Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Facing issues in Regex of numbers

I have the following values in the field and need to write regex for this. Regex :(?P\d\,\d\d\d) Input 9 19 157...

by Contributor in

Add 2 columns in a table on applied condition

I have 3 columns in a table as below. I need to sum two colums(mag and depth) if place="7km W of Cobb,california" or...

by Explorer in

How to edit my case statement to work when added as a calculated field?

The below EVAL function is working as search command, but not working when added as calculated field myindex |EVAL...

by Communicator in

Splunk Query to list top CPU consuming process when utilisation is greater than 70%

Hello I have 2 queries, one to find top 10 CPU utilising process and 1 more for finding the avg CPU utilisation bu...

by Path Finder in

How to restrict license report to slaves via lookup?

Hi, I want to run reports against certain slaves reporting into the license manager, and filter them via a lookup....

by Champion in

How to change timezone from CST to EST during search time?

Hi, Can you please help us in changing time from central to EST during search time? We have our server in central ...

by Path Finder in

How to use field name as the value passed into a lookup table?

| foreach p* [eval val='<>' | lookup wkst_risk_control asset_risk_position AS 'val'] I have 19 separate p extract...

by Communicator in

streamfwd ingestion of data from the pcap searching

Hi, Following the Documentation provided by splunk I triggered streamfwd from the command line for my pcap. http:/...

by Explorer in

How to add line break in the eval function?

Hi How to add the line break in the eval function base search|eval new = src_host+","+"Event Code="+EventCode...

by Builder in

Extracting a string from the search result

INFO : Start Outputing Report: Project ID:c_exactworld_17121, Format:EXCEL Above is my search result, and I wanna ...

by Engager in

How does this search work?

I am using the tag name in search query to filter down the app specific index, followed by "index=index1" to filter d...

by Engager in

How to set a field as the token to use in a dashboard?

I have a search which will return me field email id. index=snow description=*CPU* |table number sys_created_by ...

by Communicator in

How to generate a search for an exact word pattern?

Hi All, I want to search a word in Splunk in a certain field for example "foo" and will return the following: f...

by Explorer in

How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk?

Hi, I have a regex to allow certain data into Splunk via a transforms, and now I need to update it. I made some ch...

by Champion in

My first summary index - what am I doing wrong with the stats command?

Dear Splunk gurus, I am trying to use Summary Indexing to improve reporting times for a Print Analytics dashboard....

by Explorer in

([^\/]+)\/ REGEX meaning?

Can someone explain me wht that simple regex means?? Sorry for this simple question but this is very new to me. I und...

by Communicator in

Why are my search results are not matching the lookup table?

I am performing a search where I am making use of a CSV lookup and only get those results that match one of the field...

by Explorer in

How do I do SQL-like MINUS?

All OrderId This query gives all distinct orderID basesearch | dedup orderID | table orderID This query gives...

by New Member in

How do I sort my results from my sample data into different columns?

I have the below data that I want to sort and show up in different columns as 1. Device (that shows the different rp...

by Explorer in

Why does my search only give strptime output for one of three time values?

I have a field DATE_OF_BIRTH and the values are like 1962-09-30 00:00:00.0 1955-10-21 00:00:00.0 1988-10-31 00:00:00...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Facing issues in Regex of numbers

Add 2 columns in a table on applied condition

How to edit my case statement to work when added as a calculated field?

Splunk Query to list top CPU consuming process when utilisation is greater than 70%

How to restrict license report to slaves via lookup?

How to change timezone from CST to EST during search time?

How to use field name as the value passed into a lookup table?

streamfwd ingestion of data from the pcap searching

How to add line break in the eval function?

Extracting a string from the search result

How does this search work?

How to set a field as the token to use in a dashboard?

How to generate a search for an exact word pattern?

How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk?

My first summary index - what am I doing wrong with the stats command?

([^\/]+)\/ REGEX meaning?

Why are my search results are not matching the lookup table?

How do I do SQL-like MINUS?

How do I sort my results from my sample data into different columns?

Why does my search only give strptime output for one of three time values?

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging

Announcing General Availability of Splunk Incident Intelligence!

Compare two time frames with the same search

mvindex with a conditional

Calculate number of decimals

Can anyone tell me why Account ID and User Agent a...

Why does REST API return nested json as string not...