Splunk Search

Discussions

Thread Info

Can I match multiple patterns with regex in the same search to extract fields from logs?

I have a requirement where I need to search all logs to match a set of patterns and extract some values. Is there som...

by Explorer in

How to get the last value from a previous event filtered by host?

My problem stems from how the last value functions, where it pulls the last value from the previous event. While I wa...

by Contributor in

rename data

I want to rename CPU001 to CPU1, CPU_ALL to CPUALL, is it possible?

by New Member in

Help with regex..?

Need help with regex...should start with " end with space or ? Need entire string in a field starting with " and e...

by Builder in

Load Time vs Event Time

I know that I ca get the event time using "_time". Does Splunk keep track of the time the event was loaded into Splun...

by Communicator in

How do I fix this error? "Regex: syntax error in subpattern name (missing terminator)"

How do I fix this Regex syntax error in subpattern name missing terminator? Error in 'rex' command: Encountered th...

by New Member in

Why am I getting error "100000 entries have been received...this search will not return metadata information for any more entries."?

Hi I am getting below error when I use the metadata command. Could someone explain to me in detail what this is al...

by New Member in

Why am I getting "Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf"?

I have an app for a custom command called disabler and I am trying to call the command by: ... | disabler | ... ...

by Explorer in

My curl searches result in "Unparsable URI-encoded request data". Is curl version 7.15.5 unsupported?

My curl searches result in the output Unparsable URI-encoded request data I see that many of the curl searche...

by New Member in

How to add the count of two different fields' values?

For example: |stats count by src_ip src_ip count 1.1.1.1 100 2.2.2.2 200 3.3.3.3 300 |stats count by dst_ip...

by New Member in

Calculate average execution time for a known field

Hi, I'm having issues calculating the average execution time of an available field in Splunk. I have searched for ...

by Path Finder in

How to run multiple queries at once, with calculations?

I am trying to calculate TPS with the help of the queries below: Start Time Query host=X source=Y.log "data availa...

by New Member in

rename EventCodes

Is there a way to rename EventCodes xxxx field to "description" in timechart? Here is a sample search: Account_Nam...

by Path Finder in

How to track real-time errors from SharePoint ULS logs and configure real-time alerts for this in Splunk?

Hi, We are using SharePoint ULS Viewer to watch SharePoint logs which are any errors, warnings, and critical thing...

by Explorer in

Why am I unable to filter out events from payload with my current search?

I have an event from which I want to filter this string: \\\"name\\\":\\\"experience\\\",\\\"status\\\":\\\"FAILUR...

by New Member in

How do I write the regex to identify the sourceip that can be found in different locations in my logs?

I have logs like below 1.1.1.1 This is my sourceip 2.2.2.2 My source ip is 1.1.1.2 I have a situation where in...

by Communicator in

How to restrict a search string to show only one value per day?

Hi, I have a SQL query running in Splunk counting the number of documents by data size (below 1MB, 1-5MB, 5-10MB, ...

by Path Finder in

Subsearch and real-time: How to write a search to get all-time values and display them with real-time values?

Below is my simple search. index="ix-lp-tps" | stats count as CurrentCount | appendcols [search earliest=-100y in...

by Explorer in

XML or search examples of swim lane chart

Hi All, I am looking for swim lane chart examples. Does swimlane feature of charting only inbuilt with some apps o...

by Contributor in

How to create a regular expression to extract this string from four types of patterns in my sample data?

Hi, I have the following 4 kinds of text in logs in a single file. I want to extract the string - Customer Num (st...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can I match multiple patterns with regex in the same search to extract fields from logs?

How to get the last value from a previous event filtered by host?

rename data

Help with regex..?

Load Time vs Event Time

How do I fix this error? "Regex: syntax error in subpattern name (missing terminator)"

Why am I getting error "100000 entries have been received...this search will not return metadata information for any more entries."?

Why am I getting "Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf"?

My curl searches result in "Unparsable URI-encoded request data". Is curl version 7.15.5 unsupported?

How to add the count of two different fields' values?

Calculate average execution time for a known field

How to run multiple queries at once, with calculations?

rename EventCodes

How to track real-time errors from SharePoint ULS logs and configure real-time alerts for this in Splunk?

Why am I unable to filter out events from payload with my current search?

How do I write the regex to identify the sourceip that can be found in different locations in my logs?

How to restrict a search string to show only one value per day?

Subsearch and real-time: How to write a search to get all-time values and display them with real-time values?

XML or search examples of swim lane chart

How to create a regular expression to extract this string from four types of patterns in my sample data?

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex