Splunk Search

Discussions

Thread Info

Create a search or subsearch to retun 0 results

Hello All, Thanks for a great resource for Splunk and searches I am using the linux_secure sourcetype. I have a...

by Builder in

How to fix column name and evaluate times?

I have a dbquery ouput that looks like the below, unfortunately i cant update the actual database query to make it mo...

by Explorer in

How do I alter the width of 3 single values to fit in a single row within a panel?

I've got 3 single values and I'd like to put them into a row within a panel. The problem is that the last single valu...

by Loves-to-Learn in

How to cut data to fourth character "|"?

I want to cut data that goes up to the fourth symbol "|". How can i do it through | rex?Example data:2022-12-15 15:27...

by Explorer in

How to display all values in a field?

Hi. I'm looking to make a table/stats of all fields in a search to display all values inside of each field. Sim...

by Explorer in

Is there a way to match this and produce result with both uri_path and api_name?

My Access logs: server - - [date& time] "GET /google/page1/page1a/633243463476/googlep1 HTTP/1.1" 200 350 85rex query...

by Communicator in

How to change timechart default Y axis default scale?

Hi，Splunkers, I have a timechart, which have value for count by VQ less than 10, but default y axis scale...

by Communicator in

How to refer a eval reference in rex to change the group name dynamically?

How to use eval reference in rex command. Here is what I have tried so far: MyMacro: myrextest(1) |...

by Loves-to-Learn in

How to use rex to create a field and using lookup to inject the data in the same field?

I am using rex field to extract the field name and then inject the data so I can get only the desired fields but not ...

by Communicator in

How to group two field and count content?

Hi, I have table below then I need to grouping field and need to eval (+ )the value become below table ...

by Explorer in

Why am I having this issue Parsing Vulnerability Data?

Community, I am attempting to retrieve events in Splunk regarding Tenable vulnerability data. The goals are as fo...

by Path Finder in

How to convert tabular data to a specific format?

Hello,I've the following tabular formatted data: How can I achieve the following: Thanks in adv...

by Path Finder in

How to create a timechart to show only when values change for a particular field?

Hello Splunkers , I want to know if we can create a timechart that will show only values when they change ..I...

by Builder in

How to align events returned by two separate searches in a table?

Reference post https://community.splunk.com/t5/Splunk-Search/How-to-align-events-returned-by-two-separate-searche...

by Explorer in

How to use lookup table to make a filter?

hello, i would like to make a filter with an index field named "host", that means this field has to be different o...

by New Member in

How to export events as JSON format?

Hi All, I am trying to export events in JSON format, and I am able to do it, and getting events like the one below...

by Path Finder in

How to perform chart command with two multifield columns in the table?

I performing the chart command for the below kind of table. Command : [|Chart values(course) as course ove...

by Explorer in

How to get eval command to display results with X days before current date?

Hi All, i have a field "last_seen" which shows date in the below format . My requirement is to compare today's dat...

by Builder in

How to pick the specific log time?

Hi all, My lead give some task .To create a table, we have lot of source type ... source type have the different s...

by Explorer in

How to create a regex for a log file which contains multiple values throughout the log which required same field name?

Hello Team,This is the first time I am posting a question and hope that I have explained it thoroughly. I am tryin...

by Loves-to-Learn in

Is there a way to use rex to divide api name?

I have an access logs which prints like thisserver - - [date& time] "GET /google/page1/page1a/633243463476/googlep1?s...

by Communicator in

Is there a dedup command to remove events that have same timestamp?

hello guys, Is there any way that I could remove duplicate events that have same timestamp using this below search...

by Explorer in

mvfind can't see spaces and parenthesis

I'm trying to use where(isnotnull(mvfind(mvfield,field))) to search to see which records are part of a list. The fiel...

by Explorer in

Is there an existing grammar of the SPL language that can be used with ANTLR4?

Hi Splunk Community, I am interested in parsing Splunk searches and I am hoping that somebody here can point me to ...

by Engager in

Why can't values of fields from field extractions be searched as expected?

Hi there, I created multiple field extractions, extracting values from different sourcetypes into the same field: ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create a search or subsearch to retun 0 results

How to fix column name and evaluate times?

How do I alter the width of 3 single values to fit in a single row within a panel?

How to cut data to fourth character "|"?

How to display all values in a field?

Is there a way to match this and produce result with both uri_path and api_name?

How to change timechart default Y axis default scale?

How to refer a eval reference in rex to change the group name dynamically?

How to use rex to create a field and using lookup to inject the data in the same field?

How to group two field and count content?

Why am I having this issue Parsing Vulnerability Data?

How to convert tabular data to a specific format?

How to create a timechart to show only when values change for a particular field?

How to align events returned by two separate searches in a table?

How to use lookup table to make a filter?

How to export events as JSON format?

How to perform chart command with two multifield columns in the table?

How to get eval command to display results with X days before current date?

How to pick the specific log time?

How to create a regex for a log file which contains multiple values throughout the log which required same field name?

Is there a way to use rex to divide api name?

Is there a dedup command to remove events that have same timestamp?

mvfind can't see spaces and parenthesis

Is there an existing grammar of the SPL language that can be used with ANTLR4?

Why can't values of fields from field extractions be searched as expected?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!