Splunk Search

Ask a Question

Discussions

Thread Info

How to ignore cidr from a lookup file in a search?

Hi, I have a large list of IP ranges in a lookup file. I want to ignore these in a search. I can do the follow...

by Path Finder in

How to categorize search results as "good" or "bad" based on values returned?

1) In the picture attached, I want to display the values >300 as good and less than 300 as bad 2) The other part i...

by Builder in

how to change date_wday for different countries

Hi Team, I have got a search query running the same query on different source files ource="C:\Budapest Router1f...

by Path Finder in

How to chart a .csv file

I have a CSV file which runs every 5 minutes and gathers data from separate data sources. A sample of what is compile...

by Engager in

Why am I getting this error trying to extract 2 strings? "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."

Hi, I am using Splunk 6.2 and when going to extract the field, it is giving me the following error: The extract...

by Communicator in

Is there a service that I can call without any local installation in order to connect to Splunk Cloud to perform one search?

I have Splunk Cloud and an account to connect to my Splunk Cloud. The only thing I want is to not install the service...

by New Member in

How do I edit my search to filter results using a CSV file?

Hi all, So I'm having trouble combining my search data and CSV data so that "Bundle" has to match "Bundle Version"...

by Path Finder in

I keep getting this "Max concurrent searches reached" error. What does it mean and how do I fix it?

On some of my dashboards, I get an error that says either "Max concurrent searches reached" or "Maximum concurrent sy...

by Splunk Employee in

How to separate multiple values from a single Windows event log entry?

An example of a SINGLE Windows application log event I'm looking at in my environment is: 09/09/2015 09:46:05 AM L...

by Path Finder in

How to search the difference between the stats output per field and fill "0" values in the stats output if an event does not exist?

I have two source files, SourceA and SourceB, representing different months e.g. logs from June and July Each sour...

by New Member in

How to create a timechart with multiple fields by their event count and rename their lines for the visualization?

I currently have a search that is appending two more searches to the original for a single line chart that will show ...

by Communicator in

Host_Regex not working

Hello All, I know that there are lots of questions for host_regex not working. Here is mine. [monitor:///var/lo...

by Contributor in

How to add hours to _time for specific events using eval?

I need to add 3 hours to records which have SITE=1 and not change anything for other sites. I started with this, ...

by Explorer in

How to create a list of fields in a table with stats displayed on the Selected Fields sidebar, including rare 10 values, their counts, and percentages?

I want to take a list of fields and show the stats displayed on the Selected fields sidebar in a table. When we do...

by Motivator in

Why am I getting "Error in 'rex' command...Regex: missing )"?

Hello All, I am brand new to Splunk and can't for the life of me figure out what I am doing wrong. I would like to...

by Path Finder in

How to extract these individual fields for iostat data?

I am having a difficult time extracting fields for data returned by iostat. Has anyone been able to extract these ind...

by Builder in

How to display the Interesting Fields in a custom search view using the Splunk web framework?

I'm using the web framework to create my own custom search view. However, from http://docs.splunk.com/DocumentationSt...

by New Member in

How to parse CEF files with key value pairs that contain white space?

Hello all! I am a Splunk "newb" when it comes to parsing out files for ingestion. Here is my situation. I have a ...

by Builder in

How can I use values in a table for a gauge?

Hi all, I have a search that returns a table with only one line and four int values. What I'd like to do, is to c...

by Path Finder in

R Project: How do I use commands involving paths with R language in Splunk?

I want to use R to train a machine learning model, export it using saveRDS(), and then importing it again within Splu...

by Path Finder in

How to incorporate a pattern into a search?

If I can see a pattern forming that will help me track users in my environment, how can I set up a search to serve th...

by New Member in

How to search the total distinct count on two different fields?

Hi, This is kind of a silly question, but currently my application is logging the session id as two separate field...

by Explorer in

I need to find an IP Address or user agent for a client that visits 5 uri stems, how can I incorporate this into a query

An group of IP Addresses, continue to hit a set of 5 uri stems. If they change their IP Address, I would still like t...

by New Member in

What can I use instead of the join command for my search?

Hi, I would like to use something different instead of join index=test STATUS=Closed | stats dc(ID) as TOTAL b...

by Path Finder in

Why isn't my index available for search in a distributed search environment?

Hi to everyone I have a "Distributed Environment", with two indexers, and two search heads. In the Master Node Ind...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to ignore cidr from a lookup file in a search?

How to categorize search results as "good" or "bad" based on values returned?

how to change date_wday for different countries

How to chart a .csv file

Why am I getting this error trying to extract 2 strings? "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."

Is there a service that I can call without any local installation in order to connect to Splunk Cloud to perform one search?

How do I edit my search to filter results using a CSV file?

I keep getting this "Max concurrent searches reached" error. What does it mean and how do I fix it?

How to separate multiple values from a single Windows event log entry?

How to search the difference between the stats output per field and fill "0" values in the stats output if an event does not exist?

How to create a timechart with multiple fields by their event count and rename their lines for the visualization?

Host_Regex not working

How to add hours to _time for specific events using eval?

How to create a list of fields in a table with stats displayed on the Selected Fields sidebar, including rare 10 values, their counts, and percentages?

Why am I getting "Error in 'rex' command...Regex: missing )"?

How to extract these individual fields for iostat data?

How to display the Interesting Fields in a custom search view using the Splunk web framework?

How to parse CEF files with key value pairs that contain white space?

How can I use values in a table for a gauge?

R Project: How do I use commands involving paths with R language in Splunk?

How to incorporate a pattern into a search?

How to search the total distinct count on two different fields?

I need to find an IP Address or user agent for a client that visits 5 uri stems, how can I incorporate this into a query

What can I use instead of the join command for my search?

Why isn't my index available for search in a distributed search environment?

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions