Splunk Search

Discussions

Thread Info

How to extract specific lines in a multiline event based on regex match?

I am trying to analyze exception logging that is written across multiple lines, and extract only certain lines of the...

by New Member in

Application Icon did not appear

Hi everyone. I am in the midst of creating an app and I have been wanting to upload an App Icon (logo) so that it ...

by New Member in

AddColTotals & Percentage Column To Listed values

Hey guys! So i have this search: index="servers" | stats count by Delivery, VDC, Manageable | eval temp=Delivery."...

by Path Finder in

Dnslookup to output multiple event list in one query

Hello Team, Can someone pls help me to built a query using dnslookup to output multiple evnt from the event list i...

by Explorer in

What is the difference between the metasearch and tstats commands?

I've been using tstats for most of the use cases that metasearch covers, and so I'm interested in what metasearch can...

by SplunkTrust in

Creating a Tabular report

I have following output in the logfile - The service /app/service/upload succeeded in 1.264000 seconds, Request: {...

by Path Finder in

Renaming column at runtime without knowing at coding time their names.

Hi. I have the following query BASE QUERY earliest=-7d latest=now | bucket _time span=7d | stats count as events ...

by Communicator in

Where condition based on date / time for imported data

Hi, I've a CSV imported data (hostname = AVGMAILCOUNT) and want to use its data based on present time values. W...

by Path Finder in

Regex to extract numbers from non unique string

Hello, I am hoping that someone with far more knowledge than myself can help with a bit of a puzzling problem I ha...

by Communicator in

Finding devices that are "off" at a date, and then counting how many of them turn "on" on each subsequent day

Hi, I'm a first time splunk user trying to figure out how to do the following: I have data describing devices, the...

by New Member in

Subsearch NOT with dbxquery

Hello Team, I do have dbquery from mysql: |dbxquery query="SELECT mac FROM pc.pc" connection=MYSQL shortnames=true...

by Path Finder in

Possible to get information about user executing a custom command in Splunk from within the Python script?

I have a custom script that I've defined as a command in commands.conf. I've tried adding passauth and enableheader, ...

by Path Finder in

Compare responseTime field toady to last week without using append

Hello, I have a problem comparing responseTime field last minute with last week (monday - sunday). Below query give t...

by Path Finder in

Map search did not find value for required atribute

Hello Team, map command is working for me but only with some fields. For example: host="10.62.140.64" CISE_Profile...

by Path Finder in

Timechart aggregation with 2 fields for a count over time

I have events of this form: fooKey="abc", fooLoc="5", fooCount="1" fooKey="def", fooLoc="10", fooCount="1" fooKey=...

by New Member in

Automatic lookup failing

I have a lookup working when I use "lookup" manually in my search. I cannot seem to get this working as an automatic ...

by Path Finder in

Log file rotation with date in file name

Hi, I have to get all (and ONLY) tomcat std out files in D:/Program Files/Apache Software Foundation/Tomcat 6.0/logs....

by Path Finder in

Searching against an mvappend generated field

We created in props.confthe following - EVAL-mod_code = mvappend(modifier_code, modifier_code2, modifier_code3, mo...

by Ultra Champion in

Make splunk return latest results first

Hi, I have a dashboard with search queries which take tens of seconds to run. The results are displayed as charts,...

by New Member in

How to include a distinct count in an eval statement?

I am currenlty trying to make a search a little more dynamic based off scanned devices rather than a static number ...

by Engager in

Best way to use multipe searchs to get shared result that can be used for percentage.

Trying to use multiple searches to get a percentage of total servers to be restored and total currently restored but ...

by Explorer in

regex statement

I am trying to extract the response time from this statement (Just the number, not the words response time or the ms ...

by Contributor in

How to convert time into the Epoch format

Hi I have a timestamp field with values as below "2016-08-25T13:30:36.82" "2016-08-25T13:13:38.737" "2016-08-25...

by Path Finder in

How to combine two different columns in a table into a single column?

I have table as below generated from splunk C:x D:x E:x F:x C:y D:y E:y F:y A 2 1 0 3 5...

by Path Finder in

Lookup issues

Having issues getting the NANP app to work (https://splunkbase.splunk.com/app/1515/) I have the following search b...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract specific lines in a multiline event based on regex match?

Application Icon did not appear

AddColTotals & Percentage Column To Listed values

Dnslookup to output multiple event list in one query

What is the difference between the metasearch and tstats commands?

Creating a Tabular report

Renaming column at runtime without knowing at coding time their names.

Where condition based on date / time for imported data

Regex to extract numbers from non unique string

Finding devices that are "off" at a date, and then counting how many of them turn "on" on each subsequent day

Subsearch NOT with dbxquery

Possible to get information about user executing a custom command in Splunk from within the Python script?

Compare responseTime field toady to last week without using append

Map search did not find value for required atribute

Timechart aggregation with 2 fields for a count over time

Automatic lookup failing

Log file rotation with date in file name

Searching against an mvappend generated field

Make splunk return latest results first

How to include a distinct count in an eval statement?

Best way to use multipe searchs to get shared result that can be used for percentage.

regex statement

How to convert time into the Epoch format

How to combine two different columns in a table into a single column?

Lookup issues

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions