Splunk Search

Discussions

Thread Info

Can't return subsearch results

Hello, splunk community. I tried to exec subsearch command for adding search condition of "main" search. Datas of ...

by Explorer in

How to edit my search to show values of 1 hour increments on the x-axis of the chart?

I have this search string shown below, it is perfect except that it does not show any values of the X-axis of the cha...

by Engager in

How to capture Y-axis value for drill down in column chart?

fieldname="$row.$" with and without quotes both are not working. Fields values were renamed .Tried with both the valu...

by Path Finder in

Can I transform data and extract fields at once?

Our Splunk server receives data via syslog. As a result, I need to transform the syslog data using transforms.conf an...

by Contributor in

How to write the regex for field extractions of key-value pairs in the format FIELD:VALUE from multiline events?

I have events that look like this. Example 1. Example 2. ....... I have indexed the data using a props.conf ...

by Contributor in

Why is rex failing to extract a field and getting error "Regex: unmatched parentheses"?

Hello, I would like to know if there is any restriction in the rex command because for all the rex field-extractio...

by Path Finder in

Ironport WSA "Top Google Search Terms" query

I am trying to come up with a search that would parse Google search queries made though my Ironport web proxy. I woul...

by Explorer in

What would be the regex to map the host to my incoming data?

I want to map the host to data coming in and need help with the regex to put in transforms.conf. The data is: m...

by Champion in

Multiple error stements with retry

Hello, Well we have a job that runs and produces log files that runs and if it fails, it retries up to 3x. How wo...

by Builder in

How to pick overall message

Hi Experts, I have syslog file and I want to generate a table from this log file .This file contains log like 201...

by Builder in

Huge query followed by stats on different fields

I have a query like: search /my/huge/query/with/lot/of/evals/and/joins | stats avg(field3) group by field1 search...

by Path Finder in

How to use eval for setting up different color bars?

Hi, I have created a dashboard panel which lists out top actions taken by a Palo Alto firewall. The Action field ...

by New Member in

Searching for related syslog messages for sendmail

I would like to write a search to give me all log lines relating to a particular bounced email message: Basically ...

by Explorer in

Why are non-calculated FieldNames missing when queried via C# SDK?

I'm trying to retrieve this log event using the Splunk C# SDK v2.1.1.0 <Event timestamp="2015-01-06T17:44:54.28467...

by Engager in

How to get Splunk to evaluate numbers without a leading digit before the decimal?

I have my apache servers' mod_status output (/server-status?auto) being pulled into Splunk with a scripted input. The...

by Path Finder in

How to nest an eval in an if statement

Currently I can use a write an if statement in the following form: ... | eval adjusted_start=start_sum + 1 | eval ...

by Communicator in

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

I want to be able to create a column on the statistic tab that has 1 if it is the start of the transaction or a 0 if ...

by Communicator in

How to remove the row if the column is same?

Such as when I using the following search: sourcetype="xyz" status=* |stats dc(ID) by ID status |sort by ID I will ge...

by New Member in

Unable to view the field created using rex

string used in the search rex "(?i) Message= (?P[^.]+)" Event log form where im trying to extract "Message=The Win...

by New Member in

Splunk Health Report

How we can monitor and genrate daily or weekly Splunk Health Reports? Can Splunk daemon status be monitored?

by Path Finder in

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

index="xyz_order_line"|join ORDER_NUMBER_KEY[|inputlookup sample_lookup1.csv|where serial_no>0 AND serial_no<50001]| ...

by Explorer in

How to use time-base-lookup?

Hi,Splunk community. I have a question about time-base-lookup. I set following attribute to transforms.conf ...

by Communicator in

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

Hi, I have around 50-60 searches/reports that are required to run each month after a lookup is manually updated an...

by Contributor in

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

I know that Splunk can show me results for the last 24 hours. I also know that Splunk can show me results in real tim...

by Contributor in

How do I exclude multiple specific fields from search results?

I have a saved search that I alert on and there is certain events I don't want the alert to trigger for when it's com...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can't return subsearch results

How to edit my search to show values of 1 hour increments on the x-axis of the chart?

How to capture Y-axis value for drill down in column chart?

Can I transform data and extract fields at once?

How to write the regex for field extractions of key-value pairs in the format FIELD:VALUE from multiline events?

Why is rex failing to extract a field and getting error "Regex: unmatched parentheses"?

Ironport WSA "Top Google Search Terms" query

What would be the regex to map the host to my incoming data?

Multiple error stements with retry

How to pick overall message

Huge query followed by stats on different fields

How to use eval for setting up different color bars?

Searching for related syslog messages for sendmail

Why are non-calculated FieldNames missing when queried via C# SDK?

How to get Splunk to evaluate numbers without a leading digit before the decimal?

How to nest an eval in an if statement

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

How to remove the row if the column is same?

Unable to view the field created using rex

Splunk Health Report

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

How to use time-base-lookup?

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

How do I exclude multiple specific fields from search results?

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6