Splunk Search

Discussions

Thread Info

How do I create my own field based on events returned from a search?

I have Event Output below RPT: /DailyTestReport I want to create a field as RPT and Field value as "/DailyOper...

by New Member in

How do I configure a custom file delimiter

I only see 4 delimiter type available in plunk ( commas, tabs, pipes, and spaces) I have a file that has asterisks (*...

by New Member in

If year, month, day, hour, minute, and second are all different comma separated fields in my data, how do I assign the timestamp for a new sourcetype?

Hi, I am trying to create a new sourcetype in order to get the timestamp right. Year, month, day, hour, minute, s...

by Path Finder in

How to edit my transforms.conf to drop XML event data?

So I looked on the answer for this question and could not find it. (Look at code and sample below.) So the input is f...

by Explorer in

Search count of user logins using lookup table

I have a .csv file that has a list of users I'd like to search against to see how many times they've logged in. The ....

by Influencer in

Report on users who have run queries

Hi, Is there a report that will show me individuals that have run either a scheduled or interactive search? I see ...

by Champion in

How to retrieve current user in splunk?

I want to retrieve a current user in splunk web by run a query. thanks!

by Builder in

How to generate dynamic columns in a table that display the difference in data based on date?

Hi, I am new to splunk so bear with me please. I am trying to display data by each day in a chart and then righ...

by New Member in

Why am I receiving 'maxsearches limit reached' in SPLUNK after adding some alerts?

Yesterday morning SPLUNK was working fine. I added some alerts to it and suddenly it all started going wrong. At one ...

by Path Finder in

How to chart by count, but only if the count is over a given number?

I'm trying to get a graph based on this: timechart span=1h count by src_ip However, I only want to display res...

by New Member in

How to compare a list of unique MAC addresses from one search to filter matching MAC addresses in another search?

Hello everyone, I am currently trying to get a list of mac addresses that can't authenticate within the cisco ise....

by Engager in

Can I delete the first 10 columns from a search?

if I have 20 columns on display in the stats tab view after my search, can I just remove the first 10? Instead of hav...

by Motivator in

Why does Old sourcetype is shown even when it is removed from conf files

I have indexed data for Linux logs. I have created different sourcetypes for it in props.conf. Now I removed the conf...

by Path Finder in

can the 'avg' function take into account blank data points?

Is there a way that splunk can take into account receiving no value as a zero value, and then have the ‘average’ func...

by Motivator in

Latest value to be at midnight yesterday

Hello Splunk, How to precise a value for latest to be equal to midnight yesterday. Example: Today is 9-12-2013 and...

by Builder in

Splunk Search Head Cluster scheduler errors

Intermittently we're seeing messages similar to the below appear. This is a new search head cluster running 6.2.1 poi...

by Path Finder in

Query changes dynamically with selected index names?

I am trying to fetch the project names from different logs which has different field name and it is depend on index n...

by Explorer in

How to edit my search to find the volume used in "auto generated pool enterprise" in MB?

Hi Team, currently volume used is 24.458MB Pools Indexers Volume used today auto_generated_pool_enterprise * 24,4...

by Explorer in

Is there any Splunk search command to get the Field Value using just a string token?

Hi, Is there any splunk search command which can be used to get the Field Value using just a string token? Somethi...

by Builder in

How to create an accumulated time difference column that, upon reaching a certain value, resets to the current row's time difference?

Hi, I'm looking for a way to add an accumulated time difference column - but one that will "zero" every time it re...

by New Member in

Connect Microsoft SQL server from Splunk RADAR with DB connect V1

I am new to Splunk and I would like to learn splunk. I have logged into splunk sandbox cloud and I try to configur...

by New Member in

Can anyone regex the time out in my search?

In the search below, can anyone regex the time out instead of bucket span? I need to figure out a way to filter ti...

by Explorer in

Take value from one field and return the value in a second field with the same name as that value

Sorry for the title. Here's what I'm trying to do: I have three fields: monthSearch1, monthSearch2, and monthSearc...

by Communicator in

Dedup with multiple criteria

Hi, I want to use the dedup command with more than one criteria. First I used | dedup A and had 100 events afte...

by Motivator in

How do I use MV_ADD to split raw strings with pipe separated values into multivalue fields?

I have data like this: one_field="value_a|value_b|value_c", other_field="value_x|value_y" How can I instruct M...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I create my own field based on events returned from a search?

How do I configure a custom file delimiter

If year, month, day, hour, minute, and second are all different comma separated fields in my data, how do I assign the timestamp for a new sourcetype?

How to edit my transforms.conf to drop XML event data?

Search count of user logins using lookup table

Report on users who have run queries

How to retrieve current user in splunk?

How to generate dynamic columns in a table that display the difference in data based on date?

Why am I receiving 'maxsearches limit reached' in SPLUNK after adding some alerts?

How to chart by count, but only if the count is over a given number?

How to compare a list of unique MAC addresses from one search to filter matching MAC addresses in another search?

Can I delete the first 10 columns from a search?

Why does Old sourcetype is shown even when it is removed from conf files

can the 'avg' function take into account blank data points?

Latest value to be at midnight yesterday

Splunk Search Head Cluster scheduler errors

Query changes dynamically with selected index names?

How to edit my search to find the volume used in "auto generated pool enterprise" in MB?

Is there any Splunk search command to get the Field Value using just a string token?

How to create an accumulated time difference column that, upon reaching a certain value, resets to the current row's time difference?

Connect Microsoft SQL server from Splunk RADAR with DB connect V1

Can anyone regex the time out in my search?

Take value from one field and return the value in a second field with the same name as that value

Dedup with multiple criteria

How do I use MV_ADD to split raw strings with pipe separated values into multivalue fields?

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions