a value in an extracted field?

I have a log file with three lines. 09-05-2018 10:12:15,123 ABC12I_AAA 09-05-2018 10:12:15,123 ABC12I_BBB 09-05-20...

by Explorer in

color a splunk table collumn based on value

I have a statistical table with rows and columns I need to color a particular column values either red or green based...

by Path Finder in

Howa to Extract only MPid field with the value from the raw data.

hello all How to Extract only MPid field with the value from the raw data. so that MPID=127746 i can list {"MPid...

by Path Finder in

Splunk Search

Discussions

Search Bar - large queries fail to execute and cause "Disconnected from Server" error?

Can you specify timezone in a REST API search?

I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf.

How to merge two events with same field into one

How to count the number of opened and closed incidents?

timechart linechart to display in and out per device

Not able to get number of days between now() and a date

Combine Data model data with another search for a match

Rename a field Value in a lookup file?

How can we deal with a negation of a transaction?

subtract meterRead from Yesterday’s meterRead

How do I change the value of a field if a condition occurs?

Weekly Average Append Subsearch Optimization

Concurrent Active VPN Sessions on a Timechart

How to join and get stats from same index?

Why does my division of two fields return nothing?

Need every time interval as a row even though the count of records is 0 in that interval

Why am i unable to search a value in an extracted field?

color a splunk table collumn based on value

Howa to Extract only MPid field with the value from the raw data.

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

LDAP query for users

Filtering mstats data using eventtypes and tags

Extracting fields from nested JSON event

Join field form inputlookup failed

Eval Input Token with Backslashes

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >