Splunk Search

Discussions

Thread Info

Return position of value within a multivalue field?

Is there a command to return the position of a value within a multivalue field? I have already parsed out the multiva...

by Engager in

Timechart accumulation of all events from previous times

I want to create a timechart that counts all active events (Status = active). These are bug reports. This is actually...

by Contributor in

Why Django drop-down selected value is not passed to the search?

I'm trying to learn Django and created a simple app. All it is supposed to do is pass the selected drop-down value to...

by Builder in

How to know the number of accounts that do have not login in over 30 days in application1 but have login in application2

How to know the number of accounts that do have not login in over 30 days in application1 but have login in applicati...

by Explorer in

How to dynamically put today's date in the source field of an xml input value?

Hi Team, How do I dynamically put today's date value in the source field of an xml input value? I have the sear...

by Explorer in

timechart 2 different fields in one search

I seem to be having issues with time charting, i want to get a trend over time for more then one field. I have tried ...

by Contributor in

Is there any way to pre-calculate the difference between two fields and keep this delta as a new field for future searches?

Data: departure_time1, departure_time2, arrival_time1, arrival_time2 All the fields are in string. My se...

by Path Finder in

Why am I getting "Invalid regex with multiple repeats" trying to parse my data?

A sample row that I want to parse: <134>Feb 2 07:06:48 github-intuit-com github_access: 10.168.0.5 - - [02/Feb/20...

by New Member in

Not getting top 50 values

Hi, I am trying to get top 50 404s by uri and the corresponding referers by their count. For example, if uri1 is t...

by Contributor in

What is regex to extract the "http_user_agent" field from proxy logs when the content value is AND is not available?

There is a field in my Bluecoat Proxy logs that is not extracting correctly. Here are portions of the two losable ...

by Motivator in

How to correlate fields from two different sourcetypes spawning across multiple hosts?

Hello Guys, I have a problem in correlating fields spawning across multiple hosts and different sourcetypes. He...

by New Member in

Why is my search showing 2 values for the same hour?

I am using the search below to compare this week vs last week same hour counts, but in the results, for some of the h...

by Contributor in

How can I make Splunk stop searching after it finds a set number of results?

Hey there! I have a query that will always only return one result. This result will be different depending on the ...

by Path Finder in

How to write the regex for host_regex for my sample data?

I need some help building regex for host_regex. Please and thank you! /opt/splunk/SFTP/SYSTEM/daftm44de_sec.14-...

by Path Finder in

Adding data with oneshot on gemeric_single_line

Currently using oneshot to index data into splunk (bash) Is there a way to add a option for data to be in gemeric_sin...

by Explorer in

How to search multiple value on the same field

I have a regex that searches for different types of value on a field: | regex _raw="FIELD=(value1|value2|value3)" ...

by Contributor in

controlling access to dashboard and search capability

I think this is a typical Splunk use case wherein, we want to give access to users who can only VIEW dashboards but s...

by Path Finder in

How to combine two different search results in a single visualization?

Hello, I'm having trouble combining two different search results, from different source type into one visualizati...

by Path Finder in

Optimize a search without using join

Hello, Hope you can give an solution to my concern. There were different sourcetypes under a single index and they...

by Explorer in

How to create a stacked bar chart to compare denied and permitted traffic for the top 30 denied IP addresses from firewall logs?

I have firewall logs where I'd like to count the top 30 denied IP addresses and from that, create a stacked bar chart...

by Path Finder in

Problem with field extraction

Hello I am having some pretty weird issues with field extraction on 6.2. When I perform this search: 65932...

by Explorer in

How to get field values from search result using python script

My test script splunk.auth.getSessionKey('admin','admin') my_job = splunk.search.dispatch('search index=* source...

by Path Finder in

Quota=0 bytes for 3 days. How do i reenable search ?

Hi I have been using trial version and it expired during Christmas. Now i had expected to use the free version ins...

by New Member in

How to setup multivalued fields?

Hi guys, I have a problem for which I've seen lots of answers but none worked for me. I have to say that I am a begin...

by Explorer in

How can I get eventstats to recognize a renamed field?

Hi, I've been having some trouble grouping same fields from multiple sources when the field names are different. I...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Return position of value within a multivalue field?

Timechart accumulation of all events from previous times

Why Django drop-down selected value is not passed to the search?

How to know the number of accounts that do have not login in over 30 days in application1 but have login in application2

How to dynamically put today's date in the source field of an xml input value?

timechart 2 different fields in one search

Is there any way to pre-calculate the difference between two fields and keep this delta as a new field for future searches?

Why am I getting "Invalid regex with multiple repeats" trying to parse my data?

Not getting top 50 values

What is regex to extract the "http_user_agent" field from proxy logs when the content value is AND is not available?

How to correlate fields from two different sourcetypes spawning across multiple hosts?

Why is my search showing 2 values for the same hour?

How can I make Splunk stop searching after it finds a set number of results?

How to write the regex for host_regex for my sample data?

Adding data with oneshot on gemeric_single_line

How to search multiple value on the same field

controlling access to dashboard and search capability

How to combine two different search results in a single visualization?

Optimize a search without using join

How to create a stacked bar chart to compare denied and permitted traffic for the top 30 denied IP addresses from firewall logs?

Problem with field extraction

How to get field values from search result using python script

Quota=0 bytes for 3 days. How do i reenable search ?

How to setup multivalued fields?

How can I get eventstats to recognize a renamed field?

What’s New & Next in Splunk SOAR

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

Join indexes on field that contain.

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions