Splunk Search

Ask a Question

Discussions

Thread Info

How to edit my regular expression to extract these fields from my sample data using rex?

Looking for some help with rex. The raw data looks like this, value= Name : SiteScope.exe MemGB : 6568 Name : powe...

by Communicator in

regex help

Not the best regex king, so I need some help please within the field "From" in my data there are emails. Within th...

by Contributor in

Correlating two different Vendor types

Hello, Lets say I have a firewall and an IPS and I wanted to correlate based on source IP I'm trying to figure out...

by Communicator in

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

How do I extract a substring from a field value, ignoring a word containing a particular character, let's say %2. ...

by Explorer in

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Hi, Great documentation at: http://dev.splunk.com/view/python-sdk/SP-CAAAEE5#getcollparams I'd like to know wha...

by Explorer in

Field Extraction on the command Netstat command?

All, So I am playing with the netstat feature in Splunk for Unix. There does not seem to be field extractions for...

by Builder in

How to edit my search to remove .000 from the end of a time field (HH:MM.000)?

I have a search that creates a time in HH:MM and looks like 04:34.000. How can I drop the .000 at the end of this? He...

by Path Finder in

Splunk JavaScript API getting stats in a search

I am using the Splunk JavaScript API to create a dashboard to aggregate data. One of my searches that I want literall...

by Engager in

Show the time range of a search in HH:MM in a table

I would like to show the HH:MM of my search as a field in a table. How can I set that up as a field?

by Path Finder in

Help creating backfill script

Hi there, Can someone help me create my backfill script? I am creating a new summary index that runs every 10min w...

by Builder in

Get sources configured under all apps in deployment server splunk

Hi, We have 100 's of in our splunk system, what i need is, what are configured Forwarder Inputs in splunk system ...

by Path Finder in

Show bar chart labels in the bar

Currently Splunk puts the bar chart labels off to the left and truncates them which makes things really hard to read:...

by Explorer in

Fire an alert when count of a particular value in one column is greater than something

Hello, I have a query like so: source=“some-source.log” MySearchQuery | stats count by user, host_name which produ...

by Engager in

Scheduling multiple searches

Hi, I am trying to schedule 60 saved searches with summery indexing. There are for 5 different searches, each with...

by Explorer in

Concatenating stats results and visualizing as a single value

Hi there index=someIndex | stats = sum(fieldA) as one, sum(fieldB) as two I would like to display the result in th...

by Engager in

How to convert values for a time field to find max and average values with stats?

We have a field with data 00 00:01:00.209 00 00:00:59.540 00 00:00:10.528 00 00:00:10.014 00 00:00:10.010 00 00:00:09...

by Explorer in

How do I sum similarly named fields from nested JSON?

I have JSON events with a sub list and want to sum similarly named fields for each event. { "id": "theid", "subdat...

by Path Finder in

How do I get my SPLUNK csv excel data to display via a horizontal bar chart?

My data displays in splunk and ![I was able to generate a correct table via running the command index=cmadam host=kot...

by New Member in

How to report on how long a field equaled a specific value, and show the result as a percentage of time? (aka true uptime)

Here is the sample set of data, simplified: Aug 8 11:00:00 host=host1 status_code=UP Aug 8 12:20:00 host=host1 s...

by Path Finder in

Regex match till end of event?

Not sure why I cant find this, but the following is not working. |rex field=_raw "(?i)response=(?<responseXML>.+)$...

by Builder in

How to edit my search to find if a service is down, then trigger an alert only if the status is still down 1 minute later?

Hi , We have search that runs for every minute, and if in case it found any Service is down, it triggers an alert....

by Path Finder in

Case insensitive field value results in a count

How can I make the results of a count on the user field case insensitive? index=winevents sourcetype="WinEventLog:...

by New Member in

How to write a query where I can show the success and failure of a status?

H Form the result of a asearch i get field status- success & failed, i need to show the count of success and failed ...

by Builder in

Hunk is not filtering files based on timestamp

I have a Hunk installation that is successfully (albeit slowly) pulling data from an s3:// filesystem. However, I'm h...

by Explorer in

Assign earliest and latest _time to some other timestamp column

I want to take the earliest and latest _time and assign to some other timestamp column. For example, I have a timesta...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my regular expression to extract these fields from my sample data using rex?

regex help

Correlating two different Vendor types

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Field Extraction on the command Netstat command?

How to edit my search to remove .000 from the end of a time field (HH:MM.000)?

Splunk JavaScript API getting stats in a search

Show the time range of a search in HH:MM in a table

Help creating backfill script

Get sources configured under all apps in deployment server splunk

Show bar chart labels in the bar

Fire an alert when count of a particular value in one column is greater than something

Scheduling multiple searches

Concatenating stats results and visualizing as a single value

How to convert values for a time field to find max and average values with stats?

How do I sum similarly named fields from nested JSON?

How do I get my SPLUNK csv excel data to display via a horizontal bar chart?

How to report on how long a field equaled a specific value, and show the result as a percentage of time? (aka true uptime)

Regex match till end of event?

How to edit my search to find if a service is down, then trigger an alert only if the status is still down 1 minute later?

Case insensitive field value results in a count

How to write a query where I can show the success and failure of a status?

Hunk is not filtering files based on timestamp

Assign earliest and latest _time to some other timestamp column

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions