Splunk Search

Ask a Question

Discussions

Thread Info

How to display header on transpose command?

Hello As you can see in my search I transpose time in my header field | eval time=strftime(_time,"%H:%...

by Motivator in

How to monitor contents of the same file but the file will be replaced daily?

Hi, I have a use-case where I need to monitor the contents of a file that will be replaced on a daily basis (name ...

by Contributor in

How to create a table column specific column width adjustment

I have around 10 columns in table and want to set the first 3 columns to 10% width and i used below method but its no...

by Builder in

Searching the results of a query in a different index

I have a query that returns a table of extracted IDs: index=my_index | rex field=_raw "ID=\[(?<id>.*\]\[.*\]" | tab...

by Explorer in

How to create hyperlink that directs to search query on Splunk dashboard?

it should look like below 2 search by employeeid(hyperlink) search by app(hyperlink) once clicked on above ...

by Explorer in

How to get the compare field results and filter out certain results based on results in a certain field.

I have a Threat Intelligence search that I would like to filter on based on results, so the scenario is if the Threat...

by Explorer in

How to search ForEach value in table

I would like to search for each value in an extracted field. My intial query is as follow: index=monet...

by New Member in

How to use SED command to select from nth position?

I have a SED command in props.conf as below SEDCMD-replace-name = s/ethan/thomas/g This will replace all eth...

by Path Finder in

How to extract text from raw data using rex?

I'm new to regex and having trouble extracting some text. My raw data is in the following format: ID=[12839829389-8...

by Explorer in

Is it possible to get sum of Top 5 values per field?

Hi there, So, I have table with Server Names and their load values Server Load capacity G1 10 G1 80 ...

by Path Finder in

How to pull in client/server errors into table format?

Hello - thank you for assisting in advance. I need to write up a query which will pull in client/server errors from e...

by Path Finder in

Combine multiple search fields

Hi, We have a scenario where we have three different events that should combine together based on Event ID. Ex...

by Communicator in

Issue with stats count(eval()) command

Hi, I have this query: index="sample_data" sourcetype="analytics_sampledata.csv" | rename "Resolution Code" as...

by Path Finder in

How to remove null value from multiselect input

Hi All, In my dashboard, I have edit data option. For few multiselect input option the previous value is null, ...

by Path Finder in

Why isn't regex101 to Splunk rex translation insertion working?

Hi, I managed to get my regex101 expression working, however, I am not able to get it working in splunk. I would ...

by Path Finder in

Why search not displaying results for those values only if any index/sourcetype is missing logs?

Hi, After reviewing most of the posts and not finding a solution. I finally came here to ask for help related to ...

by Engager in

How to split delimited log, extract a field and group by the value

Hi: I have logs that is delimited by ||. I would like to extract nth value from each log and group them by value and ...

by Explorer in

How to Edit HTML using Splunk Interface?

There is a way to modify HTML page using Splunk interface? I uploaded an HTML on Splunk file and if I want to mod...

by Loves-to-Learn Lots in

How can I break events within events?

I have middleware .out file to be monitored with Splunk.The events are breaking with respect to the time stamps as be...

by Observer in

Do we have any Tarrask Malware detection queries for Splunk Enterprise?

by New Member in

How to Bind 2 events?

Hello, I have the following 2 events : 1st event : { [-] dimensionMap: { [-] User type: Real...

by Explorer in

How to do regex Extraction on multiple lines?

I have been avoiding RegEx for quite sometime in Splunk but I now I really need to deal with it and understand it. ...

by Loves-to-Learn Everything in

How to optimize my SPL?

Hello Splunkers, I want to optimize my splunk search. I have attached the screenshot of my search. From the raw da...

by Motivator in

How do you transform table values like this?

Is there a way or command to make the table results something like on the expected output.current data: hostnameip...

by Engager in

How to bring the deepest data in multiple subsearch

Hi Splunk experts!! Please tell me about how to bring the deepest data in multiple subsearches. Of course, if there...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display header on transpose command?

How to monitor contents of the same file but the file will be replaced daily?

How to create a table column specific column width adjustment

Searching the results of a query in a different index

How to create hyperlink that directs to search query on Splunk dashboard?

How to get the compare field results and filter out certain results based on results in a certain field.

How to search ForEach value in table

How to use SED command to select from nth position?

How to extract text from raw data using rex?

Is it possible to get sum of Top 5 values per field?

How to pull in client/server errors into table format?

Combine multiple search fields

Issue with stats count(eval()) command

How to remove null value from multiselect input

Why isn't regex101 to Splunk rex translation insertion working?

Why search not displaying results for those values only if any index/sourcetype is missing logs?

How to split delimited log, extract a field and group by the value

How to Edit HTML using Splunk Interface?

How can I break events within events?

Do we have any Tarrask Malware detection queries for Splunk Enterprise?

How to Bind 2 events?

How to do regex Extraction on multiple lines?

How to optimize my SPL?

How do you transform table values like this?

How to bring the deepest data in multiple subsearch

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!