Splunk Search

Ask a Question

Discussions

Thread Info

How to show null or empty feilds produced by a lookup table

Hi folks, I'm doing a lookup table (on some data that would take too much time to explain without more confusion),...

by Communicator in

Going from one table to another

Hello I have 2 tables. Table 1 has two columns 'STATUS ' and 'COUNT' STATUS ----- COUNT Passed ----- 10 Failed -...

by Path Finder in

What's the correct search syntax for my earliest and latest date range?

For example, I need to search for all rehire dates between 12-01-2014 through 12-31-2014 "rehire date"=earliest="1...

by Path Finder in

splunk v6.1.2 + overlay + just want 2 bars with one overlayed on the other

I have the below graph I get this graph with a query similar to: ...| stats max(c117) as whatever max(limit2) ...

by Motivator in

How to filter out multiple fields in the same transform with regex?

I’m in a pickle (splunk license) again this morning and I’m trying to address it via a transform. bit bucket for w...

by Path Finder in

Help me Split this SNMP Table result into a nice table view!

So here is a sample event: Sun Mar 15 12:59:52 UTC 2015 dpStatusEthernetInterfaceStatusName.eth0 = eth0 dpStatusEt...

by Path Finder in

How to use a wildcard with the where command for a drop-down search input?

Hi Everyone, I am running a search: | inputlookup MyLookup | where Foo="$FooValueFromDropdown$" | stats values...

by Explorer in

Need help to run report

I am trying to run a report where from my iis logs I want to pull request urls that have the keywords union and selec...

by New Member in

Eval a string as an expression

I have a table that I want to extract an expression from. The expression is quoted string with some fields in it. is ...

by Builder in

Query for monthly usage of index

I am very new to Splunk I am trying to figure out how to do a query of monthly usage of index of Splunk. I have t...

by Engager in

Extracting field with a guid as an end anchor

For some reason I have not been able to get a field extraction to work where the end anchor will be a GUID. Basically...

by Builder in

Find Maximum Time Period Between Occurences of a Specified Condition

Hello, I'd like to find a way to return the longest stretch of time where a condition did not occur. Specifically...

by Path Finder in

How to add a 3rd column to my table to display "match" next to a value in column 2 that matches any value in column 1?

My current search looks like this: index=myfood | table Sunday, Monday Which results in: Sunday Monda...

by Explorer in

Why does a comma in Regex break the serverclass in the Splunk GUI?

When editing server classes in the Splunk GUI, it cannot handle a comma in a regex. EG: \w{3}\d{1,3}\w Ends up...

by Communicator in

How to add fields from subsearch ? Used Join but didnt work ...

I have a subsearch which returns a table with 2 columns 'input' and 'Time'. Table from subsearch looks like this. in...

by Path Finder in

Displaying several fields, some with aggregate data

Hi all - new here but the answers I've seen so far on stats (ie http://answers.splunk.com/answers/106497/add-a-new-co...

by Explorer in

How to write a search to get a daily count of each fieldB by fieldA for 30 days?

The events, each contain fieldA and fieldB (as well as other stuff). Currently, the search below works for 1 day, but...

by Explorer in

Using rex to extract a field from transactioned event

Hi, I'm trying to extract 2 fields from a transacted search, one for the max and one for the usage. looks like; ...

by Builder in

How to edit my current search to find the average?

Hello guys! Sup? Can anyone help me to get the average of all current search events and not only the first ones. I ha...

by Contributor in

Is the time format in my sample data correct and how do I filter my search to see events within a certain time range?

We have logs that are like below: 11 Mar 2015 17:22:49,539 INFO [pool-11-thread-4] timestamp=1426119768843 : abc=...

by New Member in

How to keep the same value of a field in each row until the value of the field changes?

Hi all, I'd like to keep value on a field until the value of this field changes. Please see the following example:...

by Path Finder in

Simple syntax to filter data by _raw value

Hi all - I'm new here (literally an hour old) so go easy. I've read through parts of the docs and am currently usi...

by Explorer in

How to extract the count from below tabular form of logs

-------------------------------------------------------------- | R u n C o n t r o l D i s p l a y ...

by Explorer in

How to configure Splunk to index PSV files and extract field names from the header/first row?

We are trying to index a psv file into Splunk with sourcetype as "psv", but its not extracting fields from the PSV's ...

by Builder in

Regex optional groups

Hi guys, i'm trying to get this (simplified) regex running (for several days now): ^(?P<message>.+)(?:\s*SIP/2.0\s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show null or empty feilds produced by a lookup table

Going from one table to another

What's the correct search syntax for my earliest and latest date range?

splunk v6.1.2 + overlay + just want 2 bars with one overlayed on the other

How to filter out multiple fields in the same transform with regex?

Help me Split this SNMP Table result into a nice table view!

How to use a wildcard with the where command for a drop-down search input?

Need help to run report

Eval a string as an expression

Query for monthly usage of index

Extracting field with a guid as an end anchor

Find Maximum Time Period Between Occurences of a Specified Condition

How to add a 3rd column to my table to display "match" next to a value in column 2 that matches any value in column 1?

Why does a comma in Regex break the serverclass in the Splunk GUI?

How to add fields from subsearch ? Used Join but didnt work ...

Displaying several fields, some with aggregate data

How to write a search to get a daily count of each fieldB by fieldA for 30 days?

Using rex to extract a field from transactioned event

How to edit my current search to find the average?

Is the time format in my sample data correct and how do I filter my search to see events within a certain time range?

How to keep the same value of a field in each row until the value of the field changes?

Simple syntax to filter data by _raw value

How to extract the count from below tabular form of logs

How to configure Splunk to index PSV files and extract field names from the header/first row?

Regex optional groups

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions