Splunk Search

Ask a Question

Discussions

Thread Info

How to select the value of a field where another field equals a specific value?

Hi! I have a search query problem that's wrecking my newbie brain. I have log events that look like this: ...

by Engager in

How can I resolve this syntax error?

Hi All I have a room mailbox in office365 and i want to get the information of how many meetings were booked for o...

by Explorer in

How to extract a field in using regex?

I am relatively new to Splunk and I am trying to extracting fields in Splunk, I have a pattern I am attempting to...

by Communicator in

How to make a for loop query from a lookup table?

I have a lookup table from which I need to read the IP addresses one by one, perform calculations on each address, an...

by Loves-to-Learn Lots in

Why is heavy forwarder not sending _audit and _internal logs to indexer?

Hi All, We noticed that one of our Heavy Forwarder has not been sending _audit and _internal logs to our indexer. ...

by Path Finder in

Email regex from mail.log to extract 2 email addresses, display them in a table?

I have mail.log. This is displayed in the "Event" column: May 24 14:02:05 srv7 amavis[10129]: (10129...

by Engager in

Why does Dropdown retain entries from old query result?

I have a query for for my dropdown with tokens inserted here and there and whenever the values on those tokens change...

by Explorer in

Nessus data charting- How to make a trend chart of specific data set?

I am making a trend chart of specific data set. What I am looking for is (generic example)index=nessus | eval Month=s...

by Path Finder in

How to execute/ignore block of code based on token values?

I have a union [] command that I want to execute only if a check box is checked, how can I manage this? SPL2 branch d...

by Explorer in

What is the quickest and safest way to move indexed data from one location to another?

What's the quickest and safest way to move indexed data from one location to another? I have data that is currently s...

by Explorer in

How to convert multiple individual json objects into a nested json object in an event ?

I want to convert some of the below individual json objects in the event into nested single json object like the seco...

by Contributor in

How to convert multiple individual json objects into a nested json object ?

I want to convert some of the below individual json objects in the event into nested single json object like the seco...

by Path Finder in

How to search or extract specific key/value pair from array?

Using the Splunk addon for AWS to collect ec2 instance metadata I get an array called tags with key/value pairs such ...

by Loves-to-Learn in

How to correlate similar field values together and adding totals?

I am trying to use a lookup we use to track usage of exceptions in one of our platforms so that we can remove unneede...

by New Member in

How to create multiple values in time chart based on dropdown menu token?

I am looking to have a time chart table that has a dropdown menu based on a token, be able to show all of the values...

by Path Finder in

How to get that file to be replicated to the other search heads?

I have a cron job that creates a lookup file under $splunkhome$/etc/apps/search/lookups on one of the search heads. H...

by Engager in

How to extract field names from an object or nested JSON field?

For these following two events: { "people": { "bob": 172, "maria": 161 } } { "people": { "bob": 172, "g...

by Engager in

How to combine two lookups?

On Splunk, I have the following 2 searches: 1) `ABC_logs(traffic)` user != "unknown" src_ip IN (*) dest_ip I...

by Builder in

How to make timechart with ratio failed/total ?

This is my search: message_data_type=gd*| timechart count by message_data_type limit=10 These are my results: ...

by Engager in

How to apply regex to a field?

Hello Splunkers, i want to to extract a 10-digit path from a url but unfortunately i always get this error: ...

by Explorer in

How to update table only with the values filtered on dropdown selection?

I have a table with 3 different csv files that I have to show, with different values. When I select the value that ...

by Explorer in

How to return count column in the existing search?

Hello, I have below search query index=my_index openshift_cluster="cluster009" sourcetype=opensh...

by Path Finder in

Federated Search Questions- Authentication option and Indexers?

Regarding Federated search: Is the only authentication option username and password? We use SSO on the remote sear...

by Path Finder in

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

Hi Splunkers!Any one able to assist me with a search that I am trying to create below. I want to extract some data fr...

by Path Finder in

How do I evaluate on column in space and tab delimited logs?

Hello all. I have a log file that looks like this; PROCESS UP STATUS RESTARTS AGEPROCESS1 2/2 Running 0 6d...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to select the value of a field where another field equals a specific value?

How can I resolve this syntax error?

How to extract a field in using regex?

How to make a for loop query from a lookup table?

Why is heavy forwarder not sending _audit and _internal logs to indexer?

Email regex from mail.log to extract 2 email addresses, display them in a table?

Why does Dropdown retain entries from old query result?

Nessus data charting- How to make a trend chart of specific data set?

How to execute/ignore block of code based on token values?

What is the quickest and safest way to move indexed data from one location to another?

How to convert multiple individual json objects into a nested json object in an event ?

How to convert multiple individual json objects into a nested json object ?

How to search or extract specific key/value pair from array?

How to correlate similar field values together and adding totals?

How to create multiple values in time chart based on dropdown menu token?

How to get that file to be replicated to the other search heads?

How to extract field names from an object or nested JSON field?

How to combine two lookups?

How to make timechart with ratio failed/total ?

How to apply regex to a field?

How to update table only with the values filtered on dropdown selection?

How to return count column in the existing search?

Federated Search Questions- Authentication option and Indexers?

How to create the proper search to extract all of the fields and their respective field_values from the sample data?

How do I evaluate on column in space and tab delimited logs?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown