Splunk Search

Ask a Question

Discussions

Thread Info

How to break out multiple values into a new column?

Here is what my data looks like: time col-a col-b col-c col-d 12:00 5 2 x,6 ...

by Path Finder in

For a field extracted at index-time, is there a way to put a default value such as "Empty" instead of having no field?

Hello, I have a field that is extracted at index-time if it matches a specific regexp. However, in some cases, the...

by Explorer in

How to use eval with stats and provide summary of events

uid,uname,in,out,seen 1,aa,8,,8 1,aa,8,,9 1,aa,8,10,9 2,bb,6,,7 3,cc,7,,8 1,aa,11,,11 1,aa,11,12,12 3,cc,9,9,9 ---...

by Engager in

Finding duration of report with time stamps

I have SSRS logs and I am attempting to find the duration of the sent reports. I have a log file that tells me wh...

by Path Finder in

Why is outer join not working to find how many IPs in a lookup file are not found in the metrics.log?

I am trying to write a search that will give me syslog log sources not sending logs to splunk I have 1) metrics lo...

by Path Finder in

Is it possible to make conditional lookup ?

Hello, I would like to make a view that allows me to see which product is being queried the most by my clients. ...

by Super Champion in

Inaccurate results from a lookup

I have a lookup table that contains CVSS vulnerability metrics. The fields are as follows: "_time","cve_id",score...

by Communicator in

Newbie search question

The vmstat log entry looks like this (Edited for brevity): memTotalMB memFreeMB 991 199 And if ...

by Explorer in

Need help combining the results of two searches into something cohesive

Hello! First, I'll admit that I'm relatively new to Splunk, so thank you in advance! I've been tasked to build a s...

by Explorer in

Can I add timescale for x-axis to chart

I have the following query which produces a chart that only shows TIME as the x-axis label and doesn't show the times...

by Path Finder in

Convert string to date

Hi, I am tring to convert string data to date and find diff second the problem is that i cant convert the string to d...

by Explorer in

Why are real-time searches not working with my custom D3.js chart?

Hi, I've created a custom dashboard with D3.js. Under "custom" I mean, that I've taken some chart, that is not pre...

by Explorer in

Dynamic defaults for index-time field extraction?

I've a couple of index-time field extractions. In events that are missing one of these fields, is there a way to assi...

by Engager in

Search Between Two Files with output of one file (i.e. List of ids) passed as input to other file

We have a requirement to search with two files 1) Search on File 1 to produce a list of ids 2) The List of Ids ...

by Path Finder in

Field Extraction Help

I would like to combine extracted values into a single field. Here is my transform [end_time_extact] REGEX = (\d+\...

by Communicator in

Unable to search using CLI

When running trying to run a search via the CLI (Redhat Linux) I get the following message: "Splunk is not running...

by Path Finder in

join results if _time between startTime and finishTime

I have one source that provides startTime and finishTime of a test. I also have a log file that gives me _time and ev...

by New Member in

searching for specific errors

Possible Duplicate: searching for specific errors For starters this app is amazing. I am trying to search a t...

by New Member in

Is dynamic query construction possble in Splunk without using any SDKs ?

I need to modify the query of saved search based on some conditions. Is it possible using only Splunk query language?

by Communicator in

How to use the cidrmatch function in a search to get the ISP for an IP address using a lookup with cidr ip blocks?

I am trying to get the ISP for an IP address using a database with cidr ip blocks The lookup file is "GeoIPISP.csv...

by Splunk Employee in

How to submit a Splunk Python SDK query with a restricted time range and return more than 50000 rows?

I am trying to submit a query which is limited to a restricted time window AND returns more than 50000 rows in Python...

by Explorer in

Why does my search work in the Search and Reporting app, but not in the traffic light example XML dashboard?

Hi, we are trying to construct a search to provide server health information base upon the traffic light example t...

by Explorer in

How to add the stacked column feature in Django app dashboard?

Hi I had a column chart in my dashboard and I copied it to my new Django-Splunk App, but it's stacked column feature ...

by Builder in

How to edit my search to output results to separate rows based on multiple values?

Hi - I have been trying to get this search below to result in separate rows depending on the values. I have the infor...

by New Member in

Custom search script returning only first value in array/dictionary

I have a custom search script (Python) which is nothing more than a dummy script at the moment, as I want to get the ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to break out multiple values into a new column?

For a field extracted at index-time, is there a way to put a default value such as "Empty" instead of having no field?

How to use eval with stats and provide summary of events

Finding duration of report with time stamps

Why is outer join not working to find how many IPs in a lookup file are not found in the metrics.log?

Is it possible to make conditional lookup ?

Inaccurate results from a lookup

Newbie search question

Need help combining the results of two searches into something cohesive

Can I add timescale for x-axis to chart

Convert string to date

Why are real-time searches not working with my custom D3.js chart?

Dynamic defaults for index-time field extraction?

Search Between Two Files with output of one file (i.e. List of ids) passed as input to other file

Field Extraction Help

Unable to search using CLI

join results if _time between startTime and finishTime

searching for specific errors

Is dynamic query construction possble in Splunk without using any SDKs ?

How to use the cidrmatch function in a search to get the ISP for an IP address using a lookup with cidr ip blocks?

How to submit a Splunk Python SDK query with a restricted time range and return more than 50000 rows?

Why does my search work in the Search and Reporting app, but not in the traffic light example XML dashboard?

How to add the stacked column feature in Django app dashboard?

How to edit my search to output results to separate rows based on multiple values?

Custom search script returning only first value in array/dictionary

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

separate rows from columns with multivalue

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions