Splunk Search

Ask a Question

Discussions

Thread Info

How to write a regular expression to filter out any data after a second semi-colon per line?

Hi, I have a file that contains the following format and I wish to only index information before the 1st two semi-...

by Path Finder in

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

Hi guys, I am trying to edit a chart I have to have certain colors corresponding to the data inside. I have 5 serv...

by Communicator in

How do I edit my search to remove duplicates of a field that appear in a table column?

Say I have a table ... host, IP, destinationHostname, Port, count host1 10.10.10.1 desthost1 9999, 33 host1 10.10...

by Contributor in

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

My question is similar to others around extracting new fields, but the answers I've tried to date haven't worked. ...

by Explorer in

can't extract field in json

Hi, I try to extract fields fron this json. I've tried with jsonkv and spath and it looks like that ' does genera...

by Path Finder in

How do index TAB delimited files?

I am looking to read into SPLUNK a tab delimited file. But most of what I see is key based Field Extractions (, space...

by Path Finder in

How to filter out events by regex in transforms.conf?

Hi guys, I'm new to Splunk and I need ur help! I was trying to discard some specific events by regex and failed. ...

by Communicator in

Missing logs on sos index

Hi, we are using the SoS app, basically most of the searches are working. However we have noticed that the index s...

by Communicator in

Count unique values of a field in one result

I have the following result from a simple search: I, [2015-07-23T15:30:39+02:00 (1437658239.654) #38640] INFO -- ...

by Explorer in

How do I run my search to find missing events on 80 Windows Domain Controllers running Splunk 6.1.4?

We have Splunk running on all of our Windows Domain Controller servers (80 of them), but we seem to be missing events...

by New Member in

Why is Search Head "search" performance in a distributed search setup slower than the same search on a single instance?

Hi Everyone, I'm testing a simple setup of a search head on a single 24 core host. The setup basically consists of...

by Path Finder in

Drilldown from Flashchart object

Hey, I have a column flashchart on a dashboard called dash_usage.xml. When I click on a bar(e.g. called User where...

by Motivator in

How to extract these fields from my sample data?

I wanted to extract the below values. Time TakenResponse code in the string - HTTP/1.1" 200 example, I need to kno...

by New Member in

How to display two field values in a single table column?

I have the following search: index=cashflow host=atm source=income OR source=outcome | eval accountStatus="Income...

by Explorer in

How to aggregate a percentage of a total before another search?

Hey! I am trying to figure out how to aggregate a percentage of the total before another search like this: eventNa...

by Path Finder in

How to use "NOT" condition in regular expression?

for example i have the string "update event from remote cache". i need to use NOT condition for this to capture ab ev...

by Path Finder in

How to split multilevel XML to extract fields and values?

<messaging><messaging_id>data_range</messaging_id><currentTimeStamp>2015-06-11-090445569807</currentTimeStamp> <Trans...

by Builder in

How do I edit my search to find certain strings in my data and replace them with other strings?

Hi guys, I have this specific search that I want to edit: index="tablet_os" sourcetype="df" host=dc1* sda3 OR ...

by Communicator in

How Can I use Stats Avg() On a Datetime Field?

I have this indexed field which is read by splunk as a string, I need the average length, but the data has no Day, mo...

by Contributor in

Make a slippery transaction within 20 events, how do I calculate the duration between the 1st and 20th event, 2nd and 21st, etc?

Hello all, I'm trying to make a slippery transaction within 20 events. For example, my search return 40 events an...

by Explorer in

Help with Field Extraction for java app log

I'm having trouble getting a Field Extraction that I need and hope for some advice. Below are three examples. Please ...

by Explorer in

Basic Drill Down

Good day Splunkers. Splunk newbie here, I have been testing it for a few days already. I can now create searches a...

by Explorer in

Possible to retrofit props.conf file

I have a situation in which Cisco Sourcefire files are being ingested into Splunk (v6.0.1) under different sourcetype...

by Influencer in

D3 sankey chart without using Django framework

Hi I found an example using Django Framework in Splunk app site. But I still can not figure out how to do the sam...

by Motivator in

Treemap D3 Library integration

I have 2 fields (nodeid,jobid in which you could have multiple nodes assigned to 1 jobid) and need to graph it in a f...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a regular expression to filter out any data after a second semi-colon per line?

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

How do I edit my search to remove duplicates of a field that appear in a table column?

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

can't extract field in json

How do index TAB delimited files?

How to filter out events by regex in transforms.conf?

Missing logs on sos index

Count unique values of a field in one result

How do I run my search to find missing events on 80 Windows Domain Controllers running Splunk 6.1.4?

Why is Search Head "search" performance in a distributed search setup slower than the same search on a single instance?

Drilldown from Flashchart object

How to extract these fields from my sample data?

How to display two field values in a single table column?

How to aggregate a percentage of a total before another search?

How to use "NOT" condition in regular expression?

How to split multilevel XML to extract fields and values?

How do I edit my search to find certain strings in my data and replace them with other strings?

How Can I use Stats Avg() On a Datetime Field?

Make a slippery transaction within 20 events, how do I calculate the duration between the 1st and 20th event, 2nd and 21st, etc?

Help with Field Extraction for java app log

Basic Drill Down

Possible to retrofit props.conf file

D3 sankey chart without using Django framework

Treemap D3 Library integration

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions