Splunk Search

Ask a Question

Discussions

Thread Info

All results are not returned with multiple field exclusions

Hello, I am having some issues with using multiple field exclusions as not all results are being returned (only th...

by Explorer in

How to write a search to extract these field values from my sample data without mismatch and export to CSV?

Below is my applogs data: {"name":"blink-api-manager","submodule":"perfLogger","level":30,"req":{"url":"/api/accou...

by New Member in

Get the latest event status of the Jobs (re-submitted repeatedly)

Splunk Query: 2016-06-12 00:48:29,834 INFO [MainThread][PID:3143] item: AR001SJFBS valid_audio_path: /PROXY_AUDIO...

by Engager in

How do I find all the possible fields from our raw logs for a particular index, excluding internal fields generated by Splunk?

Hi all, I'm trying to create a guide for my colleagues regarding the raw logs on Splunk, but I'm stuck as I'm not ...

by Communicator in

Dotted Line Chart

Is it possible to create a dotted Line Chart in splunk using Advanced XML?

by Builder in

When I run a search by itself, it works fine, but when I run it as a subsearch, why is the resulting table empty?

index=a | eval SPLITid=[search index=b | eval tempid= substr(SPLITLOTID,2,8) | return $tempid ] | table SPLITid W...

by Explorer in

Alert if src_ip or dest_ip exists in lookup table

I want to create an alert that triggers when a src_ip OR dest_ip exists in a lookup table (e.g. threat_ip_list.csv). ...

by Explorer in

How to add "LIKE" instead of "=" and add wildcard to search?

<title>Routers</title> | dbquery "routerdb" "SELECT DEVICE_LOC FROM routerdb.LKP_LOCATION_EDITED WHERE METRO_CITY...

by Engager in

How to break Weblogic JVM events using regex with multiple timestamps & exceptions in single event

Hi All, I have the following JVM logs: May 8, 2016 1:26:26 AM IST Warning Socket BEA-000449 Closing socket as n...

by Champion in

Can someone direct me to the Release Notes for 6.4.2?

After upgrading to 6.4.1 I am seeing a message that says "A new major or minor version is available for upgrade" and ...

by Path Finder in

Search issue: Error in Surrounding

On event actions under show source my users are getting the following error: Streamed search execute failed becaus...

by Explorer in

How to edit my eval syntax to create a new field for null values?

I'm trying to create a new field for some null values. I tried this, but it still shows the null value. eval Reboo...

by Path Finder in

splunk btool check --debug output

Hello. I am on my Enterprise Security Search head and this is the output from the subject command (Minus the Checking...

by Builder in

Field extraction not working

Hello I have a field extraction to extract email address from a wso2 log and rename it as user. So this log: ...

by Builder in

Search to Identify when a host stops sending logs to Splunk

Hello, I have this search string to identify hosts that have stopped sending logs to Splunk, however the search st...

by New Member in

DEDUP with Multiple Values not Working

I have vulnerability detection in Splunk where there is the possibility of duplicate QID, IP and PORT, so I run a sea...

by New Member in

How to create a report to get session based user-agent statistics on a per site basis (from Tomcat logs)?

Hey there, I've been learning how to use the search features in Splunk and trying to find a way to get some user-a...

by Communicator in

How to search and extract SSH user accounts which are logged in with an interactive login based on my sample data?

Hi Team, I am looking for a Splunk search to get a statistics table output I am looking for is the SSH user acc...

by Explorer in

How do I separate each IP and corresponding time field into separate events to get an average and plot on a timechart?

Hey guys. I have events like this "ip delay|" every second: 10.161.30.19 0.290|10.2.10.151 0.793|10.2.10.152 0.596...

by Communicator in

How do I present my search results as a percentage instead of a count?

Hi everybody! My database has to many properties, but important properties to set in my Dashboard starting with "U...

by New Member in

How to subtract one field value from another field value for each event?

Hello, We have two fields: elapsedMs and backendServiceMillis. Both have only numeric values. How can we display a...

by Communicator in

How do I expand this multivalue field?

All, We are currently getting a log like this from our F5. xff="1.2.3.4, 4.3.2.1, 4.2.2.2, 9.8.7.1" I'd...

by Builder in

How to create and trigger an alert when specific Active Directory users from a CSV file get locked out?

I have one CSV file containing important user names. I want to create an alert/correlation rule whenever the user fro...

by Communicator in

How to change x-axis increments on a column chart?

I have a column chart with 4 bars, with the values 2, 10, 46, and 50. The spacing between these 4 bars are the same a...

by Engager in

Join with subsearch doesn't gives me expected results

Query1-Results: ProxiesProcessed,Status Query2-Results: ProxiesProcessed,Audio_Tracks,year_mm_dd Join Query: ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

All results are not returned with multiple field exclusions

How to write a search to extract these field values from my sample data without mismatch and export to CSV?

Get the latest event status of the Jobs (re-submitted repeatedly)

How do I find all the possible fields from our raw logs for a particular index, excluding internal fields generated by Splunk?

Dotted Line Chart

When I run a search by itself, it works fine, but when I run it as a subsearch, why is the resulting table empty?

Alert if src_ip or dest_ip exists in lookup table

How to add "LIKE" instead of "=" and add wildcard to search?

How to break Weblogic JVM events using regex with multiple timestamps & exceptions in single event

Can someone direct me to the Release Notes for 6.4.2?

Search issue: Error in Surrounding

How to edit my eval syntax to create a new field for null values?

splunk btool check --debug output

Field extraction not working

Search to Identify when a host stops sending logs to Splunk

DEDUP with Multiple Values not Working

How to create a report to get session based user-agent statistics on a per site basis (from Tomcat logs)?

How to search and extract SSH user accounts which are logged in with an interactive login based on my sample data?

How do I separate each IP and corresponding time field into separate events to get an average and plot on a timechart?

How do I present my search results as a percentage instead of a count?

How to subtract one field value from another field value for each event?

How do I expand this multivalue field?

How to create and trigger an alert when specific Active Directory users from a CSV file get locked out?

How to change x-axis increments on a column chart?

Join with subsearch doesn't gives me expected results

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions