Splunk Search

Discussions

Thread Info

Are there set guidelines for Splunk search best practices, and are there any other resources on this topic?

I am not sure exactly how to ask this question, so I will try to just dive right in. Background: I work for a comp...

by Explorer in

How can I count the total IDS alerts per host within subnet?

I would like to create a search to show the number of IDS alerts per host. The problem I'm having is that I'm unable ...

by Path Finder in

How to write the regex to extract fields from my sample XML data?

Sample data: <id>WGBSTH8180T</id> <sytems> <sys_Id>14502</sys_Id> <name>GY...

by Builder in

How to add extra fields to timechart

I have the following search: index=main_index sourcetype=Perfmon:InboundPSTNCalls | timechart span=5min avg(Value...

by Path Finder in

How to write a search using a CSV file to display a list of lent materials by user based on status?

Hello, I have a list of assets like this: date,material,username,status 01/12/15,"IPad #4654654",eric,lent 01/1...

by Explorer in

How to show the duration on the Time Chart as a tool tip in Simple XML?

How to show the duration on the Time Chart as tool tip in Simple XML? Do we have any parameter? I know that works ...

by New Member in

What character is Splunk using for line breaks in a multiline event?

I have inputs configured to allow for multiline events, representing groups of log lines. I'm then using it to build ...

by Communicator in

How to count field values from two indexes and plot this on a graph?

I have 2 indexes: index=report and index=fixed Both have the same field ticket. When a ticket is reported, it goes...

by Explorer in

How do I search Active Directory logon failure activity to display time, username, event id, and computer name in a table?

Hi , I would like to write a search for logon failure on active directory and results should include the columns l...

by Engager in

Regex field values into new fields

Hello Splunkers, I am trying to take the values from an existing field/value pair and put them into new fields. ho...

by Contributor in

How do I group one field's values by another field?

I have a search ...|table measInfoId that gives output in 1 column with the values e.g. measInfoId 1x 2x 3x ... ...

by Motivator in

Why am I getting an invalid timestamp using append and appendcols in my search?

I am working with append and appendcols in a search, but getting an invalid timestamp. My search looks like this, ...

by Motivator in

How do I edit my inputlookup search to alert on missing data sources?

I've constructed a lookup table containing some key data sources that I expect to see events from on a daily basis. ...

by Contributor in

Regex for changing date

Hi, I want to check daily if my file generated successfully. The filename is prefixed by date so e.g. 3 march i...

by Path Finder in

After saving my search as a report on the dashboard, why is the chart data incomplete?

We have data like this: TestPath 200 202 500 302 /test/v1 51 0 0 0 /t...

by Path Finder in

Wildcard search not working on splunk search bar.

When I try to search for hostname (ks75rhel) typing it in the search bar, I'm not getting any results. I tried the fo...

by Builder in

Why am I getting regex error "unrecognized character" with my current rex syntax?

Hello Everyone, I have a problem with Splunk 6.3 when I am trying to run the rex statement: | rex "WTIDCCN[-_]\...

by Explorer in

How to configure Splunk to extract fields from XML tags?

Hi! I know there are many topics on XML field extractions, but did not see one that matches my requirement! I r...

by Splunk Employee in

Convert negative seconds to duration

I have a column of seconds, some of which are negative (representing an outage). I want to use tostring(duration, "du...

by Path Finder in

Error: [JobManager module] 'str' object has no attribute 'os_startIndex'

We were running Splunk 6.2.2. When looking for jobs that ran, under "Activity - Jobs", it shows the first 10 results ...

by New Member in

How to match IPs from two different sources, count the number of matches, and extract another value from the matching events?

Hello, I have two different types of data inputs, both having a field that represents an IP (let's call the list o...

by New Member in

How to edit my search to add a trend line to a Splunk line chart?

Hi, I'm trying to add a trend line to my splunk line chart, but no trend line is appearing. Original search str...

by New Member in

How to Convert epoch time to human readable format?

Hi everyone, I have the following event: "... src=218.2.3.256 act=block app=ips rt=1433065461040 ...." The rt f...

by Path Finder in

Why is my search to create a range of values not returning any results?

Hello, I'm trying to run this search in order to range the values: index=prod GetClientStateNotFound | rex "Acc...

by Path Finder in

How to write a search to calculate percentages for success and failure rates from my user log data?

I am trying to write a search that reports the percentage of total users impacted from log data. // All users wil...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Are there set guidelines for Splunk search best practices, and are there any other resources on this topic?

How can I count the total IDS alerts per host within subnet?

How to write the regex to extract fields from my sample XML data?

How to add extra fields to timechart

How to write a search using a CSV file to display a list of lent materials by user based on status?

How to show the duration on the Time Chart as a tool tip in Simple XML?

What character is Splunk using for line breaks in a multiline event?

How to count field values from two indexes and plot this on a graph?

How do I search Active Directory logon failure activity to display time, username, event id, and computer name in a table?

Regex field values into new fields

How do I group one field's values by another field?

Why am I getting an invalid timestamp using append and appendcols in my search?

How do I edit my inputlookup search to alert on missing data sources?

Regex for changing date

After saving my search as a report on the dashboard, why is the chart data incomplete?

Wildcard search not working on splunk search bar.

Why am I getting regex error "unrecognized character" with my current rex syntax?

How to configure Splunk to extract fields from XML tags?

Convert negative seconds to duration

Error: [JobManager module] 'str' object has no attribute 'os_startIndex'

How to match IPs from two different sources, count the number of matches, and extract another value from the matching events?

How to edit my search to add a trend line to a Splunk line chart?

How to Convert epoch time to human readable format?

Why is my search to create a range of values not returning any results?

How to write a search to calculate percentages for success and failure rates from my user log data?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions