Splunk Search

Discussions

Thread Info

Field Extractor Utility: Why am I getting error "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."?

Hi, I Have the following event in Splunk: Message=WriteLoadTimeToLog at offset 259 in file:line:column <filenam...

by Path Finder in

How to handle different field patters in the same sourcetype?

I'm trying to extract fields for a Barracuda Spam Firewall. For those deeply interested, they've politely documented ...

by Communicator in

Why am I getting chart error "The following options were specified but have no effect when a split-by clause is not provided:limit"?

I'm trying to chart the top hits to a search while the rest are rolled up into an 'OTHER' column. Ideally I'd like th...

by Engager in

How to replace a status with a new value?

I have search I'm running to change the status of a particular error that is a false negative: index=wertyu source...

by Builder in

Transaction with count of successive events

Hi, If I have several events like this: ID1 name1 ID2 name2 ID3 name1 ID3 name1 ID3 name1 ID4 name3 ID3 n...

by Explorer in

How to calculate daily values from sum values

Hi, I have values that are a total sum of all data processed. I need to calculate the daily values from the daily ...

by Explorer in

How do I write the regular expression to extract fields separated by a backslash?

Hi Community, I'm struggling with a regex expression. I'm trying to extract fields (seperated by \) into the three...

by Explorer in

Is there any documentation on what precision Splunk uses for arithmetic operations?

When I execute the following search index="does not matter" | stats count AS value | eval value=123456.0 | eval x...

by Communicator in

How can I show average, peak, and peak time in a single search?

Hi, my first post..I'm trying to display in a search the Average TPS (transactions per second), along with Peak TPS, ...

by New Member in

Scheduled Query - change query content

Background I have created a query that will allow me to view all tickets created within one month. As some of the 're...

by Path Finder in

Field extraction efficiency improvements

I am currently extracting 3 fields at index-time based on a custom eventtype. I did this a while ago and realize that...

by Path Finder in

need help in displaying specific fields from below output

Hi Need help in displaying Client and /use71-mobstor-bf1/vol070 with dedup, as logs has similar entries. Nov 2...

by New Member in

earliest=-1w does not work

Hi, I have the following simple search. sourcetype=ib:reserved1 source=ib:user:user_login index=ib_security earliest=...

by Path Finder in

Field extraction is off

I'm forwarding logs via syslog udp to a box and locally ingesting them through splunk. I don't think that contributes...

by Communicator in

How to use regex in eventtypes.conf

I have data in following formats: Nov 04 21:47:59 server1 gtu[22038]: 2833CA0D c (master) 1A 0B 81 2D 5F 66 36...

by Builder in

How do I edit my search to filter XML content and only show failed status for a specific node?

I have an XML results input that is indexed on per Test Suite. Each Test Suite has many Test Cases, and each Test Cas...

by New Member in

How to create a custom CEF index for CEF Syslog data and extract token field field names and values?

I'm looking for help on creating a custom CEF index. I have CEF Syslog data sent into my Splunk instance and I'd ...

by Engager in

How do I write a search to calculate a moving average using the current value, previous 2 values, and the next value?

Need your help, Please refer the below data structure. We want to calculate the and display moving average of the ...

by Builder in

How to write a search to display the count when two fields have unique values?

Hi, I would like to create a statistics table where the end result shows the count of product that has gotten the...

by New Member in

Does splunk store data in ansi.? I.E. is len(_raw) an indicator of bytes stored?

Hi! I am trying to determine how much certain events affect our license and storage. I am a user of my system and...

by Path Finder in

How do I write a search to combine information from two events to get an accurate count?

I am splunk noob trying to write a search for a couple of hours, but not successful so far. I want to count the numbe...

by New Member in

Splunk Search return no output on GUI and the 'Loading...' status icon is continue to display on screen

Inside the customer network, Splunk 4.2 has been installed and deployed since early 2011. Recently, when the GUI sear...

by Engager in

How to edit my search to find old vs new errors with counts?

Folks I am new in splunk so pardon the basic question here. I am trying to find in my application what are the new...

by New Member in

How to find the difference between columns headers (new column headers one month that don't exist in the previous month)?

Hello I am trying to find a differecne between column headers (month to another month). Meaning, if in the new mo...

by Path Finder in

Convert a table to a percent table

Hello, I have a table that looks like this : And I wish to convert all the values in the table to perce...

by Super Champion in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field Extractor Utility: Why am I getting error "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."?

How to handle different field patters in the same sourcetype?

Why am I getting chart error "The following options were specified but have no effect when a split-by clause is not provided:limit"?

How to replace a status with a new value?

Transaction with count of successive events

How to calculate daily values from sum values

How do I write the regular expression to extract fields separated by a backslash?

Is there any documentation on what precision Splunk uses for arithmetic operations?

How can I show average, peak, and peak time in a single search?

Scheduled Query - change query content

Field extraction efficiency improvements

need help in displaying specific fields from below output

earliest=-1w does not work

Field extraction is off

How to use regex in eventtypes.conf

How do I edit my search to filter XML content and only show failed status for a specific node?

How to create a custom CEF index for CEF Syslog data and extract token field field names and values?

How do I write a search to calculate a moving average using the current value, previous 2 values, and the next value?

How to write a search to display the count when two fields have unique values?

Does splunk store data in ansi.? I.E. is len(_raw) an indicator of bytes stored?

How do I write a search to combine information from two events to get an accurate count?

Splunk Search return no output on GUI and the 'Loading...' status icon is continue to display on screen

How to edit my search to find old vs new errors with counts?

How to find the difference between columns headers (new column headers one month that don't exist in the previous month)?

Convert a table to a percent table

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!