Splunk Search

Discussions

Thread Info

How to create a regex for a log file which contains multiple values throughout the log which required same field name?

Hello Team,This is the first time I am posting a question and hope that I have explained it thoroughly. I am tryin...

by Loves-to-Learn in

Is there a way to use rex to divide api name?

I have an access logs which prints like thisserver - - [date& time] "GET /google/page1/page1a/633243463476/googlep1?s...

by Communicator in

Is there a dedup command to remove events that have same timestamp?

hello guys, Is there any way that I could remove duplicate events that have same timestamp using this below search...

by Explorer in

mvfind can't see spaces and parenthesis

I'm trying to use where(isnotnull(mvfind(mvfield,field))) to search to see which records are part of a list. The fiel...

by Explorer in

Is there an existing grammar of the SPL language that can be used with ANTLR4?

Hi Splunk Community, I am interested in parsing Splunk searches and I am hoping that somebody here can point me to ...

by Engager in

Why can't values of fields from field extractions be searched as expected?

Hi there, I created multiple field extractions, extracting values from different sourcetypes into the same field: ...

by Path Finder in

How to format when fields match between multiple sources and loop through items?

Hi All, Below is the sample data looks like. sourcetype_1 s1_field1: 123 s1_field2: { { ID: 2 Na...

by Explorer in

How to get standard deviation of daily maximum over x days per event criteria?

Gudde Muergen!I'm quite new to Splunk, so I'm having difficulties figuring out how to do this search properly. Her...

by Observer in

Help with below query

100 * sum([x]) / sum([y] - [z])

by Path Finder in

Is there any advice or suggestions for a project that focuses on setting up a NOC for a network of operators?

Salut vous allez bien j esper alors j'aimerai avoir des conseils ou des uggestion pour un projet qui porte sur la mis...

by New Member in

How to get average value of fields?

hi all, i have some events with a field called RUNTIME for each job. how can i get the average value of RUNTIME f...

by Path Finder in

Events coming along with user when using top, rare?

Hi When i'm searching the top users who logged into a host, I'm getting event data along with the user when i'm u...

by Engager in

How to implement whois lookup for ips hitting fw?

Hi.. I have to find the ip address hitting fw for that i have to implement the whois lookup for the hitting ips bu...

by Path Finder in

Splunk search command time modifiers not working

I want to strip certain results by time from my search. I eventually plen to place a dedup command between the first ...

by Explorer in

What is the issue with my SPL?

Hi, I am a new Splunk user and this is my first post on the community forum. If I am not following guidelines please...

by Engager in

How can I make interpolation between given two points in Splunk, where time variable is not involved?

Hi Team, Considering the image shared below:- x1 is my x-axis and y1 is my y-axis. I would like to i...

by Explorer in

How to search multiple lines and create an alert when certain values match?

Hi, I am a beginner here in Splunk. I am trying to search multiple lines in the log and generate an alert if cert...

by Explorer in

Splunk oneshot returns empty results sometimes

I am using Python SDK to run Splunk queries at 10 minute interval to collect data for my application. I have nearly 3...

by New Member in

Help with deduping similar values

Hi Everyone, I have a field called "User" that contains similar values and I was wondering how to remove or merge s...

by Contributor in

How to extract same set of values from different log format?

EventAgentLogin ================== 2022-12-14 06:39:03.875 TRACE 12632 --- [New I/O client worker #1-6] c....

by Explorer in

How can I write the rex for the following regex?

I want to write the rex command for the following regex and give it a new field where the findings will be dumped int...

by New Member in

How to trace and span in Splunk Enterprise?

Hi Is it possible to feed opentelemetry log to "splunk enterprise" and draw trace and span without use Splunk APM?...

by Motivator in

How to get first logout after login?

I have daily user login/logout data like this: date,user,action2020-04-14 01:00:00,user1,login2020-04-14 01:05:00,...

by Explorer in

Splunk custom script with python and pip library | Integrity check of installed files failed

Hello Splunkers,I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a...

by Contributor in

How to change chart marker size for each fields in splunk?

Hi Team, Current i have fields and with this query below, was able to get all fields are in same size. <option n...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a regex for a log file which contains multiple values throughout the log which required same field name?

Is there a way to use rex to divide api name?

Is there a dedup command to remove events that have same timestamp?

mvfind can't see spaces and parenthesis

Is there an existing grammar of the SPL language that can be used with ANTLR4?

Why can't values of fields from field extractions be searched as expected?

How to format when fields match between multiple sources and loop through items?

How to get standard deviation of daily maximum over x days per event criteria?

Help with below query

Is there any advice or suggestions for a project that focuses on setting up a NOC for a network of operators?

How to get average value of fields?

Events coming along with user when using top, rare?

How to implement whois lookup for ips hitting fw?

Splunk search command time modifiers not working

What is the issue with my SPL?

How can I make interpolation between given two points in Splunk, where time variable is not involved?

How to search multiple lines and create an alert when certain values match?

Splunk oneshot returns empty results sometimes

Help with deduping similar values

How to extract same set of values from different log format?

How can I write the rex for the following regex?

How to trace and span in Splunk Enterprise?

How to get first logout after login?

Splunk custom script with python and pip library | Integrity check of installed files failed

How to change chart marker size for each fields in splunk?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!