Splunk Search

Discussions

Thread Info

How to extract the date and time from a single column in a CSV file as separate fields?

I have a CSV file with headers which have date and time stamp fields in a single column. I want to extract date and t...

by Contributor in

converting lastLogonTimestamp to readable date and time format in Splunk

My ldap search for last logon (Active Directory) displays time in a format that makes it harder to read. How can I ma...

by Path Finder in

How do I edit my search to determine what percentage of error events are in a subset of values?

I'm writing a search to determine what percentage of events are error events for a camera-based system. To narrow ...

by Engager in

Why am I getting "splunklb.binding.HTTPError Unknown sid" using the Splunk Python SDK to run a large search?

I am using Splunk Python API to run a large search of about 144343 events and I keep getting an error that I cannot o...

by Builder in

Why am I unable to extract event values using REGEX and FORMAT in transforms.conf and REPORT in props.conf?

Hi I have created a shell script (script input) which is attached. It gives me information about status of thread...

by Explorer in

Why am I getting "SyntaxError: Unexpected token <." trying to upload a large lookup file?

Attempting to upload a "large" lookup file, 2 columns of 190k rows each presents the error "Your entry was not saved....

by Path Finder in

How to extract fields from a JSON file from Google Analytics API using spath or other options?

Hi dear Splunkers I have to following JSON given by a REST calling at Google Analytics: {"kind":"analytics#gaDa...

by Communicator in

If I have servers with a host name format of host_1, host_2, host_3, etc, how can I search a range of hosts by hostname?

Hi, I have 25 servers with the same prefix name and suffixed with different number host _1, host_2 ., ......, host...

by Path Finder in

How do I edit my search using multiple static times to compare against job times for an SLA check?

Hi, I am trying to create a search to check if my jobs are meeting SLA or not, but I am not able to get the search...

by New Member in

How to write a search to pull the OS distribution of all hosts in an AWS environment, along with their versions?

I'm looking for a search to pull the OS distribution of all hosts in an AWS environment, along with their version. Pu...

by Explorer in

How to search the rate of events in indexes A, B, C, D to to compare with the rate of events in index D?

Hello Splunkers, I am trying to find a way to determine the rate of events of a single index compared to all non-i...

by Contributor in

How to start a timechart on a dashboard on Monday without earliest and latest?

I have a timechart on a dashboard that sums Things by Description* with a span of a week. Since my first Thing event ...

by Communicator in

Regular expression in source

Hi All, I have multiple sources like a1.gz a2.gz a3.gz a4.gz a5.gz … and so one. How can I have a subset these ...

by Explorer in

How to stats count by unique value in a single field

I've been racking my brain on this and I know it's close, but I just cannot figure out the last part. I'm trying t...

by Builder in

Difference between lastTime and recentTime in metadata output

Can someone explain the distinction between the lastTime and recentTime fields in the output of the | metadata comman...

by Motivator in

Props and Transforms report field extractions not working

I am trying to configure props/transforms in a custom TA to perform some search-time field extractions for a custom e...

by Builder in

How to combine two different searches to display together on the same chart?

Hi Everyone, I am trying to combine the outputs of two different searches one chart. Presently, I have the Disk Re...

by Path Finder in

How to generate a timechart for servers showing the uptime and downtime within a span of 5 minutes?

Hi everyone, My goal is to create a drop-down that shows the uptime and downtime of a server. The SPL I have isn't...

by Path Finder in

Regex to find out 13 or more continuous numbers in a Splunk search?

With the following search, I am able to get the following results which is good. I want to create an alert when any c...

by Builder in

Calculating IOPS from bonnie++ results

Hello, I was wondering how to obtain IOPS from bonnie++ results. The various executions of bonnie++ have been d...

by Path Finder in

How to write the regex to extract URLs 32 to 48 characters in length and ending with .ru or .org?

Hi Everyone, I would like to write a regex for extracting URL's with 32 to 48 characters long and ending with .ru ...

by New Member in

How to ignore cidr from a lookup file in a search?

Hi, I have a large list of IP ranges in a lookup file. I want to ignore these in a search. I can do the follow...

by Path Finder in

How to categorize search results as "good" or "bad" based on values returned?

1) In the picture attached, I want to display the values >300 as good and less than 300 as bad 2) The other part i...

by Builder in

how to change date_wday for different countries

Hi Team, I have got a search query running the same query on different source files ource="C:\Budapest Router1f...

by Path Finder in

How to chart a .csv file

I have a CSV file which runs every 5 minutes and gathers data from separate data sources. A sample of what is compile...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract the date and time from a single column in a CSV file as separate fields?

converting lastLogonTimestamp to readable date and time format in Splunk

How do I edit my search to determine what percentage of error events are in a subset of values?

Why am I getting "splunklb.binding.HTTPError Unknown sid" using the Splunk Python SDK to run a large search?

Why am I unable to extract event values using REGEX and FORMAT in transforms.conf and REPORT in props.conf?

Why am I getting "SyntaxError: Unexpected token <." trying to upload a large lookup file?

How to extract fields from a JSON file from Google Analytics API using spath or other options?

If I have servers with a host name format of host_1, host_2, host_3, etc, how can I search a range of hosts by hostname?

How do I edit my search using multiple static times to compare against job times for an SLA check?

How to write a search to pull the OS distribution of all hosts in an AWS environment, along with their versions?

How to search the rate of events in indexes A, B, C, D to to compare with the rate of events in index D?

How to start a timechart on a dashboard on Monday without earliest and latest?

Regular expression in source

How to stats count by unique value in a single field

Difference between lastTime and recentTime in metadata output

Props and Transforms report field extractions not working

How to combine two different searches to display together on the same chart?

How to generate a timechart for servers showing the uptime and downtime within a span of 5 minutes?

Regex to find out 13 or more continuous numbers in a Splunk search?

Calculating IOPS from bonnie++ results

How to write the regex to extract URLs 32 to 48 characters in length and ending with .ru or .org?

How to ignore cidr from a lookup file in a search?

How to categorize search results as "good" or "bad" based on values returned?

how to change date_wday for different countries

How to chart a .csv file

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!