Splunk Search

Discussions

Thread Info

Amending certain characters for values in an extracted field

I'm currently trying to join two log events across separate sources using their file name. The issue i have run in to...

by Engager in

Problem extracting field from a field

Splunk 6.2 I used the Field Extractor app to extract a field from an previous field. The resulting extraction tested ...

by Explorer in

Chart Background or Text Color

I have a chart displaying in dashboard panel. When a value is 0 I'd like to call it out by makeing the text or backgr...

by Communicator in

How to extract field for the data with spaces

Hi I have data as below. 9B 85 65 70 20 61 6C 69 76 65 2C 33 30 30 30 30 3C 00 is one pattern 9B 85 65 70 20 ...

by Path Finder in

charting state as sequence of values in time

I have a log that contains a polling state of a device, PLUGGED/UNPLUGGED, logged every 10 s. I want to chart a timel...

by Explorer in

Modifying multi line event before indexing

Hello, i have an application that has an bug in the logging, but i need to workaround it. log structure: De...

by Splunk Employee in

How can I pass a variable to the tail command?

... | tail 200 works fine. ... | eval tail_value=200 | tail tail_value throws this error: Error in 'tail' com...

by Path Finder in

Identify who has a particular IP address and compare that against a different set of logs

I have one set of logs showing authentication which contain time stamps, user names, and IP addresses (source 1). I'd...

by Motivator in

help to make regex

hello all! I have a sentense of raw data so I want to extract only one field. raw data's example : A,B,C,D,...

by New Member in

joining result of a query with another db query

I have two queries, 1) index = coreops sourcetype=sitescope_monitorstat UpTime | rex field=_raw "days=\s(?\d+)" | ...

by Communicator in

Help group by second level using _time function

We have the logs with milliseconds, but when use _time function and its not giving the second level grouped results, ...

by Builder in

Show stats for a fixed set of hosts

I'm trying to build a table of outages. For example: Host Num. Outages A 1 B 2 C 0 Servers will log an outage w...

by Explorer in

Need to edit search to NOT alert if another similar alert comes in within 5 minutes

Hello, I have two searches that alert on every occurrence: 3rd party agent drops offline: index=app_evtlogs_prod...

by Communicator in

How to Push a Value onto a MultiValue field

Hi, I would like to be able to push a new value into a multi-valued field, from another field. ie. Field1="De...

by Path Finder in

How to calculate average rate of occurrence for a field?

Hello, I am looking for a way to calculate the avg rate of occurrence for a particular field. There are multiple v...

by Builder in

Predict command doesn't use all my data points

I am using the predict command like this: | timechart values(Recovery) as values | predict values Can someone help...

by Path Finder in

Why does the use of timechart give me different results than chart ... by _time?

I have done 2 (what I thought were) identical searches. One ended with: | timechart first(valueA) as A first(valu...

by Path Finder in

Unathorized Linux folder deletion

Hi All, I am new to Splunk and need to complete the below use case Files in a linux directory are regularly arc...

by New Member in

how to loop endlessly

Hi, How to loop like this Event fields field1 [value1a, value1b, value1c, value1d,...] field2 [value2a, valu...

by New Member in

Running a query using wildcards for a value returns different counts than if I choose one of the wildcard fields.

I have a script that runs againts Qualys vulnerability information and does a count of vulnerabilities by OS (a field...

by Explorer in

How To move the okta index

I am trying to move the index for the okta app to a different location than what it installed as. When i do this splu...

by New Member in

returns only results that have a repeated field

I need a query that returns only results that have a repeated field. My search: index=abc AND component=yyy AND ke...

by New Member in

Obtaining XML from URL

Search Head: V6.2 Goal: Obtain XML data from URL, which is dynamically created with IDs set in search string. Sear...

by Path Finder in

hello MuS, How to search these events that meet "3 same contents and their positions is sequent in 2 seconds"

How to search these events that meet the condition of "3 same contents(except time message) in 2 seconds", give me a ...

by Explorer in

Subsearch results getting truncated while using join

Hi, We are currently using join for creating summary index in our application. The search runs on a daily basis fo...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Amending certain characters for values in an extracted field

Problem extracting field from a field

Chart Background or Text Color

How to extract field for the data with spaces

charting state as sequence of values in time

Modifying multi line event before indexing

How can I pass a variable to the tail command?

Identify who has a particular IP address and compare that against a different set of logs

help to make regex

joining result of a query with another db query

Help group by second level using _time function

Show stats for a fixed set of hosts

Need to edit search to NOT alert if another similar alert comes in within 5 minutes

How to Push a Value onto a MultiValue field

How to calculate average rate of occurrence for a field?

Predict command doesn't use all my data points

Why does the use of timechart give me different results than chart ... by _time?

Unathorized Linux folder deletion

how to loop endlessly

Running a query using wildcards for a value returns different counts than if I choose one of the wildcard fields.

How To move the okta index

returns only results that have a repeated field

Obtaining XML from URL

hello MuS, How to search these events that meet "3 same contents and their positions is sequent in 2 seconds"

Subsearch results getting truncated while using join

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions