Splunk Search

Discussions

Thread Info

How to join my two searches to monitor a combination of two status fields for a rangemap condition?

Hi Splunkers, We are looking to join 2 searches in getting a single point result. Currently we have a search wh...

by Path Finder in

Heat Map: How to change the color of cells in a table based on the values?

How to change the color of the cell based on the results? I need the cells to turn red if below a certain value and t...

by Path Finder in

another rex question

Scenario, I have a field (msg) below and I need to extract the user id which is user = [abcdefg] field msg = AAA u...

by Contributor in

How to edit my search to sort the count to only show hosts that have not been seen over 2 hours?

I'm trying to sort an hour search with: eval mydiff=tostring(info_search_time-orig_time, "duration") | table orig_...

by Explorer in

How to edit my search to sort individual values in fields?

Hi all, I have the following search "result generating search"| eval z=mvzip(Bundle, Load_Time) | mvexpand z |...

by Path Finder in

Should I be escaping each backslash with a second backslash in my regex?

I'm troubleshooting a regex to match against the following data (names and IP addresses are fictional): Aug 26 10:...

by Explorer in

What are best practices around forwarding logs from Windows/Linux to Splunk and setting up searches and dashboards?

I keep searching all over the Splunk site and I actually think there is TOO much data/information. Maybe I'm looking ...

by Explorer in

How to search the percentage of values in a field?

I'm trying build a bar chart from an asset list that shows by bunit what percentage of a field called last has a valu...

by Splunk Employee in

How to edit my search to return a 0 instead of "No results" if there are no events found so that we can accurately average the output?

I have the following search which gives me the number of transactions per instance and also gives me the average over...

by Explorer in

How do I edit my search to monitor license usage status for the current day?

Before I start, I found https://answers.splunk.com/answers/187080/how-to-create-a-search-to-predict-license-violatio....

by Explorer in

How to extract the IP and customer_name field from my sample data?

Hello, I am trying to extract the IP address that is noted after START: and the customer name. A customer could h...

by Explorer in

timechart: average out value over missing time

I have bills that come in at irregular periods. Here is an example for 1 type: {name:building1Water, startDate:201...

by Builder in

How do I edit my search to find the first Value1 and first Value2 from my sample event, then calculate the difference?

Hi, I need to get the first Message REQ and first Message RES from the below event and should show my below expect...

by Explorer in

How to extract date and time from xml source file?

Hi everyone, Can you help me how to extract Date and Time from below XMLsample? Here is example of a log: ...

by Explorer in

Regex broken by addition of linebreaker

Anyone run across anything like this? Adding a linebreak breaking existing regex... To address some issues around...

by Builder in

How to write a case statement for this condition?

My values are like: Miscellanious (Field name ) Off-line|Idle|In Service| NCR Custom Edition v3.13 build578907| In...

by Explorer in

How to write the regex to extract added, removed, and changed files/directories and list them?

How can i extract the added, removed, and changed file/directory and list them to a field respectively using regular ...

by New Member in

rex extraction for field value with space

hi, would someone be so kind and help me to build a rex expression? i want to extract all "Audit ID" from this sample...

by Path Finder in

Get hour count average over days

I got data of each transaction with a customer_id in it If I want to know the daily average of count per hour, wha...

by Engager in

Is it possible to have a KV Store time-based lookup?

Hi, I have a kvstore defined based on a collection collections.conf [app2] transforms.conf [business_...

by Path Finder in

How to extract fields from multiple file source names?

Hi everybody, I'm trying to extract fields from multiple source names. It worked for one filename, but I have a lo...

by Contributor in

How do I only extract one instance of a certain field that appears in multiple logs of different formats?

If I have log files with multiple logs in them of different formats, and I only want to receive one instance of the L...

by New Member in

unable to see all the events in visualisation

Hi We are running this search [host=uswebserver12 |timechart span=5m avg(PercentProcessorTime) as CPU_Usage] and ...

by Path Finder in

How to a DNS lookup on the top 20 IP results returned from a search?

Hi All, I have a search that gives me the top 20 IP's visiting my website. I also, have a working dnslookup versi...

by Engager in

How to edit my search to pair values using "stats values()"?

Hello, I'm trying to pair values using stats values(), and I'm having some trouble. I'm searching for blocked u...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join my two searches to monitor a combination of two status fields for a rangemap condition?

Heat Map: How to change the color of cells in a table based on the values?

another rex question

How to edit my search to sort the count to only show hosts that have not been seen over 2 hours?

How to edit my search to sort individual values in fields?

Should I be escaping each backslash with a second backslash in my regex?

What are best practices around forwarding logs from Windows/Linux to Splunk and setting up searches and dashboards?

How to search the percentage of values in a field?

How to edit my search to return a 0 instead of "No results" if there are no events found so that we can accurately average the output?

How do I edit my search to monitor license usage status for the current day?

How to extract the IP and customer_name field from my sample data?

timechart: average out value over missing time

How do I edit my search to find the first Value1 and first Value2 from my sample event, then calculate the difference?

How to extract date and time from xml source file?

Regex broken by addition of linebreaker

How to write a case statement for this condition?

How to write the regex to extract added, removed, and changed files/directories and list them?

rex extraction for field value with space

Get hour count average over days

Is it possible to have a KV Store time-based lookup?

How to extract fields from multiple file source names?

How do I only extract one instance of a certain field that appears in multiple logs of different formats?

unable to see all the events in visualisation

How to a DNS lookup on the top 20 IP results returned from a search?

How to edit my search to pair values using "stats values()"?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions