Splunk Search

Discussions

Thread Info

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Hi everyone, I want to extract a record of values: I tried with this regex, but it is only extracting the first...

by Motivator in

Search inside Eval if statement possible ?

Is it possible to put search inside an eval if statement ? I am making a search that if the count of the field is gre...

by Communicator in

How to right regular expression for finding field value app=Center realm. ?

Hi when i searched with the below query index=casm_prod sourcetype=smtrace ........REGULAR EXP.......................

by Explorer in

Getting Average Number of Requests Per Hour

I've read most (if not all) of the questions/answers related to getting an average count of hits per hour. I've exper...

by Path Finder in

How do I filter on the text value of data in a specific column?

Hi there, I am (very) new to this, so sorry for the lack of insight. I have loaded a data set with multiple ev...

by Path Finder in

How to check the size of a file on Unix that gets created daily (but not indexed) using a Splunk search?

I have a file which gets created daily. My requirement is to get the size of the file using a splunk search. The file...

by New Member in

EMR issues, MapReduce job killed

I'm running into an issue with Hunk searches that spawn a MapReduce job in my EMR cluster. The MR job seems to be kil...

by Splunk Employee in

How to change the format of the table output?

I have this search: [search] | stats count by Status Errors | eventstats sum(count) as StatusCount by Status| even...

by Path Finder in

How to calculate the ratio of fieldA, and if the ratio is greater than 5%, list the top 3 fieldBs associated with fieldA?

I have following event: <...>Status1, StateA<....> <...>Status2,<...> <...>Status3<...> <...>Status1, StateB<...> ...

by Path Finder in

Field extraction invisible to other users despite global permission

With splunk 4.1.6 : a user has defined a custom field extraction in the "search" app. As as admin, I have changed the...

by Engager in

Using DELIMS to extract FIX data

I have the following types of events in FIX format. This is what they look like in vi or emacs: M|219620|0|i|I|201...

by Splunk Employee in

How to move values on alternating rows onto the same row in my search results?

Hi, I'm using postgres regex to pull two sets of values into my search. I've got all the data I want, but it seems...

by Path Finder in

How do I search for events where a specific field value in a multivalue field is NOT the first value per event?

Hi I extracted a multivalue field called error_number which contains all errors in each event. I would like to make ...

by Builder in

Get a count all events by event type that happened 24hrs before a different ending event

I am trying to get counts of all certain events that happened before a user purchased on our site and so far, I am wo...

by Path Finder in

how do I re-run a search that I typed in previously?

hi, how do I re-run a search that I typed in previously? Thanks,

by Path Finder in

Is it possible to have a dashboard that is populated with scheduled searches to also have the ability to specify a time range and run manual searches?

Hi: This is an odd question, but it pops up every so often. Is it possible to have a dashboard that is populated with...

by Explorer in

How to filter my search results to only return events with a field value greater than 35 and a duration of at least 10 minutes?

I have a csv file indexed containing the fields "Timestamp" and "Event1" Sample data is as follows Timestamp Ev...

by Engager in

how to position a column as the left most column in the statistics view

I have the following search And I add this column row to show the row numbers but it positions in as the right most c...

by Motivator in

How to edit my inputlookup search to find the count of unique values of FieldA per FieldB?

I have the following search | inputlookup msckpr_test_trunkgroups95_lookup_define | stats values(TG_NAME) as TG_N...

by Motivator in

Does Hunk support SPL?

This could be a premature question and a bit hypothetical too. I have a visual analytics based webapp based on Sp...

by Path Finder in

chart percentage over over item by user

Let say I have a chart that reports the count of what user has purchased what item. I can create a nice table using c...

by Path Finder in

How reliable is the metadata command and how can I learn more about how it works?

Hello I've been using metadata command for many reports and alarms for new host added, eps and reporting status an...

by Path Finder in

What in this search causes it to take so long?

Is there any suggestions on how to improve search time on this particular search? This search literally takes 12-15 h...

by Contributor in

Mobile Access Server: Why can't I just access the Search & Reporting app within the Splunk Mobile App?

I have the Mobile Access Server up and running. I am able to log in and view dashboards and reports. I have a basic q...

by Builder in

How to configure line breaking for mixed single line and multiline logs?

Given the following log format, is it possible to store the consecutive GROUPED/GROUPED_DET lines into one event whil...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using rex to extract multivalue fields from events, why is it only extracting the first record of values?

Search inside Eval if statement possible ?

How to right regular expression for finding field value app=Center realm. ?

Getting Average Number of Requests Per Hour

How do I filter on the text value of data in a specific column?

How to check the size of a file on Unix that gets created daily (but not indexed) using a Splunk search?

EMR issues, MapReduce job killed

How to change the format of the table output?

How to calculate the ratio of fieldA, and if the ratio is greater than 5%, list the top 3 fieldBs associated with fieldA?

Field extraction invisible to other users despite global permission

Using DELIMS to extract FIX data

How to move values on alternating rows onto the same row in my search results?

How do I search for events where a specific field value in a multivalue field is NOT the first value per event?

Get a count all events by event type that happened 24hrs before a different ending event

how do I re-run a search that I typed in previously?

Is it possible to have a dashboard that is populated with scheduled searches to also have the ability to specify a time range and run manual searches?

How to filter my search results to only return events with a field value greater than 35 and a duration of at least 10 minutes?

how to position a column as the left most column in the statistics view

How to edit my inputlookup search to find the count of unique values of FieldA per FieldB?

Does Hunk support SPL?

chart percentage over over item by user

How reliable is the metadata command and how can I learn more about how it works?

What in this search causes it to take so long?

Mobile Access Server: Why can't I just access the Search & Reporting app within the Splunk Mobile App?

How to configure line breaking for mixed single line and multiline logs?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions