Splunk Search

Discussions

Thread Info

Comparing data sets from two types of host

I'm using the webping app from SplunkBase to calculate latency from each of my forwarders to a central server. I'm co...

by Engager in

Asterisk queue_log report on splunk

Following is my asterisk queue_logs, I want to create chart base on Agent/72XX like home many users completed call so...

by Explorer in

Retrieving latest timestamp from CSV file such that it is smaller than event time

Hello, I am using lookups to get some metadata from a CSV file that also has timestamps. How could I retrieve ...

by Path Finder in

How to distinct count and separate by type?

I need to make a distinct count of clients and together count what clients had at least one error message? I have ...

by Explorer in

How do I consolidate the values returned from a database query into a single entry?

I am running search against a database that includes a username and ticket count (from our ticketing system). When th...

by New Member in

Can Splunk handle field values like "Value™"?

Hi, some of my field values look like this Value™. How can I achieve that these values can be used in the search s...

by Motivator in

Can't search on splunk

Hi, I'm unable to search splunk receiving the error below: Error in 'litsearch' command: Your Splunk license expir...

by New Member in

Regex: syntax error in subpattern name (missing terminator)

Hi I encountered the following error message : Error Message: Error in 'rex' command: Encountered the following e...

by Builder in

Nesting functions in 'where' in 4.3

Hi, Very quick question that someone may be able to answer. In a complex form search that we have, we use the '...

by Explorer in

How to fix my props.conf configuration to extract headers from a log file with garbage data on top?

Hi guys, I need to extract headers from a log file, so that when it is pushed to the Indexer, those headers will b...

by Explorer in

Regex sanity check - fixed record length field extraction

Guys, I have a horrible dataset in Splunk and am trying to match fields based on a position in event. As an exampl...

by Contributor in

There is a way to extract a value from field and then use it as a new field ?

Hi , There is a way to extract a value from field and then use it as a new field ? For example : I have the following...

by Path Finder in

How to consolidate values from 2 fields in my data into a new field?

Hi all, There is a way to consolidate two fields? For example, I have the following event: "CEF:0|IMPERVA|Secur...

by Path Finder in

How to automatically calculate an eval expression?

Hi everyone, I use the following eval expression to convert epoch time to human readable format when I search: ......

by Path Finder in

Ranking Rows in a Table based on the count

I have a table containing two columns: Channel Name and Total views. I want to create another column using eval to ra...

by Path Finder in

Feature Request: Support GET and name-value pairs in automatic external looups

I've been struggling a bit with external lookups. It's potentially a fantastically useful feature, but I've been hamp...

by Communicator in

Error in 'where' command - how to track down?

I'm seeing the following error in splunkd.log: ERROR SearchOperator:filter - Error in 'where' command: The op...

by Champion in

Transaction problems with lots of events and multiple fields

Hello, i would like to construct a complete transaction of a mail session, starting from the customer smtp connection...

by Path Finder in

How to build time charts using Hunk?

I have read about the limitations on using Hunk (http://docs.splunk.com/Documentation/Hunk/6.2.3/Hunk/Searchavirtuali...

by Engager in

How do I sum columns in a multiline event

We have a script that gets the output of the command below and output it as a single event with multiline ps -wweo...

by Splunk Employee in

appending statistics to same table cell

I have a search that is a series of multikv fields for Linux. this is leveraging the sourcetype=interfaces in the def...

by Motivator in

How to properly use AND / OR in search?

I'm new to this community, any help will be greatly appreciated!!! How can i search groups of keywords but i would...

by Path Finder in

How to trigger an alert if any value in a table crosses a threshold and include details about the corresponding field in the email?

I want to create an alert based on a table like below: Field| Value A| 10 B| 25 C| 40 D| 30 E| 45 F| 15 The ale...

by Explorer in

Grouping top occurring events.

I have below fields on so i would like group top occurring events like sort by severity critical and display mess...

by New Member in

How to color code the results in a table column if the values are above a certain number?

If i have a search that gives me the result as follows, I want to flag a red color in the values of the delta column ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Comparing data sets from two types of host

Asterisk queue_log report on splunk

Retrieving latest timestamp from CSV file such that it is smaller than event time

How to distinct count and separate by type?

How do I consolidate the values returned from a database query into a single entry?

Can Splunk handle field values like "Value™"?

Can't search on splunk

Regex: syntax error in subpattern name (missing terminator)

Nesting functions in 'where' in 4.3

How to fix my props.conf configuration to extract headers from a log file with garbage data on top?

Regex sanity check - fixed record length field extraction

There is a way to extract a value from field and then use it as a new field ?

How to consolidate values from 2 fields in my data into a new field?

How to automatically calculate an eval expression?

Ranking Rows in a Table based on the count

Feature Request: Support GET and name-value pairs in automatic external looups

Error in 'where' command - how to track down?

Transaction problems with lots of events and multiple fields

How to build time charts using Hunk?

How do I sum columns in a multiline event

appending statistics to same table cell

How to properly use AND / OR in search?

How to trigger an alert if any value in a table crosses a threshold and include details about the corresponding field in the email?

Grouping top occurring events.

How to color code the results in a table column if the values are above a certain number?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions