Splunk Search

Ask a Question

Discussions

Thread Info

What would be the regex to break events by the @ symbol in my data?

Right now, Splunk indexes events that looks like this: Msg1=... time=... val=... id=... @ Msg2=... time=... val=.....

by Path Finder in

How to extract fields from my sample data and include these results in an email alert?

Hello, I'm evaluating splunk to capture data for raising data alerts, raising technical alerts etc. Most of data g...

by Explorer in

Subselect latest value from lookup, releative to event

I am trying to correlate a event with a kvstore lookup, but I don't have a common key besides the username. So I want...

by Communicator in

subsearch

I have a web_log with _time, src_ip, dst_ip, dst_hostname, url, url_path, file_extension. I tried to run a search on ...

by Explorer in

How To Use The Result Of Query ( Single Panel ) In A Radio Button Text?

Hello guys! I needed to use a single panel to show three status, green, yellow and red. But the problem is, a row ...

by Contributor in

How to calculate the downtime duration that a Jboss instance does not process any requests?

Hi Guys. We have a Jboss instance from which we index AccessLogs from, and we expect a fair amount of processes r...

by Path Finder in

Join fields from two indexes using fields that match partially

Hello, I have two indexes one containing a list of webpages that has been accessed (Index A) and another containin...

by Super Champion in

What would be the syntax to search for registry key creation?

by Engager in

How do I get all values from one index, but only the latest of one field from another index ?

I hope this is an easy question, but I can't figure out how to get this to work. I am still in a learning process. ...

by Communicator in

Lookup based on range of value

Hi I am looking for a sample external lookup script or custom command that takes one field value from evens and c...

by Motivator in

How to exclude a particular value from results when using the field extractor utility?

The field extractor wizard came up with the following: (?=[^f]*(?:firewall:|f.*firewall:))^(?:[^"\n]*"){2}\s+(?P[^...

by New Member in

How to reuse the count from a previous search to calculate a percentage in a second search or combine the two searches?

Hi, I want to create a dashboard using these 2 searches: 1) the first one index='text' | count, will give a resul...

by Communicator in

How to extract 4 different strings with rex, count the number of different strings, and create a timechart of the weekly count?

I currently have a 4 different phrases which are between the fixed words "a:OrderMessage and a/:OrderMessage" . I hav...

by SplunkTrust in

A new search field no longer shows in Interesting Fields to be selected

I would appreciate any comments: 1) Added "Total" as one of my Selected Fields from the following search (this wor...

by Path Finder in

How to edit my search to perform eval math on fields extracted from XML data?

I have a set of XML logs that were all consumed by Splunk at the same time. I believe I have the timestamps from the ...

by Engager in

Is it possible to get a count of IPs from one lookup table that match each subnet in CIDR format in another lookup?

I want to perform a CIDR match on a list of IPs and a list of subnets. In a lookup table I have a list of subnets ...

by Path Finder in

How to write a search to check the amount of data indexed by my app each day for a certain time range?

Hi, I want to a graph to check the amount of data indexed by my app on each day for a certain time period. I have...

by Communicator in

how to: count(Values) where status=0

So I have the columns "Values" and "Status" and I only want to count Values where the status is zero. How can I do th...

by Explorer in

equivalence of sql join of two different group bys

i have data of the form: day, hour, seller, buyer i want to find all instances where a seller appears only on a si...

by Explorer in

Predict stops working when eval used

Hi, Looking to start using Splunk to do trending and forecasting (predict). index=os sourcetype=cpu host=ukd...

by Explorer in

How to add _time as an attribute in a base search object?

So I'd like to add the _time attribute to a base search object. As I understand it, I can't use the linear pivot diag...

by Explorer in

How to expand multivalue fields?

Hi, is it possible to split-up/expand an event like this? field1=xyz field2=xyz action: [ [-] { [-] action_seri...

by Motivator in

How to search the count of a field with multiple values by day?

Hi, I'm new to Splunk, so please bear with me. I'm trying to get a count of a field with multiple values by day. A...

by Explorer in

on day-2 of every year which will generate a CSV having the number of days in each month excluding weekends.

Hello Splunk, I am Trying to write an eval statement that would allow a development team push data to a csv that c...

by Communicator in

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Hi everyone, I want to extract a record of values: I tried with this regex, but it is only extracting the first...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What would be the regex to break events by the @ symbol in my data?

How to extract fields from my sample data and include these results in an email alert?

Subselect latest value from lookup, releative to event

subsearch

How To Use The Result Of Query ( Single Panel ) In A Radio Button Text?

How to calculate the downtime duration that a Jboss instance does not process any requests?

Join fields from two indexes using fields that match partially

What would be the syntax to search for registry key creation?

How do I get all values from one index, but only the latest of one field from another index ?

Lookup based on range of value

How to exclude a particular value from results when using the field extractor utility?

How to reuse the count from a previous search to calculate a percentage in a second search or combine the two searches?

How to extract 4 different strings with rex, count the number of different strings, and create a timechart of the weekly count?

A new search field no longer shows in Interesting Fields to be selected

How to edit my search to perform eval math on fields extracted from XML data?

Is it possible to get a count of IPs from one lookup table that match each subnet in CIDR format in another lookup?

How to write a search to check the amount of data indexed by my app each day for a certain time range?

how to: count(Values) where status=0

equivalence of sql join of two different group bys

Predict stops working when eval used

How to add _time as an attribute in a base search object?

How to expand multivalue fields?

How to search the count of a field with multiple values by day?

on day-2 of every year which will generate a CSV having the number of days in each month excluding weekends.

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions