Splunk Search

Discussions

Thread Info

How to extract these individual fields for iostat data?

I am having a difficult time extracting fields for data returned by iostat. Has anyone been able to extract these ind...

by Builder in

How to display the Interesting Fields in a custom search view using the Splunk web framework?

I'm using the web framework to create my own custom search view. However, from http://docs.splunk.com/DocumentationSt...

by New Member in

How to parse CEF files with key value pairs that contain white space?

Hello all! I am a Splunk "newb" when it comes to parsing out files for ingestion. Here is my situation. I have a ...

by Builder in

How can I use values in a table for a gauge?

Hi all, I have a search that returns a table with only one line and four int values. What I'd like to do, is to c...

by Path Finder in

R Project: How do I use commands involving paths with R language in Splunk?

I want to use R to train a machine learning model, export it using saveRDS(), and then importing it again within Splu...

by Path Finder in

How to incorporate a pattern into a search?

If I can see a pattern forming that will help me track users in my environment, how can I set up a search to serve th...

by New Member in

How to search the total distinct count on two different fields?

Hi, This is kind of a silly question, but currently my application is logging the session id as two separate field...

by Explorer in

I need to find an IP Address or user agent for a client that visits 5 uri stems, how can I incorporate this into a query

An group of IP Addresses, continue to hit a set of 5 uri stems. If they change their IP Address, I would still like t...

by New Member in

What can I use instead of the join command for my search?

Hi, I would like to use something different instead of join index=test STATUS=Closed | stats dc(ID) as TOTAL b...

by Path Finder in

Why isn't my index available for search in a distributed search environment?

Hi to everyone I have a "Distributed Environment", with two indexers, and two search heads. In the Master Node Ind...

by Communicator in

Transforms.conf and props.conf field extractions

Hey fellow Splunker's. I am trying to figure out what i am doing wrong in the transforms.conf to create the proper fi...

by Contributor in

Week number and Month/Day of the begining of that week

I report on a count of events by week number, it displays like this: Week Number Count ----------- ...

by Motivator in

Why is my time search not showing expected results with a relative time picker input?

Hello everyone, Need your help. I have this dashboard to display some counter information for each host over a cer...

by Path Finder in

When I get a certain string in one search result, how do I append a field from another event that can be found through correlation of 2 other fields?

Hi, Best way for me to explain is by example. example search: host=*guac* sourcetype="syslog" | rex field=_r...

by Path Finder in

How can I add icons that replace the cell.value on my table without using rangemap?

Hi, I want to add icons that replace the cell.value on my table without using range map. How can I do that? ...

by Contributor in

How do I write the regex to extract fields from another existing field?

Hi, I need to extract a field from another field, no metadata fields. The existing field (let's call it existin...

by Contributor in

Use variable on bucketing option

Is there any way to use a variable on the bucketing start option? It only works if you use an explicit numeric value....

by Communicator in

How can I extract fields based on headers from a CSV file in .gz format?

I tried providing a csv file location in inputs.conf, [monitor:///path/to/*.csv.gz] source = testcsv sourcetype =...

by Explorer in

How to take index names from a CSV file and run a stats count on the listed index names?

I need to find various information (counts, last and first event received time, etc) on indexes listed in a CSV file....

by Communicator in

how to transpose ?

field1,field2,field3 1, a, b 1, b, c 1, c, d 2, r, s 2, s, k 2, k, l 2, l, m field 1 is the key based on above...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract these individual fields for iostat data?

How to display the Interesting Fields in a custom search view using the Splunk web framework?

How to parse CEF files with key value pairs that contain white space?

How can I use values in a table for a gauge?

R Project: How do I use commands involving paths with R language in Splunk?

How to incorporate a pattern into a search?

How to search the total distinct count on two different fields?

I need to find an IP Address or user agent for a client that visits 5 uri stems, how can I incorporate this into a query

What can I use instead of the join command for my search?

Why isn't my index available for search in a distributed search environment?

Transforms.conf and props.conf field extractions

Week number and Month/Day of the begining of that week

Why is my time search not showing expected results with a relative time picker input?

When I get a certain string in one search result, how do I append a field from another event that can be found through correlation of 2 other fields?

How can I add icons that replace the cell.value on my table without using rangemap?

How do I write the regex to extract fields from another existing field?

Use variable on bucketing option

How can I extract fields based on headers from a CSV file in .gz format?

How to take index names from a CSV file and run a stats count on the listed index names?

how to transpose ?

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Why is special characters changed to HTML Name

Field Extraction using PROPS Configuration File fo...

How to configure splunk HF to route the events whi...

Why are events duplicating when running | collect ...

Help with SNMP Modular Input- Why am I not seeing ...