Splunk Search

Ask a Question

Discussions

Thread Info

How to extract field using regex?

Hello everyone, Please, I need to extract a field named product (with its value in bold) from the below Message fi...

by Path Finder in

Help with rex and multi-value fields, assigning key value pairs?

Hi All, I have a search which parses key/value pairs out of a strangely-formatted XML field. ...

by Engager in

Splunk Search-Where is key dynamic?

Hello , I have data like below. I need to frame a query such that I can calculate number of desync for each rate-p...

by Explorer in

How to compare results of 2 periods?

Hello, guys. I am struggling with my search in splunk and would appreciate any help. Currently I have search ...

by New Member in

Lookups with extracted fields not working- Why can't I see the active or group fields in events?

I am a fairly new to Splunk, and I am having a lot of trouble using the table lookups. I have a lookup CSV ta...

by Path Finder in

How to FILTER same events whit two or more fields in a time interval?

Hello team !! Im working whit CDR of SMS and I have to find a way to visualize that two fields are repeated more t...

by Explorer in

Rex mode=sed to substitute < & > with nothing?

Greetings! The target filed is message_id and sometimes the field value comes with brackets <b8047a671f47430cb44af...

by Explorer in

"Middle" parameter for stats command?

Hi all! We use stats commands to pull in data from our APIs. But, our APIs get called multiple times in a single s...

by Path Finder in

How can I split Splunk query into time ranges?

Hi Everyone, If I am searching through the past 4 weeks in one query, how can I break this data into two columns, ...

by Explorer in

How to create an alert to notify when a job runs over a specified time?

My requirement is to notify when the job runs more than the specified time, condition 1 - the first job of every d...

by Contributor in

Help with Search in XML file-Multiple lines data for validation of HTTP response content validation for API calls

I am new to Splunk query I need to capture the filed value of tn "Subscription_S04_LookupInvoiceStatus" and Resp...

by Explorer in

Regex help, using ^ character

Hey, I was trying to filter some search data in splunk using regex. I was able to figure the regex part. Howeve...

by Explorer in

How to display only a substring of result set?

When i search for the string "ERROR" in a log i get the below < DEBUG : blah blah INFO : blah blah blah ...

by Explorer in

Firewall logs ingest- What is causing spike in firewall data?

My organization has a 10G a day data ingest subscription with splunk. Recently, every Tuesday, our firewall data ing...

by New Member in

How can I measure the search run time until the first result is returned?

I'm benchmarking performance of search queries. I noticed that although the entire search pipeline takes long to c...

by Engager in

Dashboard Studio: How Download as PDF a full table without the scrollbar?

Hello, When I download a dashboard with dashboard studio it come out with the horizontal and vertical scrollbars. ...

by Loves-to-Learn Everything in

Is there a way to "automate" similar field names function?

Hi, Just curios if this is possible as I have interesting challenge. So, I have extracted fields, key=value ...

by Communicator in

What are steps to retrieve frozen data and make it searchable again? Can I specify specific data (date) to be retrieved?

What are the steps to retrieve frozen data and make it searchable again? Can I specify specific data (date) to be ret...

by New Member in

How to achieve search that If count is less than 0 change it to 0?

Can someone please help me with this. I have looking for a query so that if count is less than 0 change it to 0, ...

by Explorer in

How to search each value of a lookup table and update the corresponding column based on SPL?

Hi All, I have a lookup table table1.csv with following fields: - indexsourcetypehostlast_seenI have a custom ind...

by Contributor in

How to auto dynamically extract all keyN to fields?

Hi, I have a log that will dynamically add "fields" to log record based on some logic. It's syslog begging + pa...

by Communicator in

How to compare average of last 30 days to last 90 days in single search?

I believe there is no report Splunk cannot produce, but I'm having trouble with this one. I'd like to generate a repo...

by Explorer in

Can I do all that in one search string, or do i have to create a search for each index?

I am not sure how to word this so I'm going to bring it as an example. We have 3 firewalls that send logs for inge...

by Path Finder in

How do I get total count of a field per host?

Hi, I am new to splunk, this might have asked and answered but didn't get the answer when i searched it. here is m...

by Explorer in

Is there any way of taking the field name in an event and using the lookup renaming it to what is found in the lookup?

I'm working with the "Jira Issue Input Add-on" and in Jira we have created custom fields. Splunk ingests issues and ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract field using regex?

Help with rex and multi-value fields, assigning key value pairs?

Splunk Search-Where is key dynamic?

How to compare results of 2 periods?

Lookups with extracted fields not working- Why can't I see the active or group fields in events?

How to FILTER same events whit two or more fields in a time interval?

Rex mode=sed to substitute < & > with nothing?

"Middle" parameter for stats command?

How can I split Splunk query into time ranges?

How to create an alert to notify when a job runs over a specified time?

Help with Search in XML file-Multiple lines data for validation of HTTP response content validation for API calls

Regex help, using ^ character

How to display only a substring of result set?

Firewall logs ingest- What is causing spike in firewall data?

How can I measure the search run time until the first result is returned?

Dashboard Studio: How Download as PDF a full table without the scrollbar?

Is there a way to "automate" similar field names function?

What are steps to retrieve frozen data and make it searchable again? Can I specify specific data (date) to be retrieved?

How to achieve search that If count is less than 0 change it to 0?

How to search each value of a lookup table and update the corresponding column based on SPL?

How to auto dynamically extract all keyN to fields?

How to compare average of last 30 days to last 90 days in single search?

Can I do all that in one search string, or do i have to create a search for each index?

How do I get total count of a field per host?

Is there any way of taking the field name in an event and using the lookup renaming it to what is found in the lookup?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions