Splunk Search

Thread Info

Unable to parse macro name from map command

I have a lookup table with a field that contains a macro name. the rows returned from the lookup table dictate which ...

by Communicator in

Splunk query

I have One primary index which contains 30 days logs, but i want from one year for this purpose i created One more sp...

by Path Finder in

Extract erros from logs

Hi, I'm new to Splunk and I would like to get top errors on a table, but the external API returns a stack tracing m...

by Explorer in

rex on rex101 works fine...Splunk returns a blank

I have a rex built that when plugged into rex101 works fine, but when applied via a Splunk query, returns a blank res...

by Explorer in

How to remove everything after a specific character and any digit

I want remove everything after "-" and any digit for example -1,-2,-3...-9,-0 I'm using rex function but not getti...

by Engager in

How to make rest search on one search head able to get results from other search heads?

If you have a dashboard that has a panel with a search like the one below: | rest splunk_server=* /services/-/-/ad...

by Path Finder in

different format field extraction using rex

Hello @Anonymous Please help me out here. I was trying to extract a field "faultDescription". but the logs h...

by Path Finder in

search using terms from lookup in an (mv) string field.

I have an mvfield of type string in my results. I want to search and match all values of this field for words tha...

by Path Finder in

filter search results based on subsearch with regex

Hi dear community!I'm trying to build the dashboard using records in two states STATE1 and STATE2. I'm logging state ...

by Engager in

combine two result on a timechart for compare them

Hi I have two result like this REQ Name count Node1.Node2 100 Node3.Node4 ...

by Motivator in

compare record from yesterday to today if field equals

Say I have a batch job that pushes JSON records that look like this on Monday: { Department: Engineering Employee...

by Explorer in

rex to extract string

Hi I have log like this: 2022-02-01 11:59:59,869 INFO CUS.AbCD-Host-000000 [AppListener] Receive Packet[0000000*]: ...

by Motivator in

Timechart on Bar graph showing null space

In timechart command used cont=false and in table statatics its not showing data on empty values but in bar graph . t...

by Builder in

Why is a single instance of splunk not running query and giving an error "CacheManager - Last run failed to evict requested bytes"?

03-09-2018 12:51:44.372 -0500 WARN CacheManager - Last run failed to evict requested bytes. Performing eviction in u...

by New Member in

Substituting key values on raw text

Let's say I have a CSV input with the following columns: _raw,user,src_ipThe _raw event is: "Accepted public key fo...

by Builder in

Lookup help: Replace column result with value in other lookup

Hey Splunkers. Quick question regarding my lookup. I have the Identity lookup with ES and I'd like to replace the 'pr...

by Communicator in

How do i pick the first and last value in a table with one column

I am doing a CTF that provides logs to filter and work through, one of the questions asks for the time period between...

by New Member in

How to remove duplicate value from one column and do addition of corresponding values in another column

I have 2 columns 1 has application name another has number of instances . I want to remove duplicate application nam...

by Engager in

Search blocked by license notice

Hello, We recently installed Splunk, we thought we had a free license, however we got a notice that we have exceede...

by Explorer in

how to move a value into adjacent row

Hello, I have a condition when the variable new_tag of the previous row is equal to 1 and the variable test_tag of ...

by Explorer in

How could I adjust the time to only show the yyyy/mm/dd/hour/minute?

Hi, all! Here's my current time format! How could I adjust into the format from 2022-01-20 18:21:19,448 to 2022-01-...

by Path Finder in

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

After upgrading our environment from 8.1.3 to 8.2.3, some searches return "StatsFileWriterLz4 file open failed". Our ...

by Engager in

help to retrieve a token value in a dropdown list

Hi I launch a dashboard from another dashboard when I click on the field "Site" /app/spl_pub_dashboard/bib_re...

by Motivator in

Timewrap with specific time range

Hi, Iam a newbie and have just started exploring the power of splunk. My below query works fine except that I need ...

by Explorer in

Splunk Event difference calculation

hi, i am using the below query to list the bootup time and downtime based on event code.. but if the bootuptime sho...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Unable to parse macro name from map command

Splunk query

Extract erros from logs

rex on rex101 works fine...Splunk returns a blank

How to remove everything after a specific character and any digit

How to make rest search on one search head able to get results from other search heads?

different format field extraction using rex

search using terms from lookup in an (mv) string field.

filter search results based on subsearch with regex

combine two result on a timechart for compare them

compare record from yesterday to today if field equals

rex to extract string

Timechart on Bar graph showing null space

Why is a single instance of splunk not running query and giving an error "CacheManager - Last run failed to evict requested bytes"?

Substituting key values on raw text

Lookup help: Replace column result with value in other lookup

How do i pick the first and last value in a table with one column

How to remove duplicate value from one column and do addition of corresponding values in another column

Search blocked by license notice

how to move a value into adjacent row

How could I adjust the time to only show the yyyy/mm/dd/hour/minute?

"StatsFileWriterLz4 file open failed" error after upgrade to 8.2.3 when searching

help to retrieve a token value in a dropdown list

Timewrap with specific time range

Splunk Event difference calculation

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...