Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
RashmiGowda

How to create the regex to match the pattern in my data for proper event breaking?

Hello All, Can any one please help me out to create the regular expression / regex for the below pattern - -- TIME...
by RashmiGowda Explorer in Splunk Search 03-18-2015
0 5
0
5
harshal_chakran

How to plot a stacked column chart with TIME taken from data in a CSV file as the y-axis ?

Hi, I have a csv file as shown below. DATETIME ACTIVITIES TIME 1Jan Activity1 0:02:00 1Jan Activity2 2...
by harshal_chakran Builder in Splunk Search 03-18-2015
0 1
0
1
priyansplunk

Get values from the search result

Suppose my search for the queue name details provide the below results, <qName><![CDATA[ESB.Sample.1.Action]]></...
by priyansplunk Engager in Splunk Search 03-18-2015
0 4
0
4
marellasunil

Bar color based on value

I have a table with values & host names. I wanted to take avg of all values by host and to create a bar chart, If the...
by marellasunil Communicator in Splunk Search 03-18-2015
0 2
0
2
ashish9433

Why are D3 Bubble Charts not displaying when I change the selection on a drop-down from the default value?

I want to display D3 Bubble charts on selection of a value from the drop-down. The chart for the default value is dis...
by ashish9433 Communicator in Splunk Search 03-18-2015
0 1
0
1
Splunkster45

How to create a timeseries that is derived by dividing similar columns from two other timeseries

Once search query allows me to get the total percentage of failed calls in a 24 hour window index= ... | stats coun...
by Splunkster45 Communicator in Splunk Search 03-18-2015
0 1
0
1
milande

How to write a search to return "PASS" if all search results for a field are PASS or PARTIAL_PASS, but return "FAIL" if at least one result is FAIL?

Hi, I have data in Splunk DB which could be presented with this simplified table (real table has about 100 lines): ...
by milande Path Finder in Splunk Search 03-18-2015
3 3
3
3
sachinsingh2005

Error in 'bin' command: The value for option span (-1s) is invalid.

I get the following error when I am taking the time and span value dynamically using tokens. Error in 'bin' command:...
by sachinsingh2005 Explorer in Splunk Search 03-18-2015
0 4
0
4
vbumgarner

How to create a multivalue FieldC with the common values found in multivalue fields FieldA and FieldB?

I have two fields that are multivalue, and I need to know what they have in common. For instance, given: a=[1,2,...
by vbumgarner Contributor in Splunk Search 03-18-2015
0 1
0
1
schose

How to group my sample events together for a timechart?

Hi all, I'm searching for a way to treat different events as one. Example: If I'm getting events like this where ev...
by schose Builder in Splunk Search 03-18-2015
0 5
0
5
shantu

How to aggregate several similar fields into one and tabulate top values

I have created several search-time field extractions to filter out Credit Card numbers from our logs: \s+(?<CCVisaNu...
by shantu Explorer in Splunk Search 03-17-2015
1 2
1
2
brod_geico

Lookup tables inputs apps

Hello folks, I'm not a developer but trying to see how I can finish this task. Here is my requirement: Every week...
by brod_geico Path Finder in Splunk Search 03-17-2015
0 2
0
2
HattrickNZ

splunk 6.1.2 + extracting values from a field + everything after the last semicolon

I have a field with values like this "NENAME1/Some text:romc" I would like to somethink like this eval field=, but t...
by HattrickNZ Motivator in Splunk Search 03-17-2015
0 8
0
8
vtsguerrero

How to write the regex to extract the date fields and another key-value pair from my sample data?

Hello guys, sup? We've got this piece of log which is a MySql log and we should not change the layout, but need to e...
by vtsguerrero Contributor in Splunk Search 03-17-2015
0 7
0
7
jstaley

How to fix my regex configuration to filter out events properly before indexing?

Hello Everyone, After doing quite a bit of research I believe I have the correct process for filtering out informati...
by jstaley Explorer in Splunk Search 03-17-2015
0 6
0
6
70250939

statsコマンドで計算した結果の上位何件だけを表示させる方法について

indexに"count"というフィールドがあり、"user"ごとに"count"を合計を出し、数が多い順に表示させています。 |stats sum(count) by user |sort - sum(count) 数が少ないひ...
by 70250939 Explorer in Splunk Search 03-17-2015
0 4
0
4
OmarDee

how to convert a filename date to epoch time format?

by OmarDee Explorer in Splunk Search 03-17-2015
0 3
0
3
dwalker1

What is the easiest way to create an input filter for a dynamic Drop-down Splunk 6.1.3?

Hi Folks, I have a dashboard that automatically populates a drop-down based on a search with CDATA. I want to be ab...
by dwalker1 New Member in Splunk Search 03-17-2015
0 3
0
3
lblum

Convert an hexadecimal field to binary

Hello, I'm trying to convert an hexadecimal field to base two (binary). Let me show you an exemple : field_hex=fff...
by lblum New Member in Splunk Search 03-16-2015
0 6
0
6
HattrickNZ

Is there a way to add percentage labels to a stacked bar chart in Splunk 6.1.2?

I have the following search ...| eval limit4Graph=Limit-Usage | fields userLabel limit4Graph Usage percent Note: Lim...
by HattrickNZ Motivator in Splunk Search 03-16-2015
0 2
0
2
t82921389

How to find further documentation on the defect numbers and issues listed on the Known Issues page?

http://docs.splunk.com/Documentation/Splunk/6.2.2/ReleaseNotes/KnownIssues shows many defects/issues listed with eac...
by t82921389 Explorer in Splunk Search 03-16-2015
1 6
1
6
alaorath

Yet another transform nullqueue formatting issue (syslog "MARK" events)

I'm having no success in filtering out the "-- MARK --" messages from my syslogs. Here is my props.conf: [source::\...
by alaorath Path Finder in Splunk Search 03-16-2015
0 5
0
5
mitcanmit

Why am I unable to extract a field from my logs with rex using my current regular expression?

In my logs, I have the below part and I want to extract success {\"state\":\"success\", How do I formulate it with...
by mitcanmit Explorer in Splunk Search 03-16-2015
0 2
0
2
jolver14

How to display an addcoltotals column as a different color so it stands out?

Hello all, I have a search I'm trying to get just right -- and its 99% there: disk_usage | dedup host |chart sum(di...
by jolver14 New Member in Splunk Search 03-16-2015
0 8
0
8
masonmorales

How to search the count of field value occurrences, not event count, of multivalue fields in multiline events?

I have multiline events that contain anywhere from 1 to 30 status codes per event. For example: status = success sta...
by masonmorales Influencer in Splunk Search 03-16-2015
1 2
1
2
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...