Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to Top 10 table from Index-A and match hostnames in index-B?

Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as addit...

by Loves-to-Learn in

Is it possible to use wildcards in tag definitions?

Hi, is it possible to use a wildcard in the field value pair settings? This way doesn't work for me: field v...

by Motivator in

Unable to get the correct min and max values.

I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns fa...

by Engager in

Can you explain the syntax of the foreach command beyond what's in the Docs?

Hi, I'm trying to understand the syntax of foreach, I've had a look at the documentation, but it's just too diffic...

by Path Finder in

Issue with real-time searches for metadata running because of ui-prefs.conf settings.

When we launch Splunk Home or Search page, there is this metadata that runs in real-time eating up our resources avai...

by Engager in

Custom Command not staying alive

I am using the SDK to create my first custom search command. I'm using the Splunk Free version to test it out. It ...

by Contributor in

Error when trying to add token to limit table results in a search?

I recreated the dashboard using the report search and have the search returning all of the table results. I have an i...

by Engager in

How to separate fields and create a pie chart of status count?

Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-...

by Explorer in

How to create a search that compares two log files and displays results in a table format?

I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680...

by Explorer in

Using fieldformat and rename

Hey there, I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current...

by Explorer in

Two evals in one query , query not returning results

Hi All, I have the following query with 5 source types and 2 evals in one query, common field between source types is...

by Explorer in

Streamstats change state count

Hi below is my sample data- Date source State 29-05-20 01:00:00 a...

by Builder in

How to extract two values from a string using regex?

I'm requesting help constructing a regular expression for the following: I need to extract two values from the str...

by New Member in

Remove host name in Account_Name field

When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. W...

by Explorer in

Extracting a field thats not recognized

My rawdata from log is below METHOD="POST" URI="CALLOUT-LOG" USER_ID_DERIVED="00532000004sefcAAA" EVENT_TYPE="Apex...

by New Member in

Export raw logs from specific time

I have a specific source type and hosts that I want to export the raw logs for the past 24h is there a way to do that...

by Explorer in

Filter out events based on other events WITHOUT using JOIN/Subsearch

I have a index named Events Example events: AccountCreated { "AccountId": 1234, "EventName": "AccountC...

by Explorer in

Help regex for masking

Hi, Can someone please help me regex a password field to mask data? I've been trying to figure out how to mask ...

by Explorer in

Error message when running a subsearch after upgrading to Splunk 8.0.4.: "StatsFileReader file open failed file".

Hi all, Upon a recent upgrade to Splunk 8.0.4, I started seeing this error message when running a subsearch agains...

by Contributor in

How to extract a key and value from the json data?

Hi all, I am not able to extract the below-given value from the JSON file fields are "initiator": test_abce, "release...

by Path Finder in

Splunk Search

Discussions

How to Top 10 table from Index-A and match hostnames in index-B?

Is it possible to use wildcards in tag definitions?

Unable to get the correct min and max values.

Can you explain the syntax of the foreach command beyond what's in the Docs?

Issue with real-time searches for metadata running because of ui-prefs.conf settings.

Custom Command not staying alive

Error when trying to add token to limit table results in a search?

How to separate fields and create a pie chart of status count?

How to create a search that compares two log files and displays results in a table format?

Using fieldformat and rename

Two evals in one query , query not returning results

Streamstats change state count

How to extract two values from a string using regex?

Remove host name in Account_Name field

Extracting a field thats not recognized

Export raw logs from specific time

Filter out events based on other events WITHOUT using JOIN/Subsearch

Help regex for masking

Error message when running a subsearch after upgrading to Splunk 8.0.4.: "StatsFileReader file open failed file".

How to extract a key and value from the json data?

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Regex Condition for JSON

Splunk Eventgen | Count of events generated

Why does stats via python SDK export returns mult...

Problem at Encoding - Jirra Issues Collector

Chart With time as the data points

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >