Splunk Search

Discussions

Thread Info

Does anyone have examples of using RegEx to convert a Syslog event to a delimited string?

I would like to convert a syslog event (no delimiters) to a delimited input at the Universal Forwarder. This would al...

by Path Finder in

Summary by domains and data size

Hello Splunkers, I have this query which looks for HTTPS connections on web proxy layer made by users when there i...

by Path Finder in

How to write a search which exclude events found in another source based on some string?

Hi, I am facing difficulties in forming one search. Details are following. Two different searches, Search1: ...

by New Member in

Create time range for each customer from adjacent time

Hi, Originally I generated a table from a Splunk query in the following form: CustomerID SeenTime 1234 8/5/2015...

by Path Finder in

How to use REX to extract the text within brackets prior to a key word?

I'd like to be able to extract the text within the brackets that is prior to the text that I'll be filtering on, [Err...

by New Member in

Divide Time Chart Results by 2

index=tibco sourcetype=troubtibco host=sc58ltibp02 OR host=sc58ltibp03 source="/tibco/prod/bw/6.2/domains/WebAPI/appn...

by Path Finder in

How to change the order of dynamic columns based on count?

There is a requirement to change the order of columns on the basis of count. for eg. A B C D 4 2 1 3 output should...

by Path Finder in

Sum up all the values using a delimiter when corresponding keys are different

I have Splunk logs as shown in below format from a Kafka server's topic metadata. Topic#No_Partion#No = [F1,F2,F3]...

by New Member in

How to assign a range in REGEX for filtering search results?

welcome to india : 0 welcome to india : 45 welcome to india : 123 welcome to india : 4999 welcome to india : 5000 wel...

by Path Finder in

How can I create a chart using the value for each drive in my sample data?

Hello I have the following event. Is there any way to create a chart using the value for each drive? Thank you in...

by Communicator in

How do I search for irregularities in the sequence of events?

Hi, I have created a search to get the order of specified Events from hosts. index=*SC "SPK CONLOC SERVER RECEI...

by Explorer in

How do I optimize the performance of this search with appendcols?

Hi , Can any one help with fine tuning this search? It's taking a long time to load. index=me sourcetype=access...

by New Member in

How to count the status (ERROR or SUCCESS) for the list of clients accessing the application

Hi, I am a newbie in Splunk Enterprise. I have to write a splunk query to get the status of the clients accessing the...

by Explorer in

How do real-time searches identify both index and search-time fields if it processes data that hasn't been indexed yet?

I have gone through the Splunk Docs. It's saying that real-time search is basically used to search events before they...

by Communicator in

Why is my regex in transforms.conf to filter Windows Events on a heavy forwarder not working?

Hi, I'm using the Syslog server to gather all my Windows events. Right now, I'm trying to use a Splunk Heavy forwa...

by Explorer in

Search for either of two values, given only one value

I'm trying to lookup all lines that have EITHER a Matching Name or Phone, when given ONLY the Name to search for. And...

by Path Finder in

Capturing the final value from the final event in a transaction?

I have created a transaction that may contain one or more of these three log level types logLevels i.e. METRIC/INFO/W...

by Builder in

After saving a search as an alert and choose "add to triggered alerts", why do I not see anything in triggered alerts?

I have been trying to save a search as an alert and make sure I "add to triggered alerts". It appears under settings>...

by Path Finder in

How to track state changes for RDP sessions and generate a report show durations with start and end times?

So I am looking for help, I guess I just found something I can't do with Splunk... and I know I'm wrong, only I can't...

by New Member in

How do I create a faceted, multi-filter search with counting over multiple fields?

I'm writing a generic search layer that allows our users to have drilldown, faceted search experience. This means tha...

by New Member in

How do I extract these two fields from my sample data with regex?

Hello, I have this log below and I would like to extract the field Message and Trace. When I use the regex created...

by Engager in

Loop through lookuptable to produce averages

Hello Splunkers, I have static values (user groups) that I need to loop through to produce the results for each of...

by Path Finder in

How to search for transactions where the first event, A, happens 1 minute after the start of the search time range to deal with time drift?

I am running a search for multiple events over a range of time. In that search, I want to only find events of one spe...

by Engager in

How to search a count of events by index-name every day and output a table with certain numeric and case formatting?

All I want is a table like this with a little style: _time INDEX1 (events) INDEX2 (events) INDEX3 (e...

by Contributor in

Convert bytes to GB

Splunk noob here. I've been visting this site for awhile now so i decided to create my own account so I can learn mor...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Does anyone have examples of using RegEx to convert a Syslog event to a delimited string?

Summary by domains and data size

How to write a search which exclude events found in another source based on some string?

Create time range for each customer from adjacent time

How to use REX to extract the text within brackets prior to a key word?

Divide Time Chart Results by 2

How to change the order of dynamic columns based on count?

Sum up all the values using a delimiter when corresponding keys are different

How to assign a range in REGEX for filtering search results?

How can I create a chart using the value for each drive in my sample data?

How do I search for irregularities in the sequence of events?

How do I optimize the performance of this search with appendcols?

How to count the status (ERROR or SUCCESS) for the list of clients accessing the application

How do real-time searches identify both index and search-time fields if it processes data that hasn't been indexed yet?

Why is my regex in transforms.conf to filter Windows Events on a heavy forwarder not working?

Search for either of two values, given only one value

Capturing the final value from the final event in a transaction?

After saving a search as an alert and choose "add to triggered alerts", why do I not see anything in triggered alerts?

How to track state changes for RDP sessions and generate a report show durations with start and end times?

How do I create a faceted, multi-filter search with counting over multiple fields?

How do I extract these two fields from my sample data with regex?

Loop through lookuptable to produce averages

How to search for transactions where the first event, A, happens 1 minute after the start of the search time range to deal with time drift?

How to search a count of events by index-name every day and output a table with certain numeric and case formatting?

Convert bytes to GB

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions