Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is there a way that I can construct a search that will pass a list of values to a field that is expecting just one value?

Hello, I have a custom command from an app where I can do a search like sourcetype=mysourcetype | customcommand io...

by Path Finder in

How to build a timechart from a specific field and convert it from UTC to PST?

Hello Splunk Masters, The search query I have built out works great, but due to the amount of requests hitting us,...

by Explorer in

Why isn't my search sorting events chronologically by month?

I'm executing the following search to generate a report with columns sorted chronologically by month: ( ... ) | ev...

by Communicator in

How to write an eval if/then statement to produce a result for a single value visualization?

Hi Everyone, Longtime user of Splunk and come here often to find my answers, but I can't exactly solve the issue I...

by Explorer in

How to convert 18 character epoch time to format so Splunk understands without thinking events happened in future?

I have a dashboard that shows the status of certain logs reporting to Splunk. Within this dashboard, it also shows th...

by Explorer in

REX for Multilined event + extract where line where match is found

My splunk system is reading in logs as mutli lined events which is by design. So 1 event could have 300 lines or so. ...

by Communicator in

How to write a Regular Expression to extract these values from my sample data into new fields?

Hi, I have an application that calls other external applications/systems. I wish to plot the calls to external system...

by Path Finder in

Database lookup during search returning error 1 and error 47

I apologize - I'm a Splunk newbie and my Splunk sysadmin won't answer any questions and says the problem isn't with S...

by Explorer in

Calculating Sum of Percentages for Radial Gauge

Hi Splunk Masters, I am new here and I'm building out a radial gauge for successful HTTP requests. I am counting 3...

by Explorer in

How to use timechart average of a field from a simple Hostmon URL Check log file to create visualizations?

I have recently started indexing a private log generated from a Hostmon URL check. The Hostmon check runs during M-F ...

by Explorer in

Exclude result like the first result

Hi, I want to identify the available and occupied resources in a pool. The active resource will have "Available" on ...

by Explorer in

Is it possible to use lookups to validate data coming in, using metadata?

HI, Is it possible to create get entries in a serverclass (or a lookup), and then validate that data has been rece...

by Champion in

If a value is not in a lookup table, can I return that value as the OUTPUT field?

I apologize if this has already been answered, but I looked through numerous inquiries on answers.splunk.com and did ...

by Explorer in

How to overcome subsearch 10k limit with field lookup & set date for first data collection without knowing actual date?

I have the following search to find the number of switches "Off" on a day (call it day=0), and then use a field looku...

by New Member in

How do I stop Splunk from rounding values that are less than 1?

I was doing basic operations (+ - * / ) in Splunk and I noticed that if I was subtracting a number less than 0 with a...

by Engager in

How do create an alert to trigger if my search returns a count that is greater than or equal to 20 per minute for 10 minutes?

Hi , We need to set up an alert to check if events with below format exists: index=idx1 sourcetype=compass:serv...

by Path Finder in

How do I edit my regular expression to extract a field from my sample log event?

Hi, I am trying to extract a field from a log event, but need help as my RegEx seems to be wrong. Input string: ...

by Path Finder in

Why my CLI query returns empty field values

My query works from Splunk Web UI and returns field values of Source in a table form, but it doesn't work from the CL...

by Path Finder in

What are the functions of commas and periods in the Splunk search language?

I was just wondering if the commas in this search are just to aid readability of the code, or if they are important t...

by Communicator in

Can someone tell me what each part of this search does so I can learn more about the search processing language?

Could someone please tell me what this does? I'm in the process of learning Splunk and knowing what each part of this...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way that I can construct a search that will pass a list of values to a field that is expecting just one value?

How to build a timechart from a specific field and convert it from UTC to PST?

Why isn't my search sorting events chronologically by month?

How to write an eval if/then statement to produce a result for a single value visualization?

How to convert 18 character epoch time to format so Splunk understands without thinking events happened in future?

REX for Multilined event + extract where line where match is found

How to write a Regular Expression to extract these values from my sample data into new fields?

Database lookup during search returning error 1 and error 47

Calculating Sum of Percentages for Radial Gauge

How to use timechart average of a field from a simple Hostmon URL Check log file to create visualizations?

Exclude result like the first result

Is it possible to use lookups to validate data coming in, using metadata?

If a value is not in a lookup table, can I return that value as the OUTPUT field?

How to overcome subsearch 10k limit with field lookup & set date for first data collection without knowing actual date?

How do I stop Splunk from rounding values that are less than 1?

How do create an alert to trigger if my search returns a count that is greater than or equal to 20 per minute for 10 minutes?

How do I edit my regular expression to extract a field from my sample log event?

Why my CLI query returns empty field values

What are the functions of commas and periods in the Splunk search language?

Can someone tell me what each part of this search does so I can learn more about the search processing language?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

run different filter in an index search based on a...

How to union two time ranges

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...