Splunk Search

Ask a Question

Discussions

Thread Info

rex command to regex in transforms.conf

This rex statement works in search command: rex field=source "3......(?P .+?)rly" I would like to conver...

by Explorer in

Regex for extraction

Hi, i want to extract account field and i have events in 2 patterns. One where account has boundaries of @account...

by Contributor in

Join two searches and draw them on the same chart

Hello guys , I kinda need your help , i spend some time on this query and i don't really see how to do that ( tri...

by New Member in

Calculate Difference Between Outputs of two Scheduled Searches

I have two scheduled searches that each output a single numerical value to populate panels on a dashboard. I want to ...

by Builder in

Extracting multiple field values with same field name

Can anyone provide assistance for extracting multiple field values with same field name? My log is something like thi...

by Explorer in

Timed out waiting for peer xxx.xxx.com

Hello, I am getting the following errors in my search head while loading a dashboard which includes the saved seac...

by Contributor in

Count days with events

Hi everyone, I have looked all over for a solution but without luck, so i'm approaching you hoping to find a solution...

by Explorer in

Using calculated values to create timechart -- too many columns

Hello, I know this type of question has been asked several times: ex: http://answers.splunk.com/answers/11020/display...

by Builder in

Perfmon Timechart - Multiple Series, Multiple Host

I have been struggling to find the proper syntax for this type of timechart. This relates to creating a Windows PerfM...

by Path Finder in

Using calculated values to create timechart -- too many columns

Hello, I know this type of question has been asked several times: ex: http://answers.splunk.com/answers/11020/display...

by Builder in

Creating operacional intelligence in xml file.

Hey guys, I am writing a script to colect data from social media and generate a XML file. I would like to index t...

by Communicator in

Dynamic Lookup issue

By trying to run a python script for a dynamic lookup I get the following error Error in 'lookup' command: Th...

by Explorer in

metadata vs stats count

When running | metadata index=myindex type=sources, I see 301785788 for my totalCount for one of my sources (let's ca...

by Ultra Champion in

transaction startswith 1, endswith multiple

Hi all, simple question I hope. I have a system that has one starting event with multiple outputs and I want to find ...

by Engager in

Top 10 IP along w/ top 4 ports

Hello Splunkers, I'm looking to build a search w/ chart that tracks top 10 source IP's in a firewall but also a listi...

by Contributor in

Dropdown Not Populating

I'm trying to populate a dropdown box with this search which returns the values I would expect, but the dropdown is n...

by Engager in

Need help with rex

Hi, i am using this expression - base search | rex field=uri "better\?q=(?[^&]+)$" and i was expecting to retur...

by Contributor in

Unique Port Count Per IP

I'm trying to find the number of unique ports accessed by IP's, by count. i.e. IP 8.8.8.8 connected to 5 unique ports...

by New Member in

Splunk returns some queries much faster than others

I am working with access_combined_wcookie data (essentially Nginx log files) in Splunk. An example of a record is bel...

by Explorer in

How to get unique patterns

Hi, we would like to get unique query string patterns so that we can cache them at Akamai. i have written a query re...

by Contributor in

filter windows application event by Source

I am using windows TA app to get events from windows event log. The windows events are coming inside Indexer. But ...

by Explorer in

How to reassemble bidirectional flows with transaction

I need to assemble transactions where, depending on the direction of the traffic, the "source" might actually be the ...

by New Member in

how to get the total sum based on specific field

I have a query which runs over a month period which lists all users connected via VPN and the duration of each connec...

by Explorer in

Combination of stat and lookup?

Hi! I would like have some advice with the search command. If I have 3 records like below and each record conta...

by Communicator in

How to use the chart command optional argument "format"

hi, i'm looking at the documentation (http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/Chart) and I'...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

rex command to regex in transforms.conf

Regex for extraction

Join two searches and draw them on the same chart

Calculate Difference Between Outputs of two Scheduled Searches

Extracting multiple field values with same field name

Timed out waiting for peer xxx.xxx.com

Count days with events

Using calculated values to create timechart -- too many columns

Perfmon Timechart - Multiple Series, Multiple Host

Using calculated values to create timechart -- too many columns

Creating operacional intelligence in xml file.

Dynamic Lookup issue

metadata vs stats count

transaction startswith 1, endswith multiple

Top 10 IP along w/ top 4 ports

Dropdown Not Populating

Need help with rex

Unique Port Count Per IP

Splunk returns some queries much faster than others

How to get unique patterns

filter windows application event by Source

How to reassemble bidirectional flows with transaction

how to get the total sum based on specific field

Combination of stat and lookup?

How to use the chart command optional argument "format"

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions