Splunk Search

Discussions

Thread Info

Help with Regex...?

I'm trying to extract the following from this regex...somehow i am not able to get the browser agent and status... ...

by Builder in

How to create a dashboard search with the condition "If status is not success, show error code, type, and message on the same row"?

I want to create a dashboard with a table listing integration name and execution status with the following condition:...

by Explorer in

I would like to use field value * as regex to match all values in my search

Hello, I have dashboard with drop-down button. Token for button is named Area. Values are: Name - Value: All Area...

by New Member in

How to remove clients with more than one hits?

I have data in this format: client=green value=house client=yellow value=appartement client=black value=bungalow ...

by Builder in

How to avoid displaying duplicate logs in search results?

I am trying to search /var/log/messages log with keywords like shutdown or Error and storing it in message.log and...

by Communicator in

How to get all possible entries from two lookups?

How to get all possible entries from two lookups? For instance, lookup_1 and lookup_2 lookup_1 application ...

by Communicator in

How to edit my eventstats search to return a count of failed authentications greater than ten within a ten minute window?

Been working on a report to show the best data on authentications failed more than ten times in a time span of 10 min...

by New Member in

Unable to do timechart for a field which has varying values

I am extracting a field using regular expression, it looks like below, These are top 5 processes which is consuming h...

by Communicator in

How to use the _time field from the results of one search to run another search on another host and sourcetype?

I am looking to take the results of the following search: sourcetype="cisco:asa" AND dest_ip=10.3.10.12 AND dest_...

by Path Finder in

In a pie chart, how to convert an numerical value of an enum to a string?

The slices on my pie chart are currently displaying the numerical value of an enum, which isn't too useful. Instead o...

by New Member in

Why do my field extractions disappear from the left Fields Sidebar when more parameters are added to the search?

I lose my field extractions when I add a search parameter to my search: THIS WORKS: (I see fields on the left hand...

by New Member in

How do I add a new field extraction using transforms?

How do I add a new field extraction using the field transformations I've configured? We're using Splunk Light Clou...

by Explorer in

Using "stats max(foo)", is it possible to get the whole line of the log that contains the max value of foo?

When I use | stats max(foo) I get the largest value of foo. Is it possible to get the whole line of the log which ...

by Path Finder in

How to figure out what fields our Splunk users are searching for in their reports or dashboards?

Hi, I need to figure out what fields our Splunk users are searching for, either in their reports or dashboards. I...

by Path Finder in

How to write a search to alert if indexers are not receiving data from forwarders?

Hi Team, How do I write a search to alert me when one of the critical indexers is not receiving the data from the...

by Path Finder in

Can anyone explain what is a Splunk Base Search?

Hello Splunkers Can anyone explain in simple terms what is a Splunk Base Search?

by Explorer in

Top N results in table

by Engager in

how to pass parameters to search command

i am trying to search some strings like Error OR WARNING and IPADDRESS or HOSTNAME from /var/log/messages file and di...

by Communicator in

Extract a field/or a single value from a scheduled alert table

So I am generating an alert everyday at 2am, the alert is basically a table with several fields, now I would like the...

by Communicator in

What is being counted in this query?

What is being counted in this query? Here it is: | `tstats` count from datamodel=Authentication by _time span=10m ...

by Communicator in

Custom Eval Command or Custom Search Command as Calculated Field?

Is it possible to include a custom search command in your app as a calculated field? One that would automatically app...

by Builder in

Turn stats search into chart

Trying to find a way to put the results of this search into a chart. I know the issue is that there are 2 fields Im t...

by Builder in

Using tstats to generate list of unique users logged in over time

I'm trying to create a simple report that shows the number of unique users logged into our Cisco ASA over the course ...

by Communicator in

Error when extracting multivalue field from xml data via rex command

Hi I need to extract multivalue field from an event structured in xml. <job> <nameJob>Job1</nameJob> <executio...

by New Member in

How to best combine 2 eval searches and use timechart?

I know this is fairly simple question. I am trying to do a couple evals on userAgent fields, as I am trying not to us...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with Regex...?

How to create a dashboard search with the condition "If status is not success, show error code, type, and message on the same row"?

I would like to use field value * as regex to match all values in my search

How to remove clients with more than one hits?

How to avoid displaying duplicate logs in search results?

How to get all possible entries from two lookups?

How to edit my eventstats search to return a count of failed authentications greater than ten within a ten minute window?

Unable to do timechart for a field which has varying values

How to use the _time field from the results of one search to run another search on another host and sourcetype?

In a pie chart, how to convert an numerical value of an enum to a string?

Why do my field extractions disappear from the left Fields Sidebar when more parameters are added to the search?

How do I add a new field extraction using transforms?

Using "stats max(foo)", is it possible to get the whole line of the log that contains the max value of foo?

How to figure out what fields our Splunk users are searching for in their reports or dashboards?

How to write a search to alert if indexers are not receiving data from forwarders?

Can anyone explain what is a Splunk Base Search?

Top N results in table

how to pass parameters to search command

Extract a field/or a single value from a scheduled alert table

What is being counted in this query?

Custom Eval Command or Custom Search Command as Calculated Field?

Turn stats search into chart

Using tstats to generate list of unique users logged in over time

Error when extracting multivalue field from xml data via rex command

How to best combine 2 eval searches and use timechart?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions