Splunk Search

Discussions

Thread Info

How do I split the values of a field which have a pattern?

I have a field called 'indication' which has values in the form of text - 123.1. I'm trying to set up an alert to det...

by New Member in

Incorrect Rex Expression

Hi, I wonder whether someone could help me please. I'm trying to put together a rex to extract the First Name from...

by Motivator in

HTTP Event Collector: Why am I getting "Null" for event data using eval to concatenate field values?

Hi, I'm trying out the new HTTP Event Collector, but I'm having problems searching the data. Basically, the raw...

by Builder in

Calculate the percentage difference of search 1 to search 2?

Hi I have two different searches and two different results as follows Search 1: index="xyz" ".handleCommit...

by Builder in

How do I optimize the performance of a dedup search or prevent the search job from expiring?

I am trying to perform a search of our network logs and it seems to be really bogging down our Splunk server. I am tr...

by Path Finder in

How do I plot a static value over time that is derived from the total count as an overlay on the count per day?

I'd like to plot in a timechart the count of events over the last 30 days. In addition to this, I'd like another line...

by New Member in

How to write regex to extract different pattern of data

Hi everyone. I'm new for splunk. I'm learning splunk using splunk's documents in website. Now I'm learn to splu...

by Explorer in

Using saved search results on a dashboard not working

I've got a saved search configured on a schedule and if I click on "view recent" I can see recent runs and if I click...

by Communicator in

How do I show fastest growing products?

Hello, I have a shop that sells different kind of products. Usually I have a search to show me the top 10 products...

by Engager in

How to calculate average of value pairs within a field

I need to extract value pairs from a field (string=integer) and then calculate the average of each of the strings. ...

by New Member in

How do I extract these fields from my data using rex?

Hi, I wonder whether someone could help me please. I have a field called detail.cid-repsonse which looks like ...

by Motivator in

How to calculate the average time between two different events?

We have a Hotspot server where we like to get the average time from when a user requests an SMS to the time the user ...

by Builder in

How to make dashboard for the different events with the help of extraction

I have logs here given below in which there are different companies like wienerberger_de, veolia-uk, XeroxFinland_fi,...

by Communicator in

How to enable / disable table element drilldown through java script

Hi All, I was having a requirement to enable / disable table element drilldown. i mean if my SH is a Job server i ...

by Motivator in

timechart and metadata

Hi, I have two indizes: dbtrace and dbmsg. The 1st "dbtrace" has trace recs of bags, the 2nd "dbmsg" stores the error...

by Explorer in

Why am I getting unexpected results when searching a summary index over a "large" timespan?

I am new to summary indexing, but I've tried to follow the documentation and create a scheduled search that saves the...

by Engager in

Using KV_MODE=auto in props.conf, how do I get a search-time extraction to work for key-value pairs with a preceding "?" character?

I use kv_mode = auto in my props.conf and it works most of the time. The only time when it fails to extract is when t...

by Explorer in

How to search which forwarder is sending the most data to an indexer?

How can I determine which forwarder is impacting the indexer the most? I have an index taking up 53 gigs of space wit...

by Communicator in

How can I search and graph the number of people with a specific status (or multiple statuses) for a certain period of time?

I have a system that tracks the status of various users. For example a user could be: In the office, Out of the offic...

by Communicator in

How to search the different versions of a particular software in my environment?

I am looking for assistance in finding the different versions of a particular software in my environment.

by New Member in

How to normalize event counts of disparate data extracts with different polling intervals in a single timechart?

This is a follow up question to a previously answered question I asked on timechart counts (here). Now that I've ...

by Explorer in

How to produce a human readable date from $earliest$ or $latest$ variables from a date picker?

I have a dashboard form which contains several panels and are arranged in a 2 up format. The first column is the firs...

by New Member in

How to Mask Sensitive Data at end of the first line in a multiline event at index-time?

I have a multiline event and want to mask the sensitive data at the end of line 1, in the below sample data any word ...

by Communicator in

Multiply value by 100.

I have the following search index="commercial_performance" Cat1="Unit Cost Modelled Standard Activity Rate" Value...

by Explorer in

What is the proper syntax to pass time parameters in a search via CLI?

I am trying to run the search command at the CLI, passing a time range. I've studied all the docs and answers I can f...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I split the values of a field which have a pattern?

Incorrect Rex Expression

HTTP Event Collector: Why am I getting "Null" for event data using eval to concatenate field values?

Calculate the percentage difference of search 1 to search 2?

How do I optimize the performance of a dedup search or prevent the search job from expiring?

How do I plot a static value over time that is derived from the total count as an overlay on the count per day?

How to write regex to extract different pattern of data

Using saved search results on a dashboard not working

How do I show fastest growing products?

How to calculate average of value pairs within a field

How do I extract these fields from my data using rex?

How to calculate the average time between two different events?

How to make dashboard for the different events with the help of extraction

How to enable / disable table element drilldown through java script

timechart and metadata

Why am I getting unexpected results when searching a summary index over a "large" timespan?

Using KV_MODE=auto in props.conf, how do I get a search-time extraction to work for key-value pairs with a preceding "?" character?

How to search which forwarder is sending the most data to an indexer?

How can I search and graph the number of people with a specific status (or multiple statuses) for a certain period of time?

How to search the different versions of a particular software in my environment?

How to normalize event counts of disparate data extracts with different polling intervals in a single timechart?

How to produce a human readable date from $earliest$ or $latest$ variables from a date picker?

How to Mask Sensitive Data at end of the first line in a multiline event at index-time?

Multiply value by 100.

What is the proper syntax to pass time parameters in a search via CLI?

Access Tokens Page - New & Improved

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Possible to output a literal string with backslash...

Unable to use conditions against datamodel

Event time is not showing correctly on Dashboard t...

Load Balancer

Dowloading results of table to .csv file