Splunk Search

Discussions

Thread Info

Date not parsed if the hour is 24

Splunk doesn't parse the date in the beginning of an event, when it has a hour of 24 (JODA time), like in 03.02.2015 ...

by Explorer in

rex expression that match pathname of variable lenght

Hi all, quick question: How I can match with rex or regex a regular expression that match all of this field? [/h...

by Communicator in

How to convert epoch to local time?

Hi! I have log entries with a timestamp embedded for expiration inside the log event. What's the best way to c...

by Contributor in

How to write the regex and break and extract a field to get the required data?

I need to create a report of failed services. From the logs, I get the data in the below mentioned format: ******...

by Contributor in

How to search and filter based on fields created by stats?

Howdy, I have a stats search that returns values from fields in different events such as OS Devicetype etc. This inf...

by Explorer in

A particular search result is not showing up in | stats count output. Very wierd.

Hello, Here is my search: index=app_win source=service State=Stopped StartMode (Auto OR Manual) Name (*IBM* ...

by Communicator in

Unknown search command 'gauge'.

Hi Guys, i am new to SPLUNK. when i search a query with non admin user i am getting below error, Unknown sea...

by Explorer in

Sum a series of values based on the distinctness of another column

i think its easier to ask my question by showing you some of the data I'm working with: Mon Feb 23 16:35:07 2015 ...

by Explorer in

I am try to to find the number of business days between two extracted fields

I am trying to follow what the others have done, but I am stumped as to why things are not functioning for me. I have...

by Path Finder in

Search in multiple indexes

Hi guys, I need some help. I have 2 index, and in both there are the field "ip", How can I create a search that...

by Contributor in

How to compare two weeks ?

Hi, I use Splunk 6.2. I try to compare two values between two differents weeks. index="market_logs" host="1...

by Engager in

Splunk treats any number that uses E (instead of *10) as a string

Any number such as 1.23456E-3 (equivalent to 1.23456*10^-3 or 0.00123456) is recognised by splunk as a string rather ...

by Path Finder in

How to customize raw data into fields using regex before exporting to CSV?

We are ingesting syslog logs. While doing a search and exporting to csv, we would like the raw data column to be spli...

by Explorer in

Why are certain events not showing in '| stats count' output?

Hello, The following search: index=app_win source=service State=Stopped StartMode (Auto OR Manual) Name=*IBM*...

by Communicator in

Why is my timechart search WHERE duration > 8 not returning any data?

I have a lot of SOAP req/resp pairs and I was able to match them up and find the time between them (duration). I then...

by SplunkTrust in

How can I pipe search results to syslog?

Example: I'd like to run a search on windows logs, do some data transformation and then pipe the output to a syslo...

by Engager in

How to edit my search to get a table of data from multiple indexes?

Hello, I’m looking for to get a table from the the search results from two indexes: index="imwaccesslog" OR ind...

by Explorer in

how to extract from java.lang

My events look like this TYP=ERR, TS1=1423574799157, TS2=1423574799157, CMP=PUR, EDESC=Unknown Host java.lang.Except...

by New Member in

How to extract the file name from full path using regex/rex?

I am trying to extract a file name from the entire path using rex. An example log is: ....request=http://66.228.48...

by Communicator in

time range picker in Splunk 6.1.3 build 220630

Hi, I´m trying to get the Time range picker to work in a test dashboards and in some cases it does work but not when ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Date not parsed if the hour is 24

rex expression that match pathname of variable lenght

How to convert epoch to local time?

How to write the regex and break and extract a field to get the required data?

How to search and filter based on fields created by stats?

A particular search result is not showing up in | stats count output. Very wierd.

Unknown search command 'gauge'.

Sum a series of values based on the distinctness of another column

I am try to to find the number of business days between two extracted fields

Search in multiple indexes

How to compare two weeks ?

Splunk treats any number that uses E (instead of *10) as a string

How to customize raw data into fields using regex before exporting to CSV?

Why are certain events not showing in '| stats count' output?

Why is my timechart search WHERE duration > 8 not returning any data?

How can I pipe search results to syslog?

How to edit my search to get a table of data from multiple indexes?

how to extract from java.lang

How to extract the file name from full path using regex/rex?

time range picker in Splunk 6.1.3 build 220630

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Error with connecting two search queries with appe...

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...