Splunk Search

Discussions

Thread Info

How can I optimize and improve the performance of my search?

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_d...

by Explorer in

How do I use results from a search in my custom command?

I'm trying to use data from a search in a custom command. source | scrapy url=uri This gives me the following ...

by Explorer in

How do I write a search to filter out certain values for a field?

Hey Fellow Splunkers I have an issue when searching for similar events that are only unique by one character. ...

by Path Finder in

Using "stats count by" after "case eval", why am I not getting any results?

Hello, I'm trying to change a value of a field using eval case then do a stats count based on that field. I'm gett...

by Explorer in

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

I want to alert based off a current value and if that value increases over a threshold within a set time. I want t...

by Contributor in

How to rename a field name with curly braces to compare it to a field in a lookup?

How can I rename a field name with curly braces attached to it e.g. cxy{} and then compare to a field within a lookup...

by Explorer in

How to search and trigger an alert if the same value repeats more than once in a certain field for that particular event?

For example: :Report=99,10,99 In this case value 99 occurred twice in this field, so I need to pick this event...

by Explorer in

How to find events which have a certain field which occurs more than once?

I have some events which have a field which is named variable. So the event will be like.. field1="a" field2="b" v...

by Engager in

How to edit my regular expression to extract values from a logfile that begin with "FNR" and are 10 alphanumeric characters long?

I'm trying to use a regular expression to grab words out of a logfile that begin with "FNR" and are exactly 10 alphan...

by New Member in

How to have lookup iplocation fields added to all events at index time?

I would like to have iplocation fields added to all events when they're ingested and have verified the lookup works i...

by New Member in

How to convert epoch timestamp to readable date format?

Hi, I am browsing information on one of our ticketing server databases, however, when I try to show table contents...

by Engager in

Converting String to date

I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some...

by Explorer in

How to retain a column after an append

Hi guys, I'm really new to Splunk, and probably have no idea what's actually going on with my search, so please be...

by New Member in

How do I edit my XML to drill down from a table to a timechart?

Hi, First time doing drill downs, so pardon the newbie question. I'm having a tough time grasping the drilldown c...

by Motivator in

How do I extract a number from the raw message

How do I extract the following which always occurs as the last part of the raw text in message e.g "Took 13983.1468ms...

by Explorer in

Disable drilldown to search window / Stopping a user from using the Splunk Query window

In previous version of the Splunk one could goto the Edit Icon in each page and could Disable/Enable the drilldown ...

by Communicator in

Help debugging job inspector data

When i run search: index=my_summary sourcetype=stash ip=13.13.137.13 | head 5 Job inspector's "normalizedSearch" a...

by Communicator in

How to optimize a search for a non-prefixed wildcard (field=*suffix)?

I have data which contain a field with a lot of values and has duplicates on almost every one - a barcode, scanned in...

by Builder in

Why is my search not producing an average in the resulting stats table?

Hello Splunk Ninjas I'm trying to create a SPL query that displays the avg and max response time. When I run my s...

by Explorer in

How can I use iplocation to include the IP in my alert search results for account lockouts?

I have a search to alert on account lockouts: index=winsec EventCodeDescription="A user account was locked out"|de...

by Path Finder in

How can I make use of a search string and token to display text in panels?

I am developing a dashboard to analyze users logs from an email application. The dashboard has a Time (Time Picker) a...

by New Member in

i am looking for a particular string match in a log file. whenever it sees the String it should alert me with an email.

Kindly help me with crontab schedule and Trigger Conditions. Am confused in that part. If string matches what should ...

by Explorer in

Filter logs by thread name and display in table

Hi, I am new to splunk and know the basics of search. Below is how my logs looks like. 2016-08-03 23:51:00,607 INF...

by New Member in

Simple eval + stats count by 2 fields not working

What am I doing wrong? I've tried several iterations of the following all which return 2 columns with a count of 0: ...

by Champion in

Rex for a field with varying number of values

I have some values in a fied which are email addresses. eg: Values of F may be "[""email_type2@gmail.com""]" "[""e...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I optimize and improve the performance of my search?

How do I use results from a search in my custom command?

How do I write a search to filter out certain values for a field?

Using "stats count by" after "case eval", why am I not getting any results?

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

How to rename a field name with curly braces to compare it to a field in a lookup?

How to search and trigger an alert if the same value repeats more than once in a certain field for that particular event?

How to find events which have a certain field which occurs more than once?

How to edit my regular expression to extract values from a logfile that begin with "FNR" and are 10 alphanumeric characters long?

How to have lookup iplocation fields added to all events at index time?

How to convert epoch timestamp to readable date format?

Converting String to date

How to retain a column after an append

How do I edit my XML to drill down from a table to a timechart?

How do I extract a number from the raw message

Disable drilldown to search window / Stopping a user from using the Splunk Query window

Help debugging job inspector data

How to optimize a search for a non-prefixed wildcard (field=*suffix)?

Why is my search not producing an average in the resulting stats table?

How can I use iplocation to include the IP in my alert search results for account lockouts?

How can I make use of a search string and token to display text in panels?

i am looking for a particular string match in a log file. whenever it sees the String it should alert me with an email.

Filter logs by thread name and display in table

Simple eval + stats count by 2 fields not working

Rex for a field with varying number of values

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions