Splunk Search

Thread Info

To append or to appendcols? Timecharting same search over different time period

Hello Splunkers, I've seen a few questions and one blog post about this topic. Goal: Look at the trend of one ...

by Path Finder in

Joining entries using IDs

Hi, I am trying to extract an ID from a search and append the results using the extracted ID. Example: Search: ...

by New Member in

rsyslog regex or another way?

So i'm curious, I installed the Windows rsyslog agent on a windows box because I like the idea of being able to use S...

by Path Finder in

Problems to explore Data

The Explore Data button is disabled in my project. I uploaded a CSV file with data, but I can't explote it. It says "...

by New Member in

Creating a Stacked Graph (Area but coloured like bar)

I have the following search: index="cms_test_1" [|inputlookup Stacked_Worse12.csv | rename FullURL as cs_uri | fie...

by Path Finder in

Simple newbie question - "stats count per user" not alerting

Gurus I just started playing with splunk and after reading the alert howto it looks like a real-time/rolling window a...

by Engager in

How do you list the pages visited for a particular session id?

I'd like to get a list of sessions each with their page views and session durations like this: Session12324 | Sess...

by Explorer in

contingency command and percent

I have a search where I am trying to take the totals and turn them into a percentage. sourcetype="EPPWEB" source="...

by Builder in

Modify Splunk Output

So here's my problem, I'm using splunk to index some server logs. I am using the splunk javasdk to do a search and ge...

by New Member in

Remove first line from event types

How do i remove the first line from event type when importing a log file into our enviornment? I thought it would be ...

by Contributor in

Interactive field extractor

my search is based on the eventtype="someevents" and now I want to extract field and I want to restrict my fields ext...

by Builder in

Using regex to capture exactly 20 characters

I need to create a field extraction that extracts the first 20 characters ONLY from an error log; I've got the regex ...

by Explorer in

Extract the same field two different ways

I want to end up with a filed called mapi_err that contains a MAPI error string. I am looking at the third line in a ...

by Engager in

Splunk for configuration Management

Hi Guys, Can we use Splunk for configuration management? I know that splunk can be used for integrity checking of ...

by New Member in

How to exclude result based on static exception file

I've got a script that checks various settings on every host and returns data to the indexer via universal forwarder....

by Path Finder in

Eval ltrim forward slash oddity

Hi, Sure I'm missing something obvious, but: Raw data has field "SourceName" which is looks like this: api.interna...

by Engager in

Adding rex to only part of search

Hi all, I have 2 different log file types, 1 of which I currently need to add fields in search time and the other ...

by Explorer in

Usage suggestion for eval

It would be great if "eval" could do multiple evaluations in a single command, in a similar way that "stats" can: ...

by Builder in

What is difference between report and field extraction?

What is the difference between REPORT- and FIELD- ?

by Builder in

List of a list

Hi, We are using two source files to list data in this format: Name1: uniqueID1 uniqueID2 uniqueID3 Name2: uniq...

by Communicator in

How to run a command / Documentation unclear

Hi. How do i run this command? export OPENSSL_CONF=$SPLUNK_HOME/openssl/openssl.cnf I am trying to follow these...

by Engager in

Need REGEX to capture outermost curly-braces in CSV (some fields have nested curly-braces)

I have CSV events like this: f1,f2,{f3a,f3b},f4,{f5a,{f5b1,f5b2,{f5c2a,f5c2b}}},f6 Only certain...

by Esteemed Legend in

show multlines event in column

Hi, I have these multlines row event from different hosts and I would like show the multilines events by host. Exampl...

by Explorer in

Report to get conversion path from apache logs

I need to build conversion paths for customers based on apache logs, and not sure if I can accomplish this with Splun...

by Path Finder in

Merge results of two different searches

Hello! I have two fields named differently, containing the same data, that I would like to merge. I'd like to basi...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

To append or to appendcols? Timecharting same search over different time period

Joining entries using IDs

rsyslog regex or another way?

Problems to explore Data

Creating a Stacked Graph (Area but coloured like bar)

Simple newbie question - "stats count per user" not alerting

How do you list the pages visited for a particular session id?

contingency command and percent

Modify Splunk Output

Remove first line from event types

Interactive field extractor

Using regex to capture exactly 20 characters

Extract the same field two different ways

Splunk for configuration Management

How to exclude result based on static exception file

Eval ltrim forward slash oddity

Adding rex to only part of search

Usage suggestion for eval

What is difference between report and field extraction?

List of a list

How to run a command / Documentation unclear

Need REGEX to capture outermost curly-braces in CSV (some fields have nested curly-braces)

show multlines event in column

Report to get conversion path from apache logs

Merge results of two different searches

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...