Splunk Search

Discussions

Thread Info

Splunk DB Connect 1: How can I dynamically search from the lookup CSV file with dbquery?

I have a CSV file with three columns, say Name, Address, Lastname. I get Name from the dbquery, so I want to fetch al...

by New Member in

Bucket time span causing incorrect date entries

I have the following query: some query... | bucket _time span=1d | eval date=strftime(_time, "%b %d, %Y") | chart ...

by Communicator in

Why am I not able to see my extracted field in Splunk Web?

I am not able to see my extracted field. I can see the field created under splunk/etc/users/local Also, I added...

by Explorer in

How to extract and assign a timestamp from a multiline event?

How to extract and assign the timestamp from the below multiline event. Timestamp exists in the 4th line from last. ...

by Contributor in

How do I edit my transaction search to find the queue time for different steps in my sample data?

Hi, I am working in a market research company. We will send some online surveys to some samples. We have 3 steps t...

by Communicator in

How do I optimize my regex for a field extraction to improve efficiency and searchability?

I am working on field extraction in splunk and I have come up with the below regex (spunk regex does not work the ...

by Motivator in

How to filter out rows for individual tables by Metric date?

Hello, I have a handful of tables that contain monthly reported data. Each table starts at a different Metric time...

by Explorer in

How do I extract and separate an arbitrary number of field values with regex?

input: myCommand -myArgs taska taskb taskc myCommand -myArgs taska myCommand -myArgs taska taskb taskc taskd ...

by Path Finder in

Did folderize stop working?

I had an old Splunk saved search from several versions ago which successfully used folderize. However, when I ran ...

by Path Finder in

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

Hi Team, I would like to know if it is possible in Splunk to trigger a search (with regular expressions), generate...

by Builder in

Trying to find the index of a value within a multivalued field, why is is mvfind on the multivalue field not working?

Hi, I am trying to find the index of a value within a multivalued field. I assume mvfind is the correct eval funct...

by Engager in

I need to track the progress of students over time

Our event lists the answer to one question on a test. Our test numbers are unique to one set of test questions by one...

by New Member in

Can automated lookups be defined on a search head but not pushed to search peers?

I have a 60MB lookup file on my ES search head that is only used for automated lookups against data indexed locally o...

by Explorer in

Is there a way to use regex on a standalone string to pull out each value, then append "field!=" to the front to exclude these values from a search?

I have a large list of values for a field that I would like to exclude from my search. Rather than having a huge sear...

by Path Finder in

How to search two indexes to find if an event in index B does not occur within certain time range of an event in index A?

I hope the following makes sense...I have two indexes for separate application logs, index A and index B. I need help...

by Explorer in

How do I use the "AND" operator or any other way to list all values of a field that have both statuses FAIL and SUCCESS?

I have a search where the transaction status of a policy was set to FAIL. It was processed manually and now it has ch...

by Communicator in

How to search the sum of transactions where the times do not overlap?

I want to be able to show the sum of time that users have had licenses checked out (historically). But if a user has ...

by New Member in

How to combine my two searches for Windows WMI Data (Host, OS, Version, SP and Number of Installed updates) into one report?

Hello, I have two different searches that return the data that I would like to see in one report. However, I am ha...

by Builder in

How to search two events that occurred right before a specific event showing a certain error to analyze what happened?

Hello, When I search for some events (i.e index=main *password fail), I want to get the events with two lines befo...

by Explorer in

Multiple instances of Splunk w/ Boot-start

How can I have multiple splunk instances on linux and use boot-start? The command "./splunk enable boot-start" will o...

by Engager in

How to write a regular expression to filter out any data after a second semi-colon per line?

Hi, I have a file that contains the following format and I wish to only index information before the 1st two semi-...

by Path Finder in

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

Hi guys, I am trying to edit a chart I have to have certain colors corresponding to the data inside. I have 5 serv...

by Communicator in

How do I edit my search to remove duplicates of a field that appear in a table column?

Say I have a table ... host, IP, destinationHostname, Port, count host1 10.10.10.1 desthost1 9999, 33 host1 10.10...

by Contributor in

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

My question is similar to others around extracting new fields, but the answers I've tried to date haven't worked. ...

by Explorer in

can't extract field in json

Hi, I try to extract fields fron this json. I've tried with jsonkv and spath and it looks like that ' does genera...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk DB Connect 1: How can I dynamically search from the lookup CSV file with dbquery?

Bucket time span causing incorrect date entries

Why am I not able to see my extracted field in Splunk Web?

How to extract and assign a timestamp from a multiline event?

How do I edit my transaction search to find the queue time for different steps in my sample data?

How do I optimize my regex for a field extraction to improve efficiency and searchability?

How to filter out rows for individual tables by Metric date?

How do I extract and separate an arbitrary number of field values with regex?

Did folderize stop working?

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

Trying to find the index of a value within a multivalued field, why is is mvfind on the multivalue field not working?

I need to track the progress of students over time

Can automated lookups be defined on a search head but not pushed to search peers?

Is there a way to use regex on a standalone string to pull out each value, then append "field!=" to the front to exclude these values from a search?

How to search two indexes to find if an event in index B does not occur within certain time range of an event in index A?

How do I use the "AND" operator or any other way to list all values of a field that have both statuses FAIL and SUCCESS?

How to search the sum of transactions where the times do not overlap?

How to combine my two searches for Windows WMI Data (Host, OS, Version, SP and Number of Installed updates) into one report?

How to search two events that occurred right before a specific event showing a certain error to analyze what happened?

Multiple instances of Splunk w/ Boot-start

How to write a regular expression to filter out any data after a second semi-colon per line?

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

How do I edit my search to remove duplicates of a field that appear in a table column?

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

can't extract field in json

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions