Splunk Search

Ask a Question

Discussions

Thread Info

How to create specific timerange fields to group stats?

Hello, I have a collection of logs (same source type) but some of them have different or additional fields. In orde...

by Loves-to-Learn Lots in

Help joining two different sourcetypes from the same index that both have a field with the same value but different name

Hello everybody, I'm trying to join two different sourcetypes from the same index that both have a field with the ...

by Explorer in

How to achieve "Message":"###1234$$$ Invalid" result with rex?

splunk data: 2022-01-01T02:06:12.182Z 7c3edf29-c081-4cca-ae9b-0f79ef7d1c8d INFO {"InfoLogInformation":{"MethodName":"...

by Engager in

How to ceate a regex blacklist in inputs.conf with a common string value in log file?

Hi All, Having issue in identifying the correct blacklist regex expression to skip the few logs which are loading ...

by New Member in

How to find App based on source types and indexes?

Hello I have a quick question. are there any ways we can find a specific index name that was used within which Ap...

by Motivator in

Help with search for week event analysis

Hello Team, I have used to ask the same question in my previous ask :https://community.splunk.com/t5/Splunk-Search...

by Motivator in

How can I optimize my query ?

I have the following query with multiple joins and using max=0 which is not giving me all results as I think the size...

by Builder in

How to split a column into two based on condition?

Hi all, Pls consider this subset of data, ... - Date - Fruit - Seller - Bad_count - ... 11/8 - Apple - X - 3 ...

by Explorer in

Error The expression is malformed. An unexpected character is reached at '<<ITEM>> triggered only in Splunk v 8.2.2112.1

Hi, We are running Splunk on 3 Environments Env#1 is Splunk Cloud v 8.2.2112.1Env#2 is Splunk Cloud v 9.0.2208.3E...

by Builder in

Using CIDRMatch with a lookup of range IP

Hello community, I have a query returning result with an IP address value (src_ip). I used to add a line to match...

by Engager in

How to split up a string into multiple fields?

Hi, let's say there is a field like this: FieldA = product.country.price Is it possible to extract this valu...

by Motivator in

Dedup vs. Stats performance

Hi Splunkers! Some days ago, one of my colleagues told me that "if you want to delete duplicates on your search, u...

by Path Finder in

How to get list from inputlookup and run search on this smaller list?

Hi All, I have a SPL query that runs on an index , sourcetype which has milions of jobnames. I want to my SPL t...

by Explorer in

How do I join a search with a list of jobnames from a file DepC_listofjobs.csv?

How do I join a search with a list of jobnames from a file DepC_listofjobs.csv. This file has only one column which h...

by Explorer in

How to format _time column to display only month name

Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting d...

by Explorer in

How to avoid excessive memory usage error?

Hello,I am performing a search in Splunk Cloud but I am getting the following error, does anyone know how to resolve ...

by Explorer in

Can I use Splunk's anomaly detection in MLTK to enable ops folks to identify recent unusual log messages?

I want our operations folks to be able to quickly see which unusual log messages have started showing up. That is ...

by New Member in

Importing error code reasons from URL to Splunk query

Hi all. My company is working with GlobalScope and I wish to enter their error code description to Splunk. As of ...

by Explorer in

Why is my chart overlay not working?

Hi, I need to overlay two values in one chart with a common X axis and a Y axis on either side chart 1 - column...

by Path Finder in

What regex to use to drop everything after the last occurrence of a symbol?

Hi Splunk Community, I am working on a regex to filter the sources I am getting from logs. I am trying to drop eve...

by Path Finder in

Filtering out part of a value?

Hi all. I'm working with a FTP server which include a session number with each status and I wish to exclude the se...

by Explorer in

How to use extract using rex command?

"Context":"{"user id":"jane.doe.sen", "Expense Date":"11/10/2022", How to use extract this rex command? to...

by Engager in

How to use Wildcards with eval, stats, and count?

Hello! I have a field called "Customers Email" and I wanted to get a count of all the emails that end in .gov, .edu, ...

by Explorer in

Way to exclude results from Values() based on # returned?

I'm trying to do a search to find IPs trying to login in using multiple usernames (using Duo). I have it working ver...

by Engager in

Align all values of a table to the left (for PDF export)

Hello, I am currently trying to create a table on which every value, whether number or string, is aligned to the l...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create specific timerange fields to group stats?

Help joining two different sourcetypes from the same index that both have a field with the same value but different name

How to achieve "Message":"###1234$$$ Invalid" result with rex?

How to ceate a regex blacklist in inputs.conf with a common string value in log file?

How to find App based on source types and indexes?

Help with search for week event analysis

How can I optimize my query ?

How to split a column into two based on condition?

Error The expression is malformed. An unexpected character is reached at '<<ITEM>> triggered only in Splunk v 8.2.2112.1

Using CIDRMatch with a lookup of range IP

How to split up a string into multiple fields?

Dedup vs. Stats performance

How to get list from inputlookup and run search on this smaller list?

How do I join a search with a list of jobnames from a file DepC_listofjobs.csv?

How to format _time column to display only month name

How to avoid excessive memory usage error?

Can I use Splunk's anomaly detection in MLTK to enable ops folks to identify recent unusual log messages?

Importing error code reasons from URL to Splunk query

Why is my chart overlay not working?

What regex to use to drop everything after the last occurrence of a symbol?

Filtering out part of a value?

How to use extract using rex command?

How to use Wildcards with eval, stats, and count?

Way to exclude results from Values() based on # returned?

Align all values of a table to the left (for PDF export)

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions