Splunk Search

Discussions

Thread Info

Possible bug - Deleting a saved search deletes all searches with the same name

I believe I have found a possible bug. There is a condition that when you delete a saved search all saved searches wi...

by Explorer in

eval fails if fields have a ":" in their name

I have some data in the form of xml records. The fields extract fine using the xmlkv operator, but I can not perform ...

by Path Finder in

multiple values for single field in multiple lines of a single multi-lined event

Below is my sample log. I'm trying to extract all the 'Pend Reason' codes and still maintain the host field which I'm...

by Splunk Employee in

Regular expression help and error (Regex: unmatched parentheses )

The regular expression is correct according to RegExr, but i keep on getting this error Regex: unmatched parenthes...

by Contributor in

Oracle into Splunk

I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I ...

by New Member in

stats by date_hour failing to return results

Been scratching my head about this one... This search returns a value: index=os source=cpu host=myhost | stats ...

by Path Finder in

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by search...

by Contributor in

Need help with regex

Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyon...

by Motivator in

Event Options Menu lacks "show source" item if search has "fields" command in it.

If you say "*" as search, you see "show source" in the Event Options Menu by every event. If you say "* | fields site...

by Explorer in

Extraction failure

This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f...

by Path Finder in

Field Extraction Default Delimiter

I know that Splunk will automatically extract fields for field=xyz patterns in my data. How can I tell Splunk to also...

by Splunk Employee in

Frequency of Universal forwarder

I have installed Universal forwarder to send the log files to my Splunk storm project. My question is how frequently...

by New Member in

Simple regex

I'm just trying to get the CN name from what looks like the fields below CN=John Smith,OU=Customer Service,OU=Users,O...

by Path Finder in

Data format

I have the data in this format where the value of the date_month changes how much data I select date_month DATASE...

by Path Finder in

extracting multiple values for a field from one row(one event)

Hi all, Regex is troubling me when i have to extract a field compared with previous line. My log is like Thread Ev...

by Builder in

similiar to chartTitle param do we have any way to give title to Table?

I'm using panel_row2_col1_grp1 - panel_row2_col1_grp3 to collate 1 table and 2 charts. I need to group it since i use...

by Contributor in

REX not working in props.conf

I am using this rex command | rex max_match=100 "(?i)<severity>(?P<Severity>[^<]+)" When I add this to the pro...

by Motivator in

transformation : set a field value according to the host

I'd like to set at search_time a new field, with a value according to the host : if host=abc.com then =te...

by Builder in

sapninja data collection framework

hi , can someone help me with sapninja data collection framework which is used for data collection for the app Splun...

by Communicator in

Joining two large datasets without a Join

I have two data sources, one that is a very large file listing with *nix timestamps, and one that has a text descript...

by Explorer in

Fields extraction problem

HI Experts. I did fields extraction in regexr, The fields matching in regexr is no problem. But, On splunk , we ...

by New Member in

How to supress the x axis label in timechart

I use a lot of timechart searches for a dashboard, each of them showing the "_time" label in the x-axis. As it is cl...

by Contributor in

Nav menu problem ???

Hi .. i have created a APP in splunk .and i have change its nav menu as below.. Google ...

by Motivator in

5 and above login failures

I have managed to create a search that finds users that have failed to login within the last 24 hours but I want to o...

by Explorer in

no longer seeing all logs after clearing index

I am no longer seeing all my logs on the indexer after clearing the index of all data. Is there something that needs ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Possible bug - Deleting a saved search deletes all searches with the same name

eval fails if fields have a ":" in their name

multiple values for single field in multiple lines of a single multi-lined event

Regular expression help and error (Regex: unmatched parentheses )

Oracle into Splunk

stats by date_hour failing to return results

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

Need help with regex

Event Options Menu lacks "show source" item if search has "fields" command in it.

Extraction failure

Field Extraction Default Delimiter

Frequency of Universal forwarder

Simple regex

Data format

extracting multiple values for a field from one row(one event)

similiar to chartTitle param do we have any way to give title to Table?

REX not working in props.conf

transformation : set a field value according to the host

sapninja data collection framework

Joining two large datasets without a Join

Fields extraction problem

How to supress the x axis label in timechart

Nav menu problem ???

5 and above login failures

no longer seeing all logs after clearing index

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!