Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
konishi_taisuke

Can I copy configurations (dashboards, searches, etc.) which were set up on a Splunk server to another one?

I'd like to copy Splunk configurations such as dashboards, searches, etc. on a Splunk server to another one. Is it p...
by konishi_taisuke New Member in Splunk Search 12-03-2015
0 2
0
2
LWilliamson1

Can splunk convert a date to epoch time if the year is 1970

When running the search: | eval startTime="1970-01-01"| eval dateadded_epoch = strptime(startTime, "%Y-%m-%d")| tab...
by LWilliamson1 Explorer in Splunk Search 12-03-2015
3 3
3
3
jsven7

Count Open Sessions

Hi all. I'm trying to make a gauge that counts the amount of logged on users. Stuck on figuring out how to classify a...
by jsven7 Communicator in Splunk Search 12-03-2015
0 4
0
4
rachelneal

Need string minus last 2 characters

I am trying to set a field to the value of a string without the last 2 digits. For example: Hotel=297654 from 29765...
by rachelneal Path Finder in Splunk Search 12-03-2015
0 6
0
6
richgalloway

How to use a field in SingleValue label?

I'm using singleValue fields to display status values and icons in my dashboard. I'd like to use the reltime command...
by SplunkTrust SplunkTrust in Splunk Search 12-03-2015
0 4
0
4
dbousquin

Splunkd is filling the Security eventlog with Process creation messages

New Splunk user here: We have an auditing requirement to audit process creation messages. It appears that the splun...
by dbousquin New Member in Splunk Search 12-02-2015
0 1
0
1
nidhiagrawal

I need to extract xml tag values, but I dont want to use spath. how can i do it using regex?

Here is the sample xml. There will be only one of the below tags in xml. <refToMessageId>-fd9035a:151642200c0:-37c...
by nidhiagrawal Explorer in Splunk Search 12-02-2015
0 3
0
3
rkanumula

How to remove the space between column name and column data in the heading of the internal workflow menu when clicking on a column heading of results in the Statistics tab?

Hi, I am using the search below to display the events: index=a|table emp_id, emp_name, emp_sal but i am getting t...
by rkanumula Path Finder in Splunk Search 12-02-2015
0 9
0
9
santorof

TimeChart multiple Fields

I am trying to do a time chart that would show 1 day counts over 30 days comparing the total amount of events to how ...
by santorof Communicator in Splunk Search 12-02-2015
0 15
0
15
cphair

can extract pairdelim be limited to a single field?

Splunk automatically extracts certain fields in my Windows event logs, the ones that are specified key=value. Someti...
by cphair Builder in Splunk Search 12-02-2015
0 2
0
2
vmnguyen

How to join two sources based on two search fields?

I have two sets of data: 1. sourcetype=app "DEBUG A" function=UpdateCartItemStatus status=Rejected 2. sourcetype=ap...
by vmnguyen New Member in Splunk Search 12-02-2015
0 5
0
5
DMohn

Find latest login per user and IP-Address

Hey Splunkers, I hope someone can help me finalizing my search. I am trying to find out, if there are any users in m...
by DMohn Motivator in Splunk Search 12-02-2015
0 12
0
12
markwymer

Ignore Dynamic KV Creation

Hi, I'm trying to get to grips with CIM and am getting there slowly, however, I hit a snag that I can't seem to get ...
by markwymer Path Finder in Splunk Search 12-02-2015
0 5
0
5
clairebesson

How to create one table by combining a common field with different field names from two sources?

Hi everyone, I am trying to combine two sources with a common field. The first source has the field LAN MAC Address...
by clairebesson Explorer in Splunk Search 12-02-2015
0 10
0
10
tonifrommknecht

If I have a field containing the size of a single packet, how can I search the size of used network traffic by source IP?

Hello, I have to find out the used network traffic by source IPs. I've got a field which contains the size of a sing...
by tonifrommknecht Engager in Splunk Search 12-02-2015
0 1
0
1
ssaenger

Can I rename a range in the results of a transaction request

HI All, I am trying to get results from a transaction request from users coming into the out systems. There are vari...
by ssaenger Communicator in Splunk Search 12-02-2015
0 4
0
4
ltrand

Why are REST API searches returning intermittent results?

I'm having an weird situation where REST queries sometimes pull results and sometimes don't. We've even tried limiti...
by ltrand Contributor in Splunk Search 12-02-2015
0 4
0
4
BobKimata

How do I show/hide table columns?

I have several tables that are populated by an SQL query. I would like to have options to show or hide columns depend...
by BobKimata Path Finder in Splunk Search 12-01-2015
1 6
1
6
IRHM73

Splunk Left Join

Hi, I wonder whether someone may be able to help me please: I'm trying to return the following details: Submission ...
by IRHM73 Motivator in Splunk Search 12-01-2015
0 6
0
6
aelzain

Hello everyone, am trying to extract fields from the below syslog events that i'm receiving from Symantec, would you help me extracting it out

<54>Nov 30 15:02:42 SymantecServer SR-SAAP-SEP01: Scan ID: 1448882755,Begin: 2015-11-30 11:47:09,End: 2015-11-30 11:5...
by aelzain Engager in Splunk Search 12-01-2015
0 3
0
3
alafferty

How to combine access log data from multiple sources over time in the same line graph?

Greetings! I have access logs from multiple sources that I'd like to combine into the same graph, basically to count...
by alafferty New Member in Splunk Search 12-01-2015
0 2
0
2
Lovika

Is there any way that we can use Join with if or case statement.

I am using this query index=dtwn sourcetype = sessionserver Serverid=$sev$ | dedup _raw | join Serverid [search ind...
by Lovika Explorer in Splunk Search 12-01-2015
0 4
0
4
shivarpith

How to correlate events from different sourcetypes from different timezones and no matching fields

Hi, We have logs coming into Unix and Windows Webspere. Every logon in Windows generates an event in Unix with the t...
by shivarpith Path Finder in Splunk Search 12-01-2015
0 3
0
3
mathiask

How to get a sourcetype of JSON mixed with text that uses the timestamp within the JSON object and correctly extracts kv and JSON kv pairs?

Hi I'm trying to get JSON data from a message queue into splunk. This works very well but the imported events also co...
by mathiask Communicator in Splunk Search 12-01-2015
0 4
0
4
vinay4444

How can I extract these 3 values from this string via regex?

Hi I need a regex match on the below pattern. I need to capture 3 values from "ms.db.tablespace_status_ind[DBID_F...
by vinay4444 Explorer in Splunk Search 12-01-2015
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...