Splunk Search

Ask a Question

Discussions

Thread Info

Edit csv file on splunk web

lookupで指定されたcsvファイルを編集したい場合、splunk web上(GUI)で編集することは可能でしょうか。若しくはコマンド上で編集するか、新しく編集したcsvをinputlookupで入れなおすしかないのでしょうか。 ...

by Contributor in

Multiple occurrences of fields

Hello, I have log lines that look like this [ some silly example but the idea is there  ] mm/dd/yyyy hh:mm:ss ...

by Communicator in

Distinct Events Days in Index

I'm trying to write an efficient search to find out the distinct days of events that I have in an index. Basically, I...

by Builder in

How to keep the multivalue field values in ascending order when creating a transaction?

I have the following query: ..... | transaction CUSTOMER_KEY mvlist=t | makemv delim="," moves Problem is when it cre...

by Path Finder in

problem with streamstats command, using both window=N and a by clause.

This is in regards to using the streamstats command with a "by" clause, and at the same time specifying window=N to t...

by SplunkTrust in

Help with regex

I have a log format that uses space as delim and "" as delim when we have space in between. How should i write the re...

by Path Finder in

Dbquery and time_stamp

Hi, I have a query like | dbquery TEST_DB "select a.time_stamp, a.num_busy_engines, a.num_total_engines, a.num_tas...

by Path Finder in

How to keep leading zeros in a numeric field when converting it to string?

I have this as part of my query: eval this_move=tostring(seq)."-."screen Only I need to make sure seq is treated as ...

by Path Finder in

Search event logs that only accrue between 4PM to 11:59PM every day

Looking to see if there is a way to search for only specific windows event logs that accrue after 4 pm up to 11:59 pm...

by Path Finder in

single value background image

Hello Everyone, Please suggest me how to place an images to extreme left in the single value box.This is what I ha...

by Builder in

Gap in chart data

Hi, I have a chart that is produced by executing a search with a | timechart command. As the search is executin...

by Motivator in

Start/End time Displaying Same time

I have a search where I'd like to show the duration of the order. My search below almost gives me that, but the st...

by Builder in

サーチ結果をダッシュボードに載せると結果が変わる

下記サーチをダッシュボードに載せると結果が変わってしまうのですが、原因はなんでしょうか。サーチ結果では前週比がでるはずが、ダッシュボードに載せるとその数が足された結果になってしまいます。 ...

by Contributor in

Changing timechart X axis

Hello, I want to change X axis on timechart, so I created a dashboard, and added the following option. My sear...

by Contributor in

Exporting raw search results to clipboard?

Hi, Exporting search results to a file is a bit too cumbersome for our current workflow. Is there any way to expor...

by Engager in

Charting non indexed values

I have a feed going into Splunk currently that follows a trend that looks like it starts at a very small number, then...

by Engager in

Discarding of Events based on some column value

Hi, I have a JSON file which has a key value pair. I want to discard the events which contains "Name":"John" ( I mean...

by Contributor in

CASE() search option produces no results

While using the CASE() feature of the search command (as per http://docs.splunk.com/Documentation/Splunk/6.0.2/Search...

by Splunk Employee in

using custom JS rendering scripts

I'm having a bit of a problem with using JS scripts in my dashboard panels. I've been using the Simple XML examples a...

by Path Finder in

Calculating a total for use later to calculate a percentage

I am trying to calculate an overall total value for use later in my pipeline in a percentage calculation. My data loo...

by Path Finder in

Help with Rex or RegEx - Need Everything After a String

Here is an example of a VPN log with an error. I want to create a field for "Reason", which includes everything found...

by Builder in

Problem with HEADER_FIELD_REGEX in TMG Logs

I am attempting to use the INDEXED_EXTRACTION = W3C configuration to pull logs from a Microsoft TMG server. I started...

by Communicator in

Getting 2 aggregate result for 2 searches

My search string is host=ABC| append [search host=DEF]|stats sum(V) by "ER Code" Can I have a count function also wit...

by Path Finder in

How do I extract last numbers in field

Hello Splunkers, I Would like to create a new field with the last numbers in another field called logid For ex...

by Communicator in

Issue in returning space from eval macro

Hi, I am in need of an eval macro that takes in three values, examines them and returns the values for three separ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Edit csv file on splunk web

Multiple occurrences of fields

Distinct Events Days in Index

How to keep the multivalue field values in ascending order when creating a transaction?

problem with streamstats command, using both window=N and a by clause.

Help with regex

Dbquery and time_stamp

How to keep leading zeros in a numeric field when converting it to string?

Search event logs that only accrue between 4PM to 11:59PM every day

single value background image

Gap in chart data

Start/End time Displaying Same time

サーチ結果をダッシュボードに載せると結果が変わる

Changing timechart X axis

Exporting raw search results to clipboard?

Charting non indexed values

Discarding of Events based on some column value

CASE() search option produces no results

using custom JS rendering scripts

Calculating a total for use later to calculate a percentage

Help with Rex or RegEx - Need Everything After a String

Problem with HEADER_FIELD_REGEX in TMG Logs

Getting 2 aggregate result for 2 searches

How do I extract last numbers in field

Issue in returning space from eval macro

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions