Splunk Search

Ask a Question

Discussions

Thread Info

Can I edit my search or a filter field to search for multiple UserIDs as an input on my dashboard?

Hello, In one of my dashboards, I am using a filter field to search for one UserID. Can I edit my search or my fil...

by Path Finder in

Regex Help in splunk 6.1.3

The following were the different strings visible in my splunk search results… "SYSTEM_USE_CD" : "C" "SYSTEM_RSP_CD...

by Builder in

How edit my search to display a missing field from one table that is found in another table?

I have two CSV files: one is has Server and Customer Name and the other also has the same, but it comes from RV Tools...

by New Member in

SNMPTrap setup - no trap written in snmptrapd.log

Hello, I know it is not a direct Splunk question, but I'm trying to SNMP Traps into Splunk and hope someone could ...

by Communicator in

How to change the format of a date from "ddmmyyyy" to "dd/mm/yyyy" in a search?

Hi, I wonder whether someone could help me please. I'm using a date field in the format ddmmyyyy Could some...

by Motivator in

How do I write a search to change the format of a date from "1942-01-24" to "24/01/1942"?

Hi, I wonder whether someone may be able to help me please. I have a date in one of my searches which is in th...

by Motivator in

How do we get a copy of the Splunk Quick Reference Guide?

How do we get a copy of the Splunk Quick Reference Guide for download?

by Splunk Employee in

How to make multiple field extractions from my sample data?

Hi, I have my logs with multiple events for which I have to make field extractions. From the first timestamp, I ha...

by Communicator in

How to extract multiple field values

Hi, I have sample logs data given below. Now I want to make Multiple field extractions like from the first time...

by Communicator in

Average sessions per hour

I am trying to calculate the average number of sessions per hour based on "off hours" 5pm to 9 am. I have the time ra...

by Explorer in

Count identical messages as a total value in the results

Hi guys, What i would like to do is display as a count the number of times an identical message is seen in the Mes...

by New Member in

If I have a field value with double quotes, how do I get a Splunk search to ignore the double quotes to display the entire value?

HI All; I have data which contains many events like this: event_name="test" action_name="widgets_panel" action_...

by Path Finder in

Hi all, i have been trying to figure out how to use timechart with percentages. I have the following command which gives me the percentages but have not sucessfully able to use this with timechart.

index=alarm* host="" Message.EventCategory="Error" OR "ERROR" | stats count as Error| eval Events= [search "" | stats...

by New Member in

Loglines with standard fields followed by kv pairs.

I've got a bunch of loglines that are very boring key value pairs - comma separated list of key=value. (So far, so go...

by Path Finder in

DB Connect: Error in 'script': Getinfo probe failed for external search command 'dbquery'

Hello Everyone, I'm running Splunk Enterprise 6.2 and have the DB Connect app configured to communicate with a local ...

by Explorer in

Searching over list from subsearch

I don't seem to be able to wrap my head around this search. I have a set of data that uses a unique ID to tie a chain...

by Path Finder in

Can I have multiple panels using the same inline search result?

Hi I have five panels in a dashboard and three of those five panels are using the same inline search results. Is ...

by Builder in

Can anyone help clarify why splunk sometimes indexes duplicate events from one log file?

I've been all over related questions in Splunk base, but I have not found out why exactly Splunk will sometime index ...

by Path Finder in

Regex Only Returning Partial Field Values

Hi, I wonder whether someone may be able to help me please. I've put together the following regex to extract th...

by Motivator in

Group results by a keyword in a particular field

Hi, I am trying to group (bring together) the results by a keyword in a certain field. For example, I want to gro...

by New Member in

How can I find out how much space I have left without using CLI?

by Explorer in

fill chart x-axis if data is missing

Hi, I have a search, want to show two lines of counts by min in a chart. Want to have value 0 if there is no result i...

by Explorer in

How should I convert my bar chart to a meaningful pie chart?

I have a search which returns transaction status for each resource. Resource A: Transacation Status = Success And Tr...

by Communicator in

How to run a different rex extraction only if another rex extraction did not find anything to extract?

Hi all, So I'm currently using this extraction: | rex "(?m)Package:\s+SEA.ha(?:\n|.)*?MS:(?<MS>\s+\d+\-\d+\S\S...

by Path Finder in

Can you validate an eval with an input?

I have a search that takes all enquiry and certain application response times and then counts them to display how man...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can I edit my search or a filter field to search for multiple UserIDs as an input on my dashboard?

Regex Help in splunk 6.1.3

How edit my search to display a missing field from one table that is found in another table?

SNMPTrap setup - no trap written in snmptrapd.log

How to change the format of a date from "ddmmyyyy" to "dd/mm/yyyy" in a search?

How do I write a search to change the format of a date from "1942-01-24" to "24/01/1942"?

How do we get a copy of the Splunk Quick Reference Guide?

How to make multiple field extractions from my sample data?

How to extract multiple field values

Average sessions per hour

Count identical messages as a total value in the results

If I have a field value with double quotes, how do I get a Splunk search to ignore the double quotes to display the entire value?

Hi all, i have been trying to figure out how to use timechart with percentages. I have the following command which gives me the percentages but have not sucessfully able to use this with timechart.

Loglines with standard fields followed by kv pairs.

DB Connect: Error in 'script': Getinfo probe failed for external search command 'dbquery'

Searching over list from subsearch

Can I have multiple panels using the same inline search result?

Can anyone help clarify why splunk sometimes indexes duplicate events from one log file?

Regex Only Returning Partial Field Values

Group results by a keyword in a particular field

How can I find out how much space I have left without using CLI?

fill chart x-axis if data is missing

How should I convert my bar chart to a meaningful pie chart?

How to run a different rex extraction only if another rex extraction did not find anything to extract?

Can you validate an eval with an input?

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6