Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

identify server host names as developemnt or test by name

Good afternoon I have a question about identifying the type of environment the servers are in by their hostnames be...

by New Member in

Duplicate entries in splunk search

Hi Splunk experts I need one help, the splunk search is giving me duplicate entries when I do a search. I have made...

by Explorer in

Dedup vs. Stats performance

Hi Splunkers! Some days ago, one of my colleagues told me that "if you want to delete duplicates on your search, u...

by Path Finder in

Remove the first line of CSV to index in splunk

I have a CSV file which first row contains the hear fields and remaining rows contains values as below. name,a...

by Explorer in

Adding Field Values Generated by a |stats latest(fieldvalue) command

Hello - I have the following search:<base search>| fields host registrations| stats latest(registrations) by ho...

by Explorer in

Disabling "Click Selection" on search results

Under "Format", there's a setting for "Click Selection". I remember that in Splunk 6, I could set that to "None" (or ...

by Explorer in

How to group by two months.

My query "mwt-service" my query |stats count by channel service date_month yields result like c...

by Observer in

help on appendcols subsearch

Hello I use the search below in order to calculate a volume percentage | inputlookup host.csv | looku...

by Contributor in

subsearches

by Loves-to-Learn in

Splunk 8.0 sendemail/subsearch issues after upgrading

Recently upgraded from 7.2.3 to 8.0 and a previously configured scheduled alert is not longer sending emails correctl...

by Engager in

drilldown based on time

Hi, the following pic shows the chart in the left hand side, i want a drilldown based on time when i click on the ...

by Explorer in

How to feed a dropdown list from the search linked to this fropdown list

Hi As you can see in my XML I use a dropdown list which is feeded from a csv file I would like to be able to feed...

by Contributor in

event field extraction

We are unable to get more fields from search head. How we can to get more fields(all parsing fields) from event. T...

by Loves-to-Learn in

Search - joining results in table

Hello all, How would I join bellow results by common field -> host? Same index is used. I was able to create adva...

by Explorer in

JSON

I have a JSON file with .json extension which has a complete one line unstructured json. any events gets added to the...

by Observer in

Count distinct SPL help

Hi, Looking forward to learn from you guys. I am stucked at this calculation: Total of product in contract.I made a s...

by Explorer in

Need to split string at last character before numeric value.

So i have a possibly unique requirement, i'm trying to split up so log data but i have a string in one field that con...

by New Member in

Correlating two logs help, newbie

Hi, Ok at this point I can barely spell SPLUNK but I have gone through a bootcamp course and I'm trying to pull of...

by Explorer in

How to extract only latest events from particular field.

Hi Folks, I need your help in fetching latest event from a particular field. Sharing you a sample event and quer...

by Explorer in

Positive lookahead in rex to extract ABC, BCD, & CDE from ABCDE

Hi, folks.I am stumped on this matter. My goal is extracting ABC, BCE, & CDE from ABCDE into a multivalue field. So...

by Explorer in

Splunk Search

Discussions

identify server host names as developemnt or test by name

Duplicate entries in splunk search

Dedup vs. Stats performance

Remove the first line of CSV to index in splunk

Adding Field Values Generated by a |stats latest(fieldvalue) command

Disabling "Click Selection" on search results

How to group by two months.

help on appendcols subsearch

subsearches

Splunk 8.0 sendemail/subsearch issues after upgrading

drilldown based on time

How to feed a dropdown list from the search linked to this fropdown list

event field extraction

Search - joining results in table

JSON

Count distinct SPL help

Need to split string at last character before numeric value.

Correlating two logs help, newbie

How to extract only latest events from particular field.

Positive lookahead in rex to extract ABC, BCD, & CDE from ABCDE

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Error after configuration in Splunk

How do I compare search results from two different...

creating a correlation search for data exfiltratio...

Is there a workflow to populate field on page not ...

This search has encountered a fatal error and has ...

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >