Splunk Search

Ask a Question

Discussions

Thread Info

Is it possible to display a name or number on top of a chart overlay?

Hi Everyone, Is it possible to display a name or number on top of a chart overlay? I have a search that display...

by Explorer in

How to create a query using values that come from the result of a different query

Hello, So I'm logging xml requests and responses as raw strings into splunk. To get the responses searching, among...

by Engager in

How to search if Windows update was installed successfully or not on multiple servers?

Hi guys, I modified a search we found online to show us what updates were installed successfully or not. The probl...

by Path Finder in

How do I extract these strings from my sample event as values into their own fields?

=Application SourceName=RGFXQA EventCode=55 EventType=3 Type=Warning ComputerName=UPS6Z445201Y3.upstreamaccts.XOM.com...

by Builder in

When trying to display field values, why are values being truncated after an apostrophe appears in the string?

I am currently trying to write a search which will, after specific conditions are met, display the subject field valu...

by Path Finder in

How to search two different strings from the same source, but different timestamps?

Hi , I would like to know how to search two different search strings (Error and issue) from the same source file, ...

by Path Finder in

How to get an Advanced XML timechart to not automatically create its own bins of milliseconds like a Simple XML timechart?

Hi, The timechart in advanced XML creates its own bins of milliseconds. See below Whereas in simple XML, i...

by Influencer in

Regex not matching

I have the field devname in my raw log in the format: devname=123-fw-af-we I am trying to write a regex string to...

by Communicator in

Using UDP 514 to get firewall syslog data, how do I edit props and transforms to filter out level=notice to nullQueue?

Example data: Aug 25 10:48:58 172.20.10.253 date=2015-08-25,time=10:48:56,devname=FG300B3909604960,devid=FG300B390...

by New Member in

What are the different ways to optimize a large search against a large dataset?

I have a list of 200+ IPs that I need to search against source addresses in our firewall data. The search needs to sp...

by SplunkTrust in

How to transpose or untable and keep only one column?

Hello, I have a search returning some results that look like this: sourcetype="somesourcetype" [ search sourcet...

by Explorer in

Extract fields with multiple results or generate fake/dummy events

Hi all, I'm struggling these days with regular expressions and field extractions with events that contain multiple...

by New Member in

Why is searching with NOT or != being ignored in search results?

Anyone else seen this before? I'm building a search, then telling Splunk to NOT or using field!=something and Splunk ...

by Path Finder in

How to edit my timechart search to only return results where the (average) response time is greater than 500?

Hi All, I'm using the search below for getting the avg response time that is greater than 500. index=web <data>...

by Path Finder in

ログの中から漢字やひらがなを抽出する方法は？

ログの中のメッセージに含まれる日本語のカタカナのみ、漢字のみを抽出したい場合、正規表現等で抽出する方法はありますか？ 形態素解析器を導入してもいいのですが、単純な単語抽出だけやりたい場合に簡単に実現する方法をさがしています。

by Splunk Employee in

How can I split an event into two or more events according to two multivalue fields?

The raw data is like : FieldA | FieldB | FieldC | FieldD 14-51-P-1216;14-52-P-0258;14-52-P-0053;14-52-P-0054 | 99D...

by Path Finder in

How to select data within selected timerange on particular fields?

Hi Splunkers, I understand we can re-write _time with particular timefield with this formula eval _time=strptime(t...

by Communicator in

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

Is there any way to create fields and assign values to them while my script is being executed for custom search?

by Explorer in

External data fetch w/curl (REST)

I need to fetch some external data from various sources. WIth curl on command line this is relatively simple to do ag...

by Explorer in

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

I have multiple fields with different values (error messages) from the same log. I am trying to get a count per field...

by New Member in

How to list values to fields based on userid selected in a drop-down form?

good morning all So I have a table chart with a drop-down that selects a user and this works fine. When I select a...

by Explorer in

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

I'm getting the above error message ( 'searchmanager' received some positional argument(s) after some keyword argumen...

by Builder in

How to find the daily average of the time difference between the concurrence of one line and a previous line?

Hi, I have a very simple line of trace which indicates the end of a timer that runs at the completion of an import...

by New Member in

How to prevent a space character from delimiting and truncating my filename field?

Hi folks, I have some new logs coming in, and I took a look at the fieldname that has a Windows filename in it, an...

by Communicator in

Mapping OOID number to OOID name

Hi guys, I currently have a search set up that searches for the most active OOIDs( Organization ID Folder) with th...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to display a name or number on top of a chart overlay?

How to create a query using values that come from the result of a different query

How to search if Windows update was installed successfully or not on multiple servers?

How do I extract these strings from my sample event as values into their own fields?

When trying to display field values, why are values being truncated after an apostrophe appears in the string?

How to search two different strings from the same source, but different timestamps?

How to get an Advanced XML timechart to not automatically create its own bins of milliseconds like a Simple XML timechart?

Regex not matching

Using UDP 514 to get firewall syslog data, how do I edit props and transforms to filter out level=notice to nullQueue?

What are the different ways to optimize a large search against a large dataset?

How to transpose or untable and keep only one column?

Extract fields with multiple results or generate fake/dummy events

Why is searching with NOT or != being ignored in search results?

How to edit my timechart search to only return results where the (average) response time is greater than 500?

ログの中から漢字やひらがなを抽出する方法は？

How can I split an event into two or more events according to two multivalue fields?

How to select data within selected timerange on particular fields?

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

External data fetch w/curl (REST)

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

How to list values to fields based on userid selected in a drop-down form?

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

How to find the daily average of the time difference between the concurrence of one line and a previous line?

How to prevent a space character from delimiting and truncating my filename field?

Mapping OOID number to OOID name

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown