Splunk Search

Discussions

Thread Info

How to find the length of the string using len(string) function

Hi, I am trying to extract a corId from the log and find the length of the corId. when searching am able to succes...

by Engager in

SPlunk Query-Logins and failure

Hi, Can someone please suggest us a query we can build to find successful login and failed attempts in a separate que...

by Path Finder in

How can i do Subtraction cycle?

Hi, I have calculate avg values, but i want do subtraction cycle like values=1,2,5,7,10;sum=25;avg=5 show: 5...

by Path Finder in

Weird behavior with the pow()-function

Basically what goes wrong is that the pow() function seems to act weird when exceeding anything above the power 23. T...

by Path Finder in

How to create a "sliding" maxspan on transaction?

Hello all, I want to make a kind of sliding maxspan on transaction. What maxspan usually does in transaction is c...

by Explorer in

Can we name the addcoltotals field in a bar chart?

I ran this search: .....| chart count by TYPE | addcoltotals labelfield=total and got these results: type...

by Builder in

What is the correct syntax to get the 90 percentile for Response Time in a Splunk search?

I want to plot the 90 percentile response time in Splunk. Is the below correct? | timechart p90(ResponseTime) ...

by New Member in

How do I edit my rex statement to extract fields from a raw string of repeated text into a table?

Used the following command rex "(?\d+)\[(?\-?\d+\.?\d+)\]"| table ..., but the entire string gets extracted into a si...

by Explorer in

How to search and compare virus alert data to see if a client had an infection that was not removed, but was successfully removed later?

Hi all We have virus alerts in Splunk. What I would like to do is to create on overview to check if a certain clie...

by Engager in

Regex to extract varying string

Hello.. I am attempting to extract a string of varying format using regex. I have successfully extracted part of t...

by Communicator in

How to join data from a database to an event with multiple values for a field in the same event?

So the basic idea of this is I have an event that has multiple entries within the same Data field. I need to join inf...

by New Member in

How do I edit my transforms.conf to properly extract these fields from my sample data?

Hi All. I want to extract fields from the following log data. headerName=Host, Connection, Accept, headerValue=...

by Communicator in

Getting errors for every search I run

Hi All, I am getting below error for every search I am rinning for Summary indexing. Search process did not exi...

by New Member in

How do I use lookup to list all records on a specific field

I have a sourcetype that contains application (SYS_ID) information. I also have a table that contains the responsible...

by New Member in

why fields should be extracted from raw data in splunk?

why we need to extract fields from machine data?

by New Member in

How to search DHCP lease times for specific hosts and how long a host had a specific IP address?

Hi All, I'm currently working on a Splunk search that will show me DHCP leases for specific hosts and how long a h...

by Explorer in

Field manipulation using SED

I am testing using Splunk to index a minecraft server, but have some problem with user name. Lines look like this: ...

by Builder in

How can I do a stable sort?

I am trying to create a view that merges log records from various files, ordered by their timestamps. This works nic...

by Engager in

Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end

I am looking for a way to identify the start and end of a burst of events that has hundreds of thousands of events in...

by Explorer in

eval expression to create a field with values more than other field

Hi all. I have a field called src with values like: 348 55666 77666 95670 23456 I want to create a new fie...

by Builder in

How to edit my rex statement to ignore line breaks to extract the entire value for a certain field?

Hello, I have an event like this: 2016-03-04 00:02:05,546 DEBUG [net.ussouth.aps.shared.util.SysLogUtil] <?xm...

by Explorer in

Are there set guidelines for Splunk search best practices, and are there any other resources on this topic?

I am not sure exactly how to ask this question, so I will try to just dive right in. Background: I work for a comp...

by Explorer in

How can I count the total IDS alerts per host within subnet?

I would like to create a search to show the number of IDS alerts per host. The problem I'm having is that I'm unable ...

by Path Finder in

How to write the regex to extract fields from my sample XML data?

Sample data: <id>WGBSTH8180T</id> <sytems> <sys_Id>14502</sys_Id> <name>GY...

by Builder in

How to add extra fields to timechart

I have the following search: index=main_index sourcetype=Perfmon:InboundPSTNCalls | timechart span=5min avg(Value...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find the length of the string using len(string) function

SPlunk Query-Logins and failure

How can i do Subtraction cycle?

Weird behavior with the pow()-function

How to create a "sliding" maxspan on transaction?

Can we name the addcoltotals field in a bar chart?

What is the correct syntax to get the 90 percentile for Response Time in a Splunk search?

How do I edit my rex statement to extract fields from a raw string of repeated text into a table?

How to search and compare virus alert data to see if a client had an infection that was not removed, but was successfully removed later?

Regex to extract varying string

How to join data from a database to an event with multiple values for a field in the same event?

How do I edit my transforms.conf to properly extract these fields from my sample data?

Getting errors for every search I run

How do I use lookup to list all records on a specific field

why fields should be extracted from raw data in splunk?

How to search DHCP lease times for specific hosts and how long a host had a specific IP address?

Field manipulation using SED

How can I do a stable sort?

Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end

eval expression to create a field with values more than other field

How to edit my rex statement to ignore line breaks to extract the entire value for a certain field?

Are there set guidelines for Splunk search best practices, and are there any other resources on this topic?

How can I count the total IDS alerts per host within subnet?

How to write the regex to extract fields from my sample XML data?

How to add extra fields to timechart

Thanks for the Memories! Splunk University, .conf25, and our Community

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions