Splunk Search

Ask a Question

Discussions

Thread Info

How to graph the sum of field A where field B=TRUE and field C=FALSE into a timechart by day?

The question is the simple case of one set of conditions. My goal is to line graph (4) variations in one chart: su...

by Engager in

How to compare values based on other fields

Hi all, So I'm working with log files, and here's a sample entry, 8:09:03 IN: "field1" "user1" 8:09:04...

by New Member in

Why are REPORT field extractions not being applied in my distributed search environment?

Hey all, Using Splunk 6.0.2 across the board, I'm trying to extract key="value" pairs from WinEventLog entries pre...

by Path Finder in

How to change the search based on a clicked table value?

Newbie here so please bear with me  I created a table using stats count with 3 columns. What I also did is t...

by Engager in

How to extract all the values from a field and use it in a search?

Hi, I am currently trying to find all the events that contain the phrase "ERROR" and based on their IDs, I want to...

by Path Finder in

How to configure wildcard matching against lookups in Splunk Cloud?

Hello I need to give a lookup table search the ability to use wildcards against the values contained in the lookup...

by Path Finder in

How to get a stats count by field values from my current table?

Hi Team, I have a table in Splunk which is as below Name Val1 Val2 Val3 Val4 abc YES No...

by Communicator in

How do I edit my search to merge fields?

Hi all, I'm trying to merge fields. I need to have each value separately, but here I can see a group value as stri...

by Builder in

How to combine these 2 searches on a certain field?

Hi, We are looking to join 2 searches using a field called UserID Can someone help us? Below are the basic sea...

by Path Finder in

How to search top 10 error codes in an environment?

Hi. I am new to Splunk and was looking for a search which can give me the list of the top 10 error codes occurring...

by New Member in

How to write a search to find the count of Reported and Non-Reported Users with the total based on a lookup and bluecoat index?

Hi. I tried to get a summary of a covered or a non-covered users from a given lookup vs. an index, i.e. bluecoat....

by Communicator in

How do I group time values together by another field?

I'm trying to get my table to group events by Source IP. The search counts the number web traffic hits by Source IP a...

by Engager in

Power ユーザーで作成した Field Extraction の共有ができない

SplunkWeb から Power ユーザーで作成で Field Extraction を作成する際に、Extraction名称および権限の設定を行い Finish > ボタンを押下すると、下記のようなadmin_all_objec...

by Communicator in

Is it possible to use a report as a searchable data set?

I have built a report that counts the number of times a user has gone to a particular website on an hourly basis and ...

by Engager in

After moving DB folders back into Thaweddb, then rebuilt and restarted the indexer, why are events still not searchable?

While I wait for Splunk support to get back to me on my case, I'll pose the problem here. After moving DB folders ...

by Explorer in

Regex to match everything after the last occurence of a character

I did not anticipate I'd struggle this much for what seemed like such a simple task. The logs I am trying to parse...

by Path Finder in

How to write a search to find first time account usage for Windows accounts?

I'm looking for a custom built search string for finding first time account usage for Windows accounts. Any suggestio...

by Explorer in

How do I edit my "rex mode=sed..." statement to remove square brackets and the content within them from a field?

Hi, I need to remove square brackets and content within it from a field in a search. eg: Input: My name is Joh...

by Explorer in

How to get only 2 decimal values without rounding?

I have the value in the field as mentioned below .. data 1234.456 1256.445 12.456 156.446 I need the output as ...

by Explorer in

When running a search in Splunk 6.2.6, why do results not display and I only see the message "Finalizing job..."?

Hi Team. I am using SPLUNK version 6.2.6 and when I run my search in search app, I could see it's executing for a ...

by Motivator in

rex regex to extract first folder name from the path

Hello, My source filed has value such as, */icsws/log/INSTANCE1/was/base/icsws_ca_server/SystemOut.log* /icsws*...

by Communicator in

How to edit my search to calculate time availability based on gaps between logs?

I would like to calculate availability time based on gaps between logs so far I have this: index=servers sourcetyp...

by New Member in

Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager?

Hi, I am having a problem with the disk usage quota. Actually, I have this error message whenever I try to make a...

by Path Finder in

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

Hi, I'm trying to plot all carpark locations on the Splunk Map. I have a lookup CSV file with the following colum...

by Path Finder in

Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations?

<141>Jun 99 15:03:13 f5-vpn-99 zzm1[3645]: 01490506:5: fi87dde3: Received User-Agent header: Mozilla%2f5 <141>Jun 99 ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to graph the sum of field A where field B=TRUE and field C=FALSE into a timechart by day?

How to compare values based on other fields

Why are REPORT field extractions not being applied in my distributed search environment?

How to change the search based on a clicked table value?

How to extract all the values from a field and use it in a search?

How to configure wildcard matching against lookups in Splunk Cloud?

How to get a stats count by field values from my current table?

How do I edit my search to merge fields?

How to combine these 2 searches on a certain field?

How to search top 10 error codes in an environment?

How to write a search to find the count of Reported and Non-Reported Users with the total based on a lookup and bluecoat index?

How do I group time values together by another field?

Power ユーザーで作成した Field Extraction の共有ができない

Is it possible to use a report as a searchable data set?

After moving DB folders back into Thaweddb, then rebuilt and restarted the indexer, why are events still not searchable?

Regex to match everything after the last occurence of a character

How to write a search to find first time account usage for Windows accounts?

How do I edit my "rex mode=sed..." statement to remove square brackets and the content within them from a field?

How to get only 2 decimal values without rounding?

When running a search in Splunk 6.2.6, why do results not display and I only see the message "Finalizing job..."?

rex regex to extract first folder name from the path

How to edit my search to calculate time availability based on gaps between logs?

Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager?

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations?

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Configuration initialization took longer than expe...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions