Splunk Search

Ask a Question

Discussions

Thread Info

How to dynamically extract fields from Events(without internal fields like source,sourcetype,host etc..) and pipe it as fieldlist to table command.

I need to create table with fields present in Events result,excluding internal fields. Example: Indexed Data: A...

by Path Finder in

recommendations for pruning away emptystring-valued fields?

In a funny way Im looking for the opposite of fillnull. I have some fields which are sometimes coming through wit...

by SplunkTrust in

how can i reuse my extraction

I expect this is easy and I missed something obvious. I am new to this tool. I created a field extraction from the...

by Engager in

search returns only 50000 events, even if maxEvents is specified

We are just trying to handle a worst case where number of events crosses 50,000. I am using python "splunk.search.dis...

by Builder in

How to do a field extraction on the source field?

Hi, I need to create a field on the source field, but am not sure how to do that. Can someone help me?

by Champion in

How to create a drilldown to pass time to timerange.latest to a new search and adding a millisecond?

I'm not sure this is the only way to do what I need, but this is the only thing I could think of. I have a table with...

by Path Finder in

Can I extract the time value selected from the timerange selection?

Hello, I am wondering if the timerange value a user selects for a search is able to be extracted from a field. Fo...

by Path Finder in

How to add an additional column to my report (I need a hostname column).

Here is my search: index=windows source="WMI:Services" State=Stopped StartMode=Auto | rex field=_raw "\nName=(?PI...

by Communicator in

Timechart prepends "VALUE' to table header values

I'm trying to use a timechart function to display folder names and their sizes over time. When I do this, the string ...

by Explorer in

testing new regex

Before really putting my custom regex in transforms.conf, is there a quick way to test and debug it?

by Explorer in

How to write the regex and configure transforms.conf to extract multiple values for one field?

Hi, I am indexing data with events in this format: Field1:value1|Field1:value2 ..... In my transforms.conf i...

by Path Finder in

How to return search results for a field with a duration greater than 0 for each month?

I have the following fields stu_id, duration, and date_month. I want to do a search to display all sru_id's that have...

by Explorer in

How to search and trigger an alert email to a user if their account has successful logons from 10 different computers in the last hour?

Hi, I'm new to Splunk and we would like to buy the enterprise version. Currently I'm testing and now I stumbled up...

by New Member in

Generate a stand-alone event based on a token in a dashboard

Background: In a dashboard, I have a token excludes which I want someone to be able to enter 1*,5* into. I then want ...

by Path Finder in

Streamed search execute failed because: User '' could not act as: XXX

Hey, All my users except admin are getting this error: Streamed search execute failed because: User '' could not act ...

by Engager in

Why are 2 of my 3 HiddenPostProcess searches returning zero results?

Hi, I'm using HiddenPostProcess. I made three HiddenPostProcess searches. The first returns the right number, but the...

by Explorer in

Can someone explain how my transaction search works with endswith and multiple end statements?

When I have multiple end statements in a transaction command, I use the following: endswith=eval(match(_raw,"complete...

by Path Finder in

How to use a lookup table field to use to query another lookup table

I'm a Splunk beginner, bear with me.... I am querying a system log file of access events. I have two lookup tables de...

by New Member in

What is the maximum range of values that can be assigned to max_mem_usage_mb?

We currently have the limits.conf max_mem_usage_mb parameter value set to 2000, which is 10x the default value (200)....

by Splunk Employee in

How to stop timechart drilldown using javascript?

Hi Experts, I am struggling to stop time chart drilldown using js. Here is the code. this._chartView = new Char...

by Builder in

How to extract area codes from phone number field?

Hi. I have a series of systems (contact center, fax, Cisco CUCM, etc) where phone numbers are returned in the data. T...

by Path Finder in

With 2 sources producing similar data, how to dedup events within 2 seconds of each other, but only keep events from one particular source?

I have two sources of traffic logs my_source1 and my_source2 that record approximately the same data with few importa...

by Communicator in

Return position of value within a multivalue field?

Is there a command to return the position of a value within a multivalue field? I have already parsed out the multiva...

by Engager in

Timechart accumulation of all events from previous times

I want to create a timechart that counts all active events (Status = active). These are bug reports. This is actually...

by Contributor in

Why Django drop-down selected value is not passed to the search?

I'm trying to learn Django and created a simple app. All it is supposed to do is pass the selected drop-down value to...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to dynamically extract fields from Events(without internal fields like source,sourcetype,host etc..) and pipe it as fieldlist to table command.

recommendations for pruning away emptystring-valued fields?

how can i reuse my extraction

search returns only 50000 events, even if maxEvents is specified

How to do a field extraction on the source field?

How to create a drilldown to pass time to timerange.latest to a new search and adding a millisecond?

Can I extract the time value selected from the timerange selection?

How to add an additional column to my report (I need a hostname column).

Timechart prepends "VALUE' to table header values

testing new regex

How to write the regex and configure transforms.conf to extract multiple values for one field?

How to return search results for a field with a duration greater than 0 for each month?

How to search and trigger an alert email to a user if their account has successful logons from 10 different computers in the last hour?

Generate a stand-alone event based on a token in a dashboard

Streamed search execute failed because: User '' could not act as: XXX

Why are 2 of my 3 HiddenPostProcess searches returning zero results?

Can someone explain how my transaction search works with endswith and multiple end statements?

How to use a lookup table field to use to query another lookup table

What is the maximum range of values that can be assigned to max_mem_usage_mb?

How to stop timechart drilldown using javascript?

How to extract area codes from phone number field?

With 2 sources producing similar data, how to dedup events within 2 seconds of each other, but only keep events from one particular source?

Return position of value within a multivalue field?

Timechart accumulation of all events from previous times

Why Django drop-down selected value is not passed to the search?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions