Splunk Search

Ask a Question

Discussions

Thread Info

Why am I unable to search in field?

Hello All, I have a problem with my search. The following search works: index=test_index sourcetype...

by Engager in

How to remove unwanted row base on condition of column data?

Hi, I am new in Splunk, if I want to remove the display of all column field for T9_LotID_LaneA,T9_LotID_LaneB,T9_...

by Explorer in

How to compare logs from two different sources and create a table out of it?

Hi All, I have two set of logs in two different sources in splunk, one containing the predefined list of VPNs and ...

by Contributor in

Search for a field not containing a specific pattern.

I have two indexed fields, FieldX and FieldY. I want to search for all instances of FieldX that contain 'ABC' where F...

by Engager in

How to List records where a field contains a specific string?

I have an index: an_index , there's a field with URLs - URL/folder/folder I only want to list the records that cont...

by Engager in

How to extract mutiple value from json

Hi, I want to extract judgments to a fields from "37.0.10.15" and "47.105.153.104", Is there any way it can do th...

by Explorer in

Where did the test data go in the SPL tutorial?

In going through the SplunkCloud SPL tutorial, we are told to upload California drought data into Splunk, and we crea...

by Engager in

Why does predict command not predict?

Hi everyone, i need help to understand why i'm wrong and how to fix the problem. I've a lookup table in which is s...

by Engager in

How to Count multiple fields in histogram?

I have rows in the form: IDField1Field2Field3 And I would like to create a histogram that shows the values...

by Explorer in

How to trigger an alert when a metric is wrong on 3 consecutive spans?

Hi everyone, I have a search on approval success rates : stats count as TOTAL,count(eval(criteria)) as APPROVED | ...

by Engager in

Help with JSON regex replace

Command: rex mode=sed "s/\"name":\s\"[^\"]+\"/"name":"###############"/g" Regex seems to work fine in Regex101 ...

by Explorer in

How to expand/extract multivalue fields line by line?

Hi! I have 3 multivalue fields (max. 3 values per field) and I want to expand/extract them to single values. Data l...

by Explorer in

Could someone help me with this regex?

Can someone help me pull out these data points:cw.pptx;text.html;text.txtI need it to split at the ; mark but have th...

by Path Finder in

How to use addcoltotals base on one column or count the total on a accumulate result

Hello, I have an alert that output a csv file that look like this PersonNumber_of_loginLogin_failPerson A1 Person...

by Communicator in

How to match string in multi value field?

Hi experts, I have a filed called names as shown below, if i search with first line of strings then search returni...

by Path Finder in

How to use a columns value as a key to a different column for my results id like to output?

I have two columns per event I am trying to use. Well call these col1 and UknownRandomColumnN...

by Explorer in

How to achieve a query for two events based on intersection of common value - without using join?

I want to run a query where: 1. Query1 returns resultset1containing myEvent1.uid 2. Query2 returns resultset2 c...

by Path Finder in

Why are we having an appendcols issue?

There is something wrong with the data output by using apendcols. The data of Total_Actual is blank from 02-2022. But...

by Explorer in

How to join with one key but multiple results?

Hi I have a table similar to this: Brand ID_EMP Nike 123 Adidas 456 Lotto 123 other table like th...

by Engager in

Bucket and eval result to percentage calculation

Greetings Community Experts I have a group of devices that each should report state to a portal every 10 seconds. I...

by Path Finder in

How to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER?

2022-06-12 21:51:42.274 threadId=L4C9D6WIYK2K eventType="RESPONSE" data="<TestRQ>sometestdata</TestRQ>"2022-06-12 21:...

by Explorer in

The "ltrim" problem

Hi Everyone, There's a small problem I'm having while using the ltrim function.Query: | makeresults | eval ...

by Explorer in

How to return a rex field from a subquery?

Hi, I would like to return the rex "field" from a subquery so I can print it out. How do I do that? index=... "some...

by Loves-to-Learn in

Is there a command that I can add to the search query in order to pass the results to the index?

Hello, I have a question regarding the indexing of search results. So, I have an alert that's currently active per...

by Observer in

Help with Logic of Compound Subsearch with inputlookup

I'm struggling to create a search using an inputlookup and multiple NOT searches. Background: I have an inputlooku...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I unable to search in field?

How to remove unwanted row base on condition of column data?

How to compare logs from two different sources and create a table out of it?

Search for a field not containing a specific pattern.

How to List records where a field contains a specific string?

How to extract mutiple value from json

Where did the test data go in the SPL tutorial?

Why does predict command not predict?

How to Count multiple fields in histogram?

How to trigger an alert when a metric is wrong on 3 consecutive spans?

Help with JSON regex replace

How to expand/extract multivalue fields line by line?

Could someone help me with this regex?

How to use addcoltotals base on one column or count the total on a accumulate result

How to match string in multi value field?

How to use a columns value as a key to a different column for my results id like to output?

How to achieve a query for two events based on intersection of common value - without using join?

Why are we having an appendcols issue?

How to join with one key but multiple results?

Bucket and eval result to percentage calculation

How to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER?

The "ltrim" problem

How to return a rex field from a subquery?

Is there a command that I can add to the search query in order to pass the results to the index?

Help with Logic of Compound Subsearch with inputlookup

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions