Splunk Search

Ask a Question

Discussions

Thread Info

Can we save the search result in SPLUNK SERVER?

I have a command on splunk server i.e.. " /splunk search ' .. | stats dc(f_name)' -uri " I have save the result...

by Explorer in

How would I examine a field and set another field based upon that value?

Hi, I have some hosts that follow naming conventions and I want to create and set another field based upon those n...

by Champion in

How do I edit my search to create a timechart with the mean per day for the top 5 pages in the last 7 days?

I'm sure this is probably easier than I'm making it, but I can't quite get what I want. In our hit logs we track f...

by New Member in

How to search ASA Built/Allowed events and the following Teardown event with the same source and destination IP?

Hi everyone, I'm trying to think of a way where I can find a built/allowed ASA event and the following teardown ev...

by Explorer in

How do I use a csv to identify search terms and correlate events with metadata?

I have an index of log data I am trying to search. I have a seperate csv file containing a list of about 40 searc...

by Path Finder in

Why is the search-time extraction being skipped for the first key-value pair within a particular field?

Looking for advice/suggestions to the following. I created a powershell function that makes getting data inside Splun...

by Communicator in

How to find outliers relative to a group average?

I have been working on this the last few days, but I am having trouble figuring it out. I'm looking for some pointers...

by Explorer in

How do I edit my search to divide an amount by 100 per month and display this in a timechart?

Hi, I'm trying to group all payments "amount" by month. The challenge is they're in cents, and I would prefer dol...

by Engager in

How to compare two fields from two indexes and display data when there is a match?

Hi, I want to compare two fields from two indexes and display data when there is a match. indexA contains fiel...

by Path Finder in

"Count Over" Statement not working

Hi , I am using two queries and then want to use the status from the first query and the DP_Time from the second quer...

by Communicator in

What is the best way to concatenate multiple separate field values into a combined new field?

Scenario background : I am searching email logs for all senders and recipients of specific subject. Each email is a c...

by Contributor in

How to include the count of unique error strings and the count of each error string in my alert email/PDF?

Hi, I have created a Splunk alert where it is taking the error strings from the log files and grouping the similar...

by Explorer in

How do I append new columns for different search results?

I wants to append multiple search results in separate columns. The following searches are fetched from different sour...

by New Member in

How to extract this field which may have multiple values separated by pipes? (offerId="ABC_79|ABC_80|ABC_81|ABC_56" or offerId="ABC_79")

Hi, Can you help me with the search to extract the following? The offerId may come in the log as offerId="ABC_79|...

by Path Finder in

How to build a datamodel like this ?

My data consists of pairs of files, lets call them file_A_1...file_A_n, and file_B_1...file_B_n, where file_A_1 is co...

by Communicator in

Join Search Hitting Row Limit - Stats Alternative

HI, I wonder whether someone may be able to help me please. I'm trying to put together a query which looks for two...

by Motivator in

Can I get field extraction for XML data that is a data field in a JSON event?

I have event data coming into Splunk as JSON, that's all fine and works great, but one of the fields they are going t...

by Explorer in

splunk chart issue

Hi , In splunk, I am trying to create chart for each day (24 hrs) with span of every minute. e.g. index="monito...

by Communicator in

Help Needed with Regular Expression

Hi All, i am newbie to splunk platform and seeking some help in writing a regular expression to pull a "" value f...

by Explorer in

How to edit my search to identify blocked network traffic and top the worst offenders?

Hello, I am trying to identify worst offenders for blocked traffic and then identify all of the locations they are...

by Explorer in

How do I search the network data model to track certain ports?

I'm very new to searching data models in Splunk and I want to search within my network data model to monitor certain ...

by Explorer in

How to count a specified keyword?

I have some syslog string like that: Jan 29 14:26:12 10.9.8.10 Jan 29 14:06:32 C420-PLOI91903V0YL fault-engined: %...

by Path Finder in

How to use substr to extract the first character of a string and keep all characters up until the first space character?

I have a string nadcwppcxicc01x CPU Usage has exceeded the threshold for 30 minutes &I where I would like to create a...

by Explorer in

Splunk DB Connect 1: Do Splunk dbquery jobs count against search limits?

Hi, I have customers using dbquery to augment Splunk dashboards (not joining the data, but presenting the data in ...

by Champion in

Regex search not working

So I have a couple of lines that I am trying to get info out of using regex and it's not going quite the way I was ho...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can we save the search result in SPLUNK SERVER?

How would I examine a field and set another field based upon that value?

How do I edit my search to create a timechart with the mean per day for the top 5 pages in the last 7 days?

How to search ASA Built/Allowed events and the following Teardown event with the same source and destination IP?

How do I use a csv to identify search terms and correlate events with metadata?

Why is the search-time extraction being skipped for the first key-value pair within a particular field?

How to find outliers relative to a group average?

How do I edit my search to divide an amount by 100 per month and display this in a timechart?

How to compare two fields from two indexes and display data when there is a match?

"Count Over" Statement not working

What is the best way to concatenate multiple separate field values into a combined new field?

How to include the count of unique error strings and the count of each error string in my alert email/PDF?

How do I append new columns for different search results?

How to extract this field which may have multiple values separated by pipes? (offerId="ABC_79|ABC_80|ABC_81|ABC_56" or offerId="ABC_79")

How to build a datamodel like this ?

Join Search Hitting Row Limit - Stats Alternative

Can I get field extraction for XML data that is a data field in a JSON event?

splunk chart issue

Help Needed with Regular Expression

How to edit my search to identify blocked network traffic and top the worst offenders?

How do I search the network data model to track certain ports?

How to count a specified keyword?

How to use substr to extract the first character of a string and keep all characters up until the first space character?

Splunk DB Connect 1: Do Splunk dbquery jobs count against search limits?

Regex search not working

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!