Splunk Search

Community Activity

Help with regex..? Need help with regex...should start with " end with space or ? Need entire string in a field starting with " and end... by prakash007 Builder in Splunk Search 06-21-2016 0 3	0	3
Load Time vs Event Time I know that I ca get the event time using "_time". Does Splunk keep track of the time the event was loaded into Splun... by fredclown Builder in Splunk Search 06-21-2016 1 6	1	6
How do I fix this error? "Regex: syntax error in subpattern name (missing terminator)" How do I fix this Regex syntax error in subpattern name missing terminator? Error in 'rex' command: Encountered the ... by bgdatasar New Member in Splunk Search 06-21-2016 0 1	0	1
Why am I getting error "100000 entries have been received...this search will not return metadata information for any more entries."? Hi I am getting below error when I use the metadata command. Could someone explain to me in detail what this is all ... by bsellapi New Member in Splunk Search 06-21-2016 0 5	0	5
Why am I getting "Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf"? I have an app for a custom command called disabler and I am trying to call the command by: ... \| disabler \| ... Bu... by annalisefolsen Explorer in Splunk Search 06-21-2016 0 1	0	1
My curl searches result in "Unparsable URI-encoded request data". Is curl version 7.15.5 unsupported? My curl searches result in the output Unparsable URI-encoded request data I see that many of the curl searches on... by benjaminw New Member in Splunk Search 06-21-2016 0 3	0	3
How to add the count of two different fields' values? For example: \|stats count by src_ip src_ip count 1.1.1.1 100 2.2.2.2 200 3.3.3.3 300 \|stats count by dst_ip dst... by i111040d New Member in Splunk Search 06-21-2016 0 2	0	2
Calculate average execution time for a known field Hi, I'm having issues calculating the average execution time of an available field in Splunk. I have searched for so... by mhornste Path Finder in Splunk Search 06-21-2016 0 1	0	1
How to run multiple queries at once, with calculations? I am trying to calculate TPS with the help of the queries below: Start Time Query host=X source=Y.log "data availab... by koushiknandan New Member in Splunk Search 06-21-2016 0 4	0	4
rename EventCodes Is there a way to rename EventCodes xxxx field to "description" in timechart? Here is a sample search: Account_Name... by smudge797 Path Finder in Splunk Search 06-21-2016 0 13	0	13
How to track real-time errors from SharePoint ULS logs and configure real-time alerts for this in Splunk? Hi, We are using SharePoint ULS Viewer to watch SharePoint logs which are any errors, warnings, and critical things ... by guruwells Explorer in Splunk Search 06-21-2016 0 5	0	5
Why am I unable to filter out events from payload with my current search? I have an event from which I want to filter this string: \\\"name\\\":\\\"experience\\\",\\\"status\\\":\\\"FAILURE\... by singa095 New Member in Splunk Search 06-21-2016 0 7	0	7
How do I write the regex to identify the sourceip that can be found in different locations in my logs? I have logs like below 1.1.1.1 This is my sourceip 2.2.2.2 My source ip is 1.1.1.2 I have a situation where in som... by splunkn Communicator in Splunk Search 06-21-2016 0 2	0	2
How to restrict a search string to show only one value per day? Hi, I have a SQL query running in Splunk counting the number of documents by data size (below 1MB, 1-5MB, 5-10MB, 10... by mhornste Path Finder in Splunk Search 06-21-2016 0 2	0	2
Subsearch and real-time: How to write a search to get all-time values and display them with real-time values? Below is my simple search. index="ix-lp-tps" \| stats count as CurrentCount \| appendcols [search earliest=-100y inde... by canuzun Explorer in Splunk Search 06-21-2016 0 2	0	2
XML or search examples of swim lane chart Hi All, I am looking for swim lane chart examples. Does swimlane feature of charting only inbuilt with some apps or ... by krish3 Contributor in Splunk Search 06-20-2016 0 6	0	6
How to create a regular expression to extract this string from four types of patterns in my sample data? Hi, I have the following 4 kinds of text in logs in a single file. I want to extract the string - Customer Num (star... by virtualme New Member in Splunk Search 06-20-2016 0 8	0	8
Why is my search returning a log response value that is truncated after the boolean string "true" in my sample response? Hi, I am very new to Splunk and am trying to get all the fields in response. One of the fields is actually a JSON st... by psable Explorer in Splunk Search 06-20-2016 0 7	0	7
What is the most efficient way to extract user name from my sample Message fields? What's the most efficient way to extract the user name from these messages: Message=Self-service Plug-in started (us... by smudge797 Path Finder in Splunk Search 06-20-2016 0 13	0	13
How to edit my dashboard XML with 3 text input forms to submit a search, even if only 1 or 2 text inputs have values? Hi There, I have 3 text boxes. All three may have values and sometimes only one or two text boxes will have values t... by smaran06 Path Finder in Splunk Search 06-20-2016 2 2	2	2
How to create a timechart search to compare the count for the previous 24 hour period from the current time, not day by day? I am trying to create a search to show the previous 24 hour count using timechart so I can show the previous 24 hours... by chrisduimstra Path Finder in Splunk Search 06-20-2016 0 2	0	2
How to calculate the difference between 2 different events with the same field and group them by another field that they have in common? So lets say I have 4 events, name="karina" age="23" name="Karina" age = "67" ... by kar1na New Member in Splunk Search 06-20-2016 0 1	0	1
Simple regex for capturing text between strings with different end anchors I've been battling this, and I'm not sure if it's a bug in Splunk or what. This is for a field extraction. I simply ... by Cuyose Builder in Splunk Search 06-20-2016 0 11	0	11
How to troubleshoot why a Splunk search head is stuck on "Waiting for data" trying to run a search? Hi I have an issue with a Splunk search head unable to return any search results. It is stuck on "waiting for data"... by OMohi Path Finder in Splunk Search 06-20-2016 0 3	0	3
How to write a search to group file versions by parent file? Hello all, I've been trying to do the following for hours and seems like I need some assistance. We have a bunch of ... by splunker1981 Path Finder in Splunk Search 06-20-2016 0 3	0	3

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Splunk Search

Help with regex..?

Load Time vs Event Time

How do I fix this error? "Regex: syntax error in subpattern name (missing terminator)"

Why am I getting error "100000 entries have been received...this search will not return metadata information for any more entries."?

Why am I getting "Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf"?

My curl searches result in "Unparsable URI-encoded request data". Is curl version 7.15.5 unsupported?

How to add the count of two different fields' values?

Calculate average execution time for a known field

How to run multiple queries at once, with calculations?

rename EventCodes

How to track real-time errors from SharePoint ULS logs and configure real-time alerts for this in Splunk?

Why am I unable to filter out events from payload with my current search?

How do I write the regex to identify the sourceip that can be found in different locations in my logs?

How to restrict a search string to show only one value per day?

Subsearch and real-time: How to write a search to get all-time values and display them with real-time values?

XML or search examples of swim lane chart

How to create a regular expression to extract this string from four types of patterns in my sample data?

Why is my search returning a log response value that is truncated after the boolean string "true" in my sample response?

What is the most efficient way to extract user name from my sample Message fields?

How to edit my dashboard XML with 3 text input forms to submit a search, even if only 1 or 2 text inputs have values?

How to create a timechart search to compare the count for the previous 24 hour period from the current time, not day by day?

How to calculate the difference between 2 different events with the same field and group them by another field that they have in common?

Simple regex for capturing text between strings with different end anchors

How to troubleshoot why a Splunk search head is stuck on "Waiting for data" trying to run a search?

How to write a search to group file versions by parent file?

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation