Splunk Search

Ask a Question

Discussions

Thread Info

Searching "Caused by: ..." messages from java stack trace

Hi, I'm new to Splunk searches and need help. We currently have searches to filter out log messages with log le...

by New Member in

Merging rows with same values

Hi Guys, Need help on merging data. i have two columns ( first and second) which has the same value but instead of...

by Explorer in

How to display fields that have a common value in a table?

Hi everyone, I have a file with serial numbers and purchase order numbers. In a first table, I display a serial nu...

by Explorer in

Configure Search Head Cluster Peers to search a single indexer vs. an indexer cluster 6.2.5?

I have setup a 6.2.5 SH cluster. The SH cluster consists of 3 SHs and an additional host functioning as a SH deployer...

by Path Finder in

How to send a partial string value to a lookup table and count the occurrences?

I have a field that contains a sentence such as "I love wonderful food!" I want to be able to check each word against...

by Explorer in

compare time format

Hi, A job needs to be completed by 04:45 AM, Can some one help me to extract time from the logs, compare 04:45 AM an...

by Communicator in

Dynamic Tag values etraction using mvzip

Hi, I am struggling with xml data in splunk and need help in mvzip /mvexpand command to store multi value pairs wi...

by New Member in

Creating a CSV file with host, index, sourcetype, source, and sourcepath (monitor), how do I extract the monitor field in a search?

Hi, I have inputs.conf with below configuration details: [monitor:///data02/appserver/jboss2/prod-ABCD-domain/s...

by Explorer in

sshd transactions

Hi, I am playing with secure.log entries for sshd and am able to find transactions based on pid from below; Sep...

by New Member in

Why is my rex statement unable to extract the field?

I have this rex with an assigned field: regex _raw="(?<total_GC_time>0?.\d+)" I'm searching lines like this:...

by Explorer in

How to edit my search to get the output fields to show up as their own columns to sort on?

I am unable to get the output fields to show up as columns instead of multiple entries of users. Here is my search...

by New Member in

How to add icons to a table in Splunk 5?

Hi, I want to add icon to a table. I am using Splunk 5. My table looks as Module Version Requests E...

by Path Finder in

How to extract the date and time from a single column in a CSV file as separate fields?

I have a CSV file with headers which have date and time stamp fields in a single column. I want to extract date and t...

by Contributor in

converting lastLogonTimestamp to readable date and time format in Splunk

My ldap search for last logon (Active Directory) displays time in a format that makes it harder to read. How can I ma...

by Path Finder in

How do I edit my search to determine what percentage of error events are in a subset of values?

I'm writing a search to determine what percentage of events are error events for a camera-based system. To narrow ...

by Engager in

Why am I getting "splunklb.binding.HTTPError Unknown sid" using the Splunk Python SDK to run a large search?

I am using Splunk Python API to run a large search of about 144343 events and I keep getting an error that I cannot o...

by Builder in

Why am I unable to extract event values using REGEX and FORMAT in transforms.conf and REPORT in props.conf?

Hi I have created a shell script (script input) which is attached. It gives me information about status of thread...

by Explorer in

Why am I getting "SyntaxError: Unexpected token <." trying to upload a large lookup file?

Attempting to upload a "large" lookup file, 2 columns of 190k rows each presents the error "Your entry was not saved....

by Path Finder in

How to extract fields from a JSON file from Google Analytics API using spath or other options?

Hi dear Splunkers I have to following JSON given by a REST calling at Google Analytics: {"kind":"analytics#gaDa...

by Communicator in

If I have servers with a host name format of host_1, host_2, host_3, etc, how can I search a range of hosts by hostname?

Hi, I have 25 servers with the same prefix name and suffixed with different number host _1, host_2 ., ......, host...

by Path Finder in

How do I edit my search using multiple static times to compare against job times for an SLA check?

Hi, I am trying to create a search to check if my jobs are meeting SLA or not, but I am not able to get the search...

by New Member in

How to write a search to pull the OS distribution of all hosts in an AWS environment, along with their versions?

I'm looking for a search to pull the OS distribution of all hosts in an AWS environment, along with their version. Pu...

by Explorer in

How to search the rate of events in indexes A, B, C, D to to compare with the rate of events in index D?

Hello Splunkers, I am trying to find a way to determine the rate of events of a single index compared to all non-i...

by Contributor in

How to start a timechart on a dashboard on Monday without earliest and latest?

I have a timechart on a dashboard that sums Things by Description* with a span of a week. Since my first Thing event ...

by Communicator in

Regular expression in source

Hi All, I have multiple sources like a1.gz a2.gz a3.gz a4.gz a5.gz … and so one. How can I have a subset these ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Searching "Caused by: ..." messages from java stack trace

Merging rows with same values

How to display fields that have a common value in a table?

Configure Search Head Cluster Peers to search a single indexer vs. an indexer cluster 6.2.5?

How to send a partial string value to a lookup table and count the occurrences?

compare time format

Dynamic Tag values etraction using mvzip

Creating a CSV file with host, index, sourcetype, source, and sourcepath (monitor), how do I extract the monitor field in a search?

sshd transactions

Why is my rex statement unable to extract the field?

How to edit my search to get the output fields to show up as their own columns to sort on?

How to add icons to a table in Splunk 5?

How to extract the date and time from a single column in a CSV file as separate fields?

converting lastLogonTimestamp to readable date and time format in Splunk

How do I edit my search to determine what percentage of error events are in a subset of values?

Why am I getting "splunklb.binding.HTTPError Unknown sid" using the Splunk Python SDK to run a large search?

Why am I unable to extract event values using REGEX and FORMAT in transforms.conf and REPORT in props.conf?

Why am I getting "SyntaxError: Unexpected token <." trying to upload a large lookup file?

How to extract fields from a JSON file from Google Analytics API using spath or other options?

If I have servers with a host name format of host_1, host_2, host_3, etc, how can I search a range of hosts by hostname?

How do I edit my search using multiple static times to compare against job times for an SLA check?

How to write a search to pull the OS distribution of all hosts in an AWS environment, along with their versions?

How to search the rate of events in indexes A, B, C, D to to compare with the rate of events in index D?

How to start a timechart on a dashboard on Monday without earliest and latest?

Regular expression in source

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

SPL To only Pull Last Event Per Month

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions