Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splunk regex help

Hi Team, I've a field name uri, which has value like this -- /dev/{AccountNumber}/accountDetail /uat/{Conte...

by Explorer in

Trying to extract fields using regex

Hi, I am new to Splunk environment. I am trying to extract ModifiedAccountName, ModifiedAccountDomain, Modified...

by Engager in

Find all fileds by file list

I have a data in Splunk like FnameLnameCountryfname1lname1USAfname2lname2USAfname3lname3USA And I have fi...

by Explorer in

Field extraction for space

Hi Team, We have one field as Customer=ABC DEF where one space in between where if i am giving any as Customer = *...

by Engager in

Create Statistic Table Based on Regex

Hi experts, I am new to Splunk and came across this requirement at work. Requirement: I want to create a table sh...

by Explorer in

Table with two headings

Hi ALL, I have the below data in a log . Type = success or error . region names( In, CN, EMEA, APAC) ...

by Path Finder in

Displaying difference between two search query stats

I am using the following query to retrieve events that I then display. I would like to add another column that is th...

by Engager in

why user with same role not able to see data

Hi Guys, I have created a simple query with stats command and I'm able to see the required results. If same searc...

by Contributor in

FInd different value from "-" on column

HelloI have a query that gives me the data below: _time | id | orde...

by Explorer in

deploy and configure apps to a cluster with heavy forwarders

Can anyone tell me the steps to deploy and configure multiple apps in a cluster with heavy forwarders.

by Explorer in

JSON field extraction from JSON event with inner JSON

This seems to be an odd issue or at least I've been searching for the wrong thing. My event sourcetype is json and t...

by Engager in

Filtering data prior to timechart - finding values that are outside of filter

I'm seeking to make a spunk timechart of values that match a certain filter: source="/var/log/bcore/ws_metric*" eve...

by Explorer in

Limiting lookup options using a token

Hi all,I have a lookup and I'd like to filter based on tokenized value. The lookup dropdown also sets a different tok...

by Path Finder in

Too many results returned from SFDC Lead object

I've been having a hard time trying to get a Splunk search that will give me a count of all records in my Lead object...

by Explorer in

Splunk 8.0.1 : How to change show_source CSS about long lines

Hello,After upgrading to Splunk 8 from Splunk 6, it seems that the "show_source" view ( used in "Event actions" -> "...

by Engager in

Props Conf File

How would I write the props config file for following events, any help will be highly appreciated, thank you! ...

by Motivator in

How to increment the field based on the previous value based on the condition?

Dear Splunkers, I want to increment the fields value based on Some conditions as like below. Limit | C...

by Explorer in

Extract JSON objects

How can i extract this:"properties": {"nextLink": null,"columns": [{"name": "Cost", "type": "Number"},{"name": "Date"...

by Motivator in

Setting a queue for dashboards when maximum of concurrent historical searches has been reached

I have a dashboard with several different base searches that is transformative searches. However I get the error of m...

by Explorer in

My tstats isn't returning results from the other datasets

Hi, I have several datasets that have the exact same format with only the source of the data differing. I've duplic...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk regex help

Trying to extract fields using regex

Find all fileds by file list

Field extraction for space

Create Statistic Table Based on Regex

Table with two headings

Displaying difference between two search query stats

why user with same role not able to see data

FInd different value from "-" on column

deploy and configure apps to a cluster with heavy forwarders

JSON field extraction from JSON event with inner JSON

Filtering data prior to timechart - finding values that are outside of filter

Limiting lookup options using a token

Too many results returned from SFDC Lead object

Splunk 8.0.1 : How to change show_source CSS about long lines

Props Conf File

How to increment the field based on the previous value based on the condition?

Extract JSON objects

Setting a queue for dashboards when maximum of concurrent historical searches has been reached

My tstats isn't returning results from the other datasets

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...