Splunk Search

Discussions

Thread Info

Stats DC With Table

Hi, I wonder whether someone may be able to help me please. I'm using the the search below to return values in a t...

by Motivator in

How to convert several custom time formats to a single format?

I have log lines stating service up/downtime in several slightly differing human readable formats where the hour and ...

by Explorer in

How to use multiple where conditions in a search to match and correlate start and end time fields?

Working with the following: EventStarts.txt UserID, Start Date, Start Time SpecialEventStarts.txt UserID, Start...

by Communicator in

How do I get characters ä ü ö in a CSV lookup table to appear correctly in the field name?

I have a CSV file with a lookup table for some Windows event codes. The description is in German and there are some ä...

by Path Finder in

Is it possible to remove an asterisk from the returned data for a table

Is it possible to remove an asterisk from the returned data for a table? I tried to use: rex "Data=(?<Message>...

by Explorer in

How to subtract dates in the format (%d %m %Y %H:%M:%S %Z) to find the difference?

Dear all, Data is indexed from a CSV file. I am trying to calculate the amount of seconds between a couple of t...

by Explorer in

How do I exclude columns in timechart when limit doesn't do the trick?

I am conducting the following search (account names have been hidden): sourcetype=WinEventLog:Security EventCode=4...

by Engager in

Newbie Question: How do you search multiple log types at the same time.

I'm trying to query the event log and iis logs at the same time. I would like to correlate application pool crashes/e...

by New Member in

How to separate fields into events based on value

Hi all I've been trying to separate the values of a stats table that looks similar to what i have below. I've used...

by Path Finder in

How do I join these two searches to get OS type?

Hi, When I run the searches below separately, they give me exact result, but when I tried joining them, it was no...

by Explorer in

How to write the regex to extract data inside square brackets?

How to write a regular expression for capturing elapsed time of requests, with a log in this format. .......status=[...

by New Member in

Where does 'Search Assistant' get the user search-history from?

Where do we actually get user ended search history from to fill the Search Assistant “My Search History”? (4.1) Se...

by Communicator in

How do I sum values inside a multivalue row?

Hi all, I'm trying to create a sum of fields inside a row, but I can't figure how to do it. This is my scenario: ...

by Engager in

How do I edit my search to get this field into my chart?

Dear All, I am using the Splunk App for Windows and I am trying to get a chart out looking something like: Comp...

by Contributor in

How to search for ValueA, look ahead to the following 20 events, and return results if there is no corresponding ValueB?

This is probably a very basic Splunk question, but as I move beyond basic searches, these are the kinds of use cases ...

by Explorer in

Pass a field from main search into subsearch for each record

I have a sourcetype that represents transactions. On the sourcetype are 3 fields of importance to this question,:an i...

by Path Finder in

Getting information adjacent to a match.

Hello Data example: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) I have ...

by Communicator in

Why does search typeahead no longer show "matching terms" after I upgraded to Splunk 6.3?

I upgraded to Splunk 6.3 and it's working beautifully, however, I no longer get "matching terms" as I type in the sea...

by Splunk Employee in

Pass one field from multiple fields returned by subsearch

Hi All, I have a search query like below. [search A | fields B,C] | search (D OR E) | fields F | table, B,C,F. ...

by Communicator in

Why does searching by source not work sometimes?

This command does not work. index=grb_test sourcetype=QServiceManagerFormat | source="\\\\netapp4\\Quants\\ST\log...

by Explorer in

How to search the difference between the values of two fields between separate searches?

I have a field of names from two indexes and wish to find the unique values between them. I thought I should have to ...

by Explorer in

How to graph the number of active sessions over time?

The data that I would like to graph consists of start events and stop events. Sessions consist of one start event and...

by Contributor in

Help with regular expression

I wish to extract any number between "cmdbRequest" & "- Transaction" . For Example from below string ERROR 2...

by Engager in

Is there any guide out there that would help in successfully configuring the Sophos Add-on for Splunk?

I have successfully downloaded and installed the Sophos Add-on for Splunk. Now I am attempting to configure it and am...

by Communicator in

How to extract everything after a carriage return?

Is it possible to get everything after a carriage return? Example Bills to pay: Car House Boat etc I tried ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Stats DC With Table

How to convert several custom time formats to a single format?

How to use multiple where conditions in a search to match and correlate start and end time fields?

How do I get characters ä ü ö in a CSV lookup table to appear correctly in the field name?

Is it possible to remove an asterisk from the returned data for a table

How to subtract dates in the format (%d %m %Y %H:%M:%S %Z) to find the difference?

How do I exclude columns in timechart when limit doesn't do the trick?

Newbie Question: How do you search multiple log types at the same time.

How to separate fields into events based on value

How do I join these two searches to get OS type?

How to write the regex to extract data inside square brackets?

Where does 'Search Assistant' get the user search-history from?

How do I sum values inside a multivalue row?

How do I edit my search to get this field into my chart?

How to search for ValueA, look ahead to the following 20 events, and return results if there is no corresponding ValueB?

Pass a field from main search into subsearch for each record

Getting information adjacent to a match.

Why does search typeahead no longer show "matching terms" after I upgraded to Splunk 6.3?

Pass one field from multiple fields returned by subsearch

Why does searching by source not work sometimes?

How to search the difference between the values of two fields between separate searches?

How to graph the number of active sessions over time?

Help with regular expression

Is there any guide out there that would help in successfully configuring the Sophos Add-on for Splunk?

How to extract everything after a carriage return?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions