Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to search CSV data to filter out events with null values in ColumnA, then only return events where values in ColumnB are found in ColumnA?

Hello All, I have CSV data and it consists of 3 columns “Name”, “Number” and “Data”. We need to filter out data...

by Contributor in

How to combine a date (dd-mm-yyyy) and time (HH:MM) field into a combined field with the format "yyyy-mm-dd HH:MM"?

Hi, I wonder whether someone could help me please. I'm trying to combine two fields Submission Date and Submis...

by Motivator in

How to create data according to search results?

Hi all, I"m kind of new to Splunk to maybe I am not using the right terms, but I need help with this scenario: ...

by Explorer in

How do I extract fields from XML child and leaf nodes?

Hi , Splunk is pulling data from URLs , which is having below format: <DocumentElement> <CMN_DEPARTMENT><id>DEP...

by Path Finder in

Showing values on a bar in a bar chart

In a bar chart, I would like to display the value, that a horizontal bar represents, at the right side of the bar or ...

by Path Finder in

How do I specify a drilldown to show only the results of the value I clicked on in a table format?

Hi I am a complete noob at all this Splunk stuff. I have built a search that display results in a table. What ...

by Loves-to-Learn in

Fastest way to count records per day

Hello, hopefully this has not been asked 1000 times. I'd like to count the number of records per day per hour o...

by Communicator in

Why are we getting "Invalid value =" for parameter='INDEXED_EXTRACTIONS'" in the search.log when running a search using Hunk?

When running a search using Hunk, we are seeing a lot of these errors listed below in search log: 10-29-2015 22:2...

by Path Finder in

Parsing the following sourcetype for a custom field extraction on a single field, why is only "Nov" extracted instead of the full date?

When parsing the following sourcetype, the field Example1 results in "Nov" instead of the full date. The rest of the ...

by Builder in

Why are the new inputs.conf data is not added/searchable?

Hi all, I started monitoring the splunk internal introspection logs. These seem to get logged. I also want to log...

by Path Finder in

How to reference an item name selected via populatingSearch

I am trying to put the name(s) of a selected item(s) into the 'first' and 'last' parameters of a streamstats evaluati...

by Engager in

How do I get around the issue of the Segmentation and Subsearch limit if I have 30000 results?

Hi, I have a index of raw usage data (iis) and a separate index of entitlement data (rest_ent_prod), both indexes ...

by Contributor in

How to compare my search result with saved data list to reflect the value not reflecting in the search result (that is there in the saved data list)?

My existing search string is: index="os" OR index="app" host=ip-10-12-70-56.va2.b2c.nike.com sourcetype=ps| multi...

by Explorer in

snapshot search index

Hi I have a server that works to search-haed and a by search-index . They're virtual machines and before upgrade t...

by New Member in

Field Extraction on XML file, which stanza in props.conf is responsible for field extraction?

Hello, I have a props.conf for a xml file. I just copied the props.conf which was automatically created in the "Ad...

by Influencer in

If I want to create a pie chart to show web access by browser, what is the best way to detect the browser?

I'm going to make a pie chart to show web access by browser. I want to use httpagentparser (module) to python lookup ...

by Explorer in

How to use stats to join 2 indexes based on 1 field

Currently I have 2 indexes: Index A contains ProgramID, User Index B contains ID, Machine I would like to use stat...

by Explorer in

How to edit my Apdex calculation search to prevent warning "'stats command: limit for values of field 'utt' reached."?

Hi. I'm creating an Apdex SLA report on "user response time" performance in my application. I am aware about the "...

by New Member in

How to extract fields from a specific field instead of raw data using the conf files?

How to extract fields from a specific field instead of raw data using the conf files? Can it be done with EXTRACT-<cl...

by Splunk Employee in

How to convert a time field with multiple formats to epoch at search-time?

How do I take a time field with multiple human-readable formats and get the epoch time at search-time?

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search CSV data to filter out events with null values in ColumnA, then only return events where values in ColumnB are found in ColumnA?

How to combine a date (dd-mm-yyyy) and time (HH:MM) field into a combined field with the format "yyyy-mm-dd HH:MM"?

How to create data according to search results?

How do I extract fields from XML child and leaf nodes?

Showing values on a bar in a bar chart

How do I specify a drilldown to show only the results of the value I clicked on in a table format?

Fastest way to count records per day

Why are we getting "Invalid value =" for parameter='INDEXED_EXTRACTIONS'" in the search.log when running a search using Hunk?

Parsing the following sourcetype for a custom field extraction on a single field, why is only "Nov" extracted instead of the full date?

Why are the new inputs.conf data is not added/searchable?

How to reference an item name selected via populatingSearch

How do I get around the issue of the Segmentation and Subsearch limit if I have 30000 results?

How to compare my search result with saved data list to reflect the value not reflecting in the search result (that is there in the saved data list)?

snapshot search index

Field Extraction on XML file, which stanza in props.conf is responsible for field extraction?

If I want to create a pie chart to show web access by browser, what is the best way to detect the browser?

How to use stats to join 2 indexes based on 1 field

How to edit my Apdex calculation search to prevent warning "'stats command: limit for values of field 'utt' reached."?

How to extract fields from a specific field instead of raw data using the conf files?

How to convert a time field with multiple formats to epoch at search-time?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Splunk search for PASS and FAIL

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to convert multiple individual json objects in...