Splunk Search

Discussions

Thread Info

bandwidth utilization percentage

I have the below search and I want to modify it to get the bandwidth utilization percentage. Whats the best way to go...

by Explorer in

Extract field value after special characters from delimiter string

Need help cleaning up my rex command line with data delineated by (,) then extracting the value after the (=) charact...

by Path Finder in

Multivalue field extraction from nested field

Hello folks, I have a series of event results which take the format as shown below: appDisplayName: foo ...

by Explorer in

Cannot connect remotely to Splunk Web interface

I have a problem where I cannot remotely access the web interface (not via HTTPS or HTTP on either 8000 or 8089) of o...

by Builder in

Introspection

Hello I am running searchindex=_introspectiondedup host table hostin result i am not able to see one indexer and one ...

by Path Finder in

reformatting output in table

Hi everyone i have a dataset | makeresults| eval APP1="appdelta", hostname1= mvappend("syzhost.domain1","abchost....

by Path Finder in

Add Line Breaks with Eval

This might be a silly question, but has anyone figured out how to add line breaks to text that has been evaluated wit...

by Communicator in

How to extract value with dynamic key name

Hi Experts, I have the following data. {"TIMESTAMP": 1742677200,"SYSINFO": "{\"number_of_notconnect_interfaces\"...

by Explorer in

Getting totals of child processes at the parent

I have an index with a list of transactions, the transactions in the system start as 1 process with a transaction num...

by Observer in

custom Dropdrown with "ALL'

Hi I have dashboard with Data Entity drop down ,i want to add a drop drown "ALL" ,if i select ALL and hit submit butt...

by Communicator in

Cluster Map - Show Country Border

Hi Splunkers, I would like to display a count divided by several locations on a map. On the map, I would like only...

by Explorer in

Base search not returning results

Hello folks, I trying to use a base search within a dashboard but it consistently returns no results. However, when...

by Explorer in

How to display an input only for a specific tab in your dashboard ?

Hello guys, I have a dashboard with two tabs. I've added a dropdown input and I'm going to add more inputs. But I ...

by Path Finder in

Online, interactive regular expression tester for Splunk regular expressions?

I am using the Interactive field extractor to try and extract certain fields. However, regular expressions are tricky...

by Contributor in

need difference from multivalue table column

i have a list of hostnames being generated from left join for different application in multivalue table column APP1...

by Path Finder in

Splunk Observability Cloud - Kubernetes Monitoring - CPU Limit

I am using Splunk Observability Cloud for Kubernetes monitoring and trying to retrieve data for container CPU limits ...

by Observer in

Search & compare value for each search result to value in CSV (inputlookup or lookup)

Hi,I have a query that goes something like this:index=myindex | eval urgency="medium", account_name='awsMetadata.acco...

by Observer in

Using a timechart click.value as the midpoint of another panel's earliest and latest

So, have a timechart with multiple streams.Call them X, Y, and Z.Run the panel for a 4h timeframe.I want to click a p...

by Explorer in

Date Conversion

Hi SMEs; I'd like to convert the following date format into epoch: yyyymmdd. E.g 20220508. Any assistance would ...

by Explorer in

Replace in SPL2 not working like SPL

Hi, I am having trouble getting replace to work correctly in Ingest Processor and have this example. In SPL I can...

by Path Finder in

Run lookup before streaming command (anomaly)

Hello Team, I need to run anomaly command on the top of results returned by the lookup. My lookup is geo: enrichi...

by Path Finder in

Where to download lookup file related to sales index (retail sales) used in search tutorial ?

count retail sales events for strategy games I can't find categoryId field by default from the search tutorial ...

by Path Finder in

Search auto-cancelled

Hi All, I have following Query index=wineventlog|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S") |eval device_n...

by Observer in

Display all results if text field is * , or partials results based on any part of phone number entered

I'm trying to have the dashboard return all results if the text field is * or return all phone numbers with a partial...

by Engager in

Data Exfiltration via E-Mail

Hey everyone, I am currently trying to write a search that monitors outgoing E-Mail traffic. The goal is to see if ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

bandwidth utilization percentage

Extract field value after special characters from delimiter string

Multivalue field extraction from nested field

Cannot connect remotely to Splunk Web interface

Introspection

reformatting output in table

Add Line Breaks with Eval

How to extract value with dynamic key name

Getting totals of child processes at the parent

custom Dropdrown with "ALL'

Cluster Map - Show Country Border

Base search not returning results

How to display an input only for a specific tab in your dashboard ?

Online, interactive regular expression tester for Splunk regular expressions?

need difference from multivalue table column

Splunk Observability Cloud - Kubernetes Monitoring - CPU Limit

Search & compare value for each search result to value in CSV (inputlookup or lookup)

Using a timechart click.value as the midpoint of another panel's earliest and latest

Date Conversion

Replace in SPL2 not working like SPL

Run lookup before streaming command (anomaly)

Where to download lookup file related to sales index (retail sales) used in search tutorial ?

Search auto-cancelled

Display all results if text field is * , or partials results based on any part of phone number entered

Data Exfiltration via E-Mail

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions