Splunk Search

Discussions

Thread Info

Need to change the field delimiter after extraction

example as below. The output that i am receiving is separated by commas.. it is possible to get the output separated ...

by Explorer in

How to use an addcoltotals result for eval?

Hello dear Splunk experts  I have this in my search: addcoltotals labelfield=fieldtosum label=TOTAL Howev...

by Motivator in

How to change the source value in my search when I change the date time range?

hi I want to change the source on my request when the timechange. I'll explain: I have a lot of directories nam...

by Contributor in

How do I edit my Splunk search to identify the top database queries with the slowest performance?

I have a Splunk search that extracts from the events for various queries executed and time taken by them. I want to f...

by New Member in

How to edit my search to get expected output

EVENT1) 20160718T164839.608 GMT INFO MESSAGE=" RES" SNAME="ABCD" ACCNO="123456" EVENT2) 20160718T164831.111 GMT INFO...

by New Member in

Can eval evaluate Cosines?

by Splunk Employee in

Consolidating table entries

192.168.1.7 |table Realm, Role I have a search and I'm trying to consolidate to unique combinations of Realm and R...

by Explorer in

Subsearch not Working

I believe I fully understand the concept of subsearches and have used it a few times perfectly, however, I can't get ...

by New Member in

Why is my transaction search grouping two start events together and no end?

Hi, I am trying to create transactions that begin with a start event and end with an end event, so I can find even...

by Engager in

Show a chart based on host found in another search

Ok, So I have two searches that work great. One will find computers with slow ping times. The other will create a cha...

by Path Finder in

How to join log file with a lookup file?

I have indexed one log file in which Job name, job status and time are the fileds. Also, I have one lookup file which...

by New Member in

Lookup does not return data

I am doing a small proof of concept on lookup command. I have a look up csv file with the table: env status ...

by Contributor in

how can I troubleshoot logs not getting forwarded to indexers

Hi, I have splunkforwarder installed to monitor garbage collection for glassfish servers A and B side. I have a da...

by Loves-to-Learn Lots in

Combining multiple independent searches result into excel/csv file and send a single mail

Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a singl...

by Path Finder in

How to change the color of a bar if it is the highest value in the chart?

Hi, I'm trying to figure out a way to change the color of one of the bars in a series to RED if that bar happens t...

by Motivator in

In Advanced XML, can a search output to a collect?

I have this code which is intended to just write one event to a tracking index when a user clicks a button: <modul...

by Motivator in

How to overlap two bars in a Splunk chart?

I have this search that counts the times a product has been purchased and the times the same product has been purchas...

by Explorer in

After upgrading from 5.0 to 6.4, getting a regex error issue at startup related to dashes, i think

Bad regex value: '(?i) .*? (?P<foo-bar>\[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+)(?= )', of param: props...

by Communicator in

Finding the number of unique ip-addresses per country using geostats

So what I have been able to do is display the total event count in each country/region using host="NC-CORP-3098-Ac...

by New Member in

Regex that covers both cases

I have the following log events both on the same source log: Log 1: [21/Jul/2016:11:34:28 +0000] 99.125.125.201...

by Motivator in

timepicker and real time

Hi friends I am using timepicker to select a time range, and pass it to dbquery command to search the database. ...

by Path Finder in

fields.conf

Hi, I read the field.conf examples, but I still don't understand how to set it up. I am using Field Extraction fro...

by Communicator in

difference between NOT and !=

Hi fellow Splunkers, I just fell over the difference between "NOT src_ip=1.2.3.4" and "src_ip!=1.2.3.4" in a bases...

by Path Finder in

how to remove characters from strings

Hi all, I have some value under geologic_city fields as below, but it has some problems. For example, actually Ans...

by Path Finder in

How do I add days taken from a field to a date field?

I have a field called "date"(2016-07-21) and a field called "countdown"(e.g. 30) which shows the number of days. How ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Need to change the field delimiter after extraction

How to use an addcoltotals result for eval?

How to change the source value in my search when I change the date time range?

How do I edit my Splunk search to identify the top database queries with the slowest performance?

How to edit my search to get expected output

Can eval evaluate Cosines?

Consolidating table entries

Subsearch not Working

Why is my transaction search grouping two start events together and no end?

Show a chart based on host found in another search

How to join log file with a lookup file?

Lookup does not return data

how can I troubleshoot logs not getting forwarded to indexers

Combining multiple independent searches result into excel/csv file and send a single mail

How to change the color of a bar if it is the highest value in the chart?

In Advanced XML, can a search output to a collect?

How to overlap two bars in a Splunk chart?

After upgrading from 5.0 to 6.4, getting a regex error issue at startup related to dashes, i think

Finding the number of unique ip-addresses per country using geostats

Regex that covers both cases

timepicker and real time

fields.conf

difference between NOT and !=

how to remove characters from strings

How do I add days taken from a field to a date field?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...