Splunk Search

Ask a Question

Discussions

Thread Info

Lookup based on range of value

Hi I am looking for a sample external lookup script or custom command that takes one field value from evens and c...

by Motivator in

How to exclude a particular value from results when using the field extractor utility?

The field extractor wizard came up with the following: (?=[^f]*(?:firewall:|f.*firewall:))^(?:[^"\n]*"){2}\s+(?P[^...

by New Member in

How to reuse the count from a previous search to calculate a percentage in a second search or combine the two searches?

Hi, I want to create a dashboard using these 2 searches: 1) the first one index='text' | count, will give a resul...

by Communicator in

How to extract 4 different strings with rex, count the number of different strings, and create a timechart of the weekly count?

I currently have a 4 different phrases which are between the fixed words "a:OrderMessage and a/:OrderMessage" . I hav...

by SplunkTrust in

A new search field no longer shows in Interesting Fields to be selected

I would appreciate any comments: 1) Added "Total" as one of my Selected Fields from the following search (this wor...

by Path Finder in

How to edit my search to perform eval math on fields extracted from XML data?

I have a set of XML logs that were all consumed by Splunk at the same time. I believe I have the timestamps from the ...

by Engager in

Is it possible to get a count of IPs from one lookup table that match each subnet in CIDR format in another lookup?

I want to perform a CIDR match on a list of IPs and a list of subnets. In a lookup table I have a list of subnets ...

by Path Finder in

How to write a search to check the amount of data indexed by my app each day for a certain time range?

Hi, I want to a graph to check the amount of data indexed by my app on each day for a certain time period. I have...

by Communicator in

how to: count(Values) where status=0

So I have the columns "Values" and "Status" and I only want to count Values where the status is zero. How can I do th...

by Explorer in

equivalence of sql join of two different group bys

i have data of the form: day, hour, seller, buyer i want to find all instances where a seller appears only on a si...

by Explorer in

Predict stops working when eval used

Hi, Looking to start using Splunk to do trending and forecasting (predict). index=os sourcetype=cpu host=ukd...

by Explorer in

How to add _time as an attribute in a base search object?

So I'd like to add the _time attribute to a base search object. As I understand it, I can't use the linear pivot diag...

by Explorer in

How to expand multivalue fields?

Hi, is it possible to split-up/expand an event like this? field1=xyz field2=xyz action: [ [-] { [-] action_seri...

by Motivator in

How to search the count of a field with multiple values by day?

Hi, I'm new to Splunk, so please bear with me. I'm trying to get a count of a field with multiple values by day. A...

by Explorer in

on day-2 of every year which will generate a CSV having the number of days in each month excluding weekends.

Hello Splunk, I am Trying to write an eval statement that would allow a development team push data to a csv that c...

by Communicator in

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Hi everyone, I want to extract a record of values: I tried with this regex, but it is only extracting the first...

by Motivator in

Search inside Eval if statement possible ?

Is it possible to put search inside an eval if statement ? I am making a search that if the count of the field is gre...

by Communicator in

How to right regular expression for finding field value app=Center realm. ?

Hi when i searched with the below query index=casm_prod sourcetype=smtrace ........REGULAR EXP.......................

by Explorer in

Getting Average Number of Requests Per Hour

I've read most (if not all) of the questions/answers related to getting an average count of hits per hour. I've exper...

by Path Finder in

How do I filter on the text value of data in a specific column?

Hi there, I am (very) new to this, so sorry for the lack of insight. I have loaded a data set with multiple ev...

by Path Finder in

How to check the size of a file on Unix that gets created daily (but not indexed) using a Splunk search?

I have a file which gets created daily. My requirement is to get the size of the file using a splunk search. The file...

by New Member in

EMR issues, MapReduce job killed

I'm running into an issue with Hunk searches that spawn a MapReduce job in my EMR cluster. The MR job seems to be kil...

by Splunk Employee in

How to change the format of the table output?

I have this search: [search] | stats count by Status Errors | eventstats sum(count) as StatusCount by Status| even...

by Path Finder in

How to calculate the ratio of fieldA, and if the ratio is greater than 5%, list the top 3 fieldBs associated with fieldA?

I have following event: <...>Status1, StateA<....> <...>Status2,<...> <...>Status3<...> <...>Status1, StateB<...> ...

by Path Finder in

Field extraction invisible to other users despite global permission

With splunk 4.1.6 : a user has defined a custom field extraction in the "search" app. As as admin, I have changed the...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Lookup based on range of value

How to exclude a particular value from results when using the field extractor utility?

How to reuse the count from a previous search to calculate a percentage in a second search or combine the two searches?

How to extract 4 different strings with rex, count the number of different strings, and create a timechart of the weekly count?

A new search field no longer shows in Interesting Fields to be selected

How to edit my search to perform eval math on fields extracted from XML data?

Is it possible to get a count of IPs from one lookup table that match each subnet in CIDR format in another lookup?

How to write a search to check the amount of data indexed by my app each day for a certain time range?

how to: count(Values) where status=0

equivalence of sql join of two different group bys

Predict stops working when eval used

How to add _time as an attribute in a base search object?

How to expand multivalue fields?

How to search the count of a field with multiple values by day?

on day-2 of every year which will generate a CSV having the number of days in each month excluding weekends.

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Search inside Eval if statement possible ?

How to right regular expression for finding field value app=Center realm. ?

Getting Average Number of Requests Per Hour

How do I filter on the text value of data in a specific column?

How to check the size of a file on Unix that gets created daily (but not indexed) using a Splunk search?

EMR issues, MapReduce job killed

How to change the format of the table output?

How to calculate the ratio of fieldA, and if the ratio is greater than 5%, list the top 3 fieldBs associated with fieldA?

Field extraction invisible to other users despite global permission

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!