Splunk Search

Ask a Question

Discussions

Thread Info

Regex to capture values

Hi, I have events like below. I need to extract 4EU56, 4YB2. the number of lines between statictext and Y-EER-RTY ...

by Contributor in

Why are fields not being extracted using props.conf on my universal forwarder?

Hi, I have been using a props.conf file to extract fields in my event logs, but it does not seem to be working. Be...

by Explorer in

How do I manage the content of my alert?

Hi, I have set up a couple of alerts and have chosen an inline table in the subsequent email. The contents of that...

by Communicator in

Keep transactions without duplicates without TRANSACTION or DEDUP

Hi, I'm currently using the expensive transaction command to keep transactions without any duplicates. So if I ...

by Communicator in

Problem with values/list in subsearch

Hi guys, I want to make a table with list in it with Splunk and I really need some help! I got a IPS to analyse and t...

by Communicator in

How to compare string values between two fields and only return results from the search that do not match?

So I currently have Windows event log (security) files and am attempting to compare two strings that are pulled out v...

by New Member in

How to extract file tyes from .txt file

Hi, I have a one text file which have some entries with the file types .pdf, .tif so now i want to make one hourly...

by Communicator in

How do I display values over the last 24 hours?

Greetings, I am trying to display the value of "002:emailsqu=33" over the last 24 hours and then graph it. The log...

by Explorer in

Adding a row of Totals

Hi all, currently I'm using a search Which gives me something like this for each group/event Group ...

by Path Finder in

Filter multivalue field based on regex generated by subsearch

Hi, I have "impression" events for a mobile page that has many games on it, and they have 1 field called "game_ids...

by Engager in

Sort order of subsearch results

Ok, treat me nice, please... I am working on a dashboard which totals and reports data from two different date ran...

by New Member in

Splunk mobile access server marked as legacy, alternative?

Splunk mobile access server is marked as legacy in the documentation, what is the alternative?

by Path Finder in

Regex in search to filter not working

I am currently trying to work on a search where are admins in my results. I want the search to show only regular user...

by Communicator in

Log file not picked up by splunk

I'm trying to get our splunk server to index the local /var/log/audit/audit.log, but no matter what I do I don't see ...

by New Member in

What values should I use for replication and search factor in a Splunk multisite indexer cluster with one peer in site1 and two peers in site2?

Hi! I'm trying to configure a multisite indexer cluster with two sites; site1 and site2. There are one peer in sit...

by Builder in

Performing a MAP search in a given time window

Hi, I'm trying to create a MAP search to see if Event B triggers within a certain time window of Event A being tri...

by Communicator in

How to copy figures across empty time buckets?

I'm generating a timechart that is supposed to display a daily figure which is an accumulation of total logged in hou...

by Explorer in

Adding a totals row to a table

Hi all, So I have a search that i have saved as a report that looks like this when it completes Group ...

by Path Finder in

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Splunk Free Enterprose download. Trying to start Splunk - non-root user. To "Start and Show Plunk" I get the error...

by Communicator in

Grouping by String and Sorting by Average

Hi there! I have run the following search... index="prop_data" uri=*/property/*/* | stats avg(execution_time) b...

by New Member in

Join and chart events from 2 log files with common field value but not lables.

I see a ton of these type questions, but none seem to pertain to what I am doing or I just dont understand them. I...

by Builder in

How do I use regex to extract value in parenthesis preceded by parenthesis?

I have the following log(s) from which I want to extract the value inside the parenthesis. The parenthesis field is p...

by New Member in

Rename columns

I have the following search string index="commercial_performance" "Efficiency Variance *" OR "Intervention Varianc...

by Explorer in

Map with custom image & _lat _lon

Can I replace the maps app images with a static single image? I want to assign static _lat and _lon to a specific pla...

by Explorer in

Geostats Truncating Data?

It would appear that using ...| geostats isn't working as it used to anymore. I originally had a search like the foll...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex to capture values

Why are fields not being extracted using props.conf on my universal forwarder?

How do I manage the content of my alert?

Keep transactions without duplicates without TRANSACTION or DEDUP

Problem with values/list in subsearch

How to compare string values between two fields and only return results from the search that do not match?

How to extract file tyes from .txt file

How do I display values over the last 24 hours?

Adding a row of Totals

Filter multivalue field based on regex generated by subsearch

Sort order of subsearch results

Splunk mobile access server marked as legacy, alternative?

Regex in search to filter not working

Log file not picked up by splunk

What values should I use for replication and search factor in a Splunk multisite indexer cluster with one peer in site1 and two peers in site2?

Performing a MAP search in a given time window

How to copy figures across empty time buckets?

Adding a totals row to a table

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Grouping by String and Sorting by Average

Join and chart events from 2 log files with common field value but not lables.

How do I use regex to extract value in parenthesis preceded by parenthesis?

Rename columns

Map with custom image & _lat _lon

Geostats Truncating Data?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions