Splunk Search

Ask a Question

Discussions

Thread Info

How to get an Advanced XML timechart to not automatically create its own bins of milliseconds like a Simple XML timechart?

Hi, The timechart in advanced XML creates its own bins of milliseconds. See below Whereas in simple XML, i...

by Influencer in

Regex not matching

I have the field devname in my raw log in the format: devname=123-fw-af-we I am trying to write a regex string to...

by Communicator in

Using UDP 514 to get firewall syslog data, how do I edit props and transforms to filter out level=notice to nullQueue?

Example data: Aug 25 10:48:58 172.20.10.253 date=2015-08-25,time=10:48:56,devname=FG300B3909604960,devid=FG300B390...

by New Member in

What are the different ways to optimize a large search against a large dataset?

I have a list of 200+ IPs that I need to search against source addresses in our firewall data. The search needs to sp...

by SplunkTrust in

How to transpose or untable and keep only one column?

Hello, I have a search returning some results that look like this: sourcetype="somesourcetype" [ search sourcet...

by Explorer in

Extract fields with multiple results or generate fake/dummy events

Hi all, I'm struggling these days with regular expressions and field extractions with events that contain multiple...

by New Member in

Why is searching with NOT or != being ignored in search results?

Anyone else seen this before? I'm building a search, then telling Splunk to NOT or using field!=something and Splunk ...

by Path Finder in

How to edit my timechart search to only return results where the (average) response time is greater than 500?

Hi All, I'm using the search below for getting the avg response time that is greater than 500. index=web <data>...

by Path Finder in

ログの中から漢字やひらがなを抽出する方法は？

ログの中のメッセージに含まれる日本語のカタカナのみ、漢字のみを抽出したい場合、正規表現等で抽出する方法はありますか？ 形態素解析器を導入してもいいのですが、単純な単語抽出だけやりたい場合に簡単に実現する方法をさがしています。

by Splunk Employee in

How can I split an event into two or more events according to two multivalue fields?

The raw data is like : FieldA | FieldB | FieldC | FieldD 14-51-P-1216;14-52-P-0258;14-52-P-0053;14-52-P-0054 | 99D...

by Path Finder in

How to select data within selected timerange on particular fields?

Hi Splunkers, I understand we can re-write _time with particular timefield with this formula eval _time=strptime(t...

by Communicator in

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

Is there any way to create fields and assign values to them while my script is being executed for custom search?

by Explorer in

External data fetch w/curl (REST)

I need to fetch some external data from various sources. WIth curl on command line this is relatively simple to do ag...

by Explorer in

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

I have multiple fields with different values (error messages) from the same log. I am trying to get a count per field...

by New Member in

How to list values to fields based on userid selected in a drop-down form?

good morning all So I have a table chart with a drop-down that selects a user and this works fine. When I select a...

by Explorer in

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

I'm getting the above error message ( 'searchmanager' received some positional argument(s) after some keyword argumen...

by Builder in

How to find the daily average of the time difference between the concurrence of one line and a previous line?

Hi, I have a very simple line of trace which indicates the end of a timer that runs at the completion of an import...

by New Member in

How to prevent a space character from delimiting and truncating my filename field?

Hi folks, I have some new logs coming in, and I took a look at the fieldname that has a Windows filename in it, an...

by Communicator in

Mapping OOID number to OOID name

Hi guys, I currently have a search set up that searches for the most active OOIDs( Organization ID Folder) with th...

by Communicator in

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

We were using an old version of Splunk (ver 5) and have since updated to the ver 6.2.4 and now our failed login attem...

by New Member in

Splunk manage Arduino sensors output messages ?

Is it possible for Splunk to manage "live" Arduinos sensors datas like : Rain Data 1.00mm; 0s; Temp reading = 23.7...

by New Member in

How to create a custom field with values based on the monitors in inputs.conf

Hi, In my inputs.conf I have a number of monitors. I would like to create a custom field called logtypevalue with ...

by Path Finder in

Why does this join not correctly match the data?

Hi, I'm experiencing some strangeness with the following query: index=main_index | dedup _raw | sort _raw | ren...

by Path Finder in

How Can I View IPs That Have NOT Generated Events?

For example, I want to run the following search and have splunk output IPs that do NOT show up in the results. ind...

by Explorer in

Is it possible to get both rare and top results in the same search result table?

Hi, I want to know if it's possible to get rare and top value on the same table search. index=_internal |top l...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get an Advanced XML timechart to not automatically create its own bins of milliseconds like a Simple XML timechart?

Regex not matching

Using UDP 514 to get firewall syslog data, how do I edit props and transforms to filter out level=notice to nullQueue?

What are the different ways to optimize a large search against a large dataset?

How to transpose or untable and keep only one column?

Extract fields with multiple results or generate fake/dummy events

Why is searching with NOT or != being ignored in search results?

How to edit my timechart search to only return results where the (average) response time is greater than 500?

ログの中から漢字やひらがなを抽出する方法は？

How can I split an event into two or more events according to two multivalue fields?

How to select data within selected timerange on particular fields?

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

External data fetch w/curl (REST)

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

How to list values to fields based on userid selected in a drop-down form?

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

How to find the daily average of the time difference between the concurrence of one line and a previous line?

How to prevent a space character from delimiting and truncating my filename field?

Mapping OOID number to OOID name

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

Splunk manage Arduino sensors output messages ?

How to create a custom field with values based on the monitors in inputs.conf

Why does this join not correctly match the data?

How Can I View IPs That Have NOT Generated Events?

Is it possible to get both rare and top results in the same search result table?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions