Splunk Search

Discussions

Thread Info

Data Trim

I have some questions regarding data trim. From which version data trim has been added? What is the parameter t...

by Contributor in

How to parse events before indexing?

Hi Splunk Experts,I want to break all lines as a single Line event [\r\n]. But if there are logs with stacktrace I wa...

by Contributor in

How to display Dashboard Studio Map display simply information?

Dear All how to display simply infor when i move mouse over the point in the map? when i move mouse over the po...

by Explorer in

How to get data for last week and current week?

I have data stored in the csv file, which contains the time field. I want the data for complete last week and also th...

by Engager in

Selected Fields - Open in new tab (or window) - Value does not carry over.

There are several topics related to this , but it seems they not exactly what im asking (ie those are related to cust...

by Path Finder in

How to compare multivalue fields? Union, intersection, membership tests

When comparing multivalue fields, there are a number of relationships one might be interested in. Equality is easy ...

by Explorer in

Splunk SaaS licensing usage ovetime per index.

Please let me know the Splunk SaaS cloud licensing usage over time per index.

by Explorer in

How to Extract Fields from web_input app?

How would you extract fields from this Data, I would like to extract the panel ID, watts, grid Hz, grid voltage and t...

by Explorer in

How to create a Splunk search for the following problem?

My base search PAGE_ID=*| where PAGE_ID=DGEFH OR PAGE_ID =RGHJH NOT NUM_OF_MONTHS_RUN>=6 AND NOTNUM_OF_INDIVIDUA...

by Communicator in

How can we use tstats with TERM and PREFIX?

I'm trying to run - | tstats count where index=wineventlog* TERM(EventID=4688) by _time span=1m ...

by Motivator in

How to merge using time range and some duplicated field values?

Hello, I have a table with the following fields from an email security system that are duplicated within a time ra...

by Path Finder in

How to create Multi-line linechart?

Guys, I have a very simple output that looks like: weekcartotalbroken31Volvo1002031Hyundai1301031Ford2404432Volvo9...

by Loves-to-Learn Lots in

How to create a search for timechart plotting for top entity based on sorting?

Hi i have a table where i obtained the values after sorting PCT_FREE in ascending order now i want to plot a timechar...

by Builder in

How to use existing csv date-time fields for earliest and latest in new subsearch?

Hi I am struggling with an issue for days now but keep running in circles, any help is much appreciated.Below you fin...

by Contributor in

What is the capability so the user will be able to upload file with "add data" option ?

Hello what is the capability so the user will be able to upload file with "add data" option ?

by Communicator in

How to create a search for matching next line?

Hi Splunk Experts, I want to search for a word and then print the current matching line & the immediate next line....

by Contributor in

Active Directory auditing: What's the best way to get it done?

Hello, I'm trying to figure out the best way to report/alert on active directory change events. I have admon/event...

by Explorer in

How to create an alert with multiple searches?

Hello, I have an alert that sends an email when there are x authentication failures , this works fine and returns ...

by Explorer in

How to return a url only to the 2nd slash?

So, this PCRE regex works in testers, but not on Splunk. ^((http[s]?):\/)?\/?([^:\/\s]+)((\w+)*\/){2}) ...

by Explorer in

Linux Dat Set Version

Needing some help building a dashboard that will display the Dat Set Version of all Linux machines on the network. An...

by New Member in

table with fields and count related by another field

Hi, i have the following case, An operation has multiple events and every event of an operation is related by...

by Explorer in

How do I get the difference between the number of events

I am ingesting advanced hunting logs and I have a main dashboard where I present the number of events per Event Categ...

by Path Finder in

Searching Cisco ASA sourcetype in Splunk

Hello All, I would like some suggestions. I am trying to search the Cisco ASA sourcetype in Splunk for the current ...

by Builder in

Changing _time in a savedsearch

I have a set of data that I upload into Splunk every morning as a .csv file because the tool doesn't feed the particu...

by Explorer in

If a value contains a value it changes to another.

Hi Iam looking to create an if statement: if value contains part of another value it changes it too another value....

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Data Trim

How to parse events before indexing?

How to display Dashboard Studio Map display simply information?

How to get data for last week and current week?

Selected Fields - Open in new tab (or window) - Value does not carry over.

How to compare multivalue fields? Union, intersection, membership tests

Splunk SaaS licensing usage ovetime per index.

How to Extract Fields from web_input app?

How to create a Splunk search for the following problem?

How can we use tstats with TERM and PREFIX?

How to merge using time range and some duplicated field values?

How to create Multi-line linechart?

How to create a search for timechart plotting for top entity based on sorting?

How to use existing csv date-time fields for earliest and latest in new subsearch?

What is the capability so the user will be able to upload file with "add data" option ?

How to create a search for matching next line?

Active Directory auditing: What's the best way to get it done?

How to create an alert with multiple searches?

How to return a url only to the 2nd slash?

Linux Dat Set Version

table with fields and count related by another field

How do I get the difference between the number of events

Searching Cisco ASA sourcetype in Splunk

Changing _time in a savedsearch

If a value contains a value it changes to another.

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!