Splunk Search

Ask a Question

Discussions

Thread Info

JOIN on some of the columns

I have a table (that is a spitted URL) in the following format: field1field2field3field4field5field6aaaaa11111q...

by Path Finder in

stats count by field and show total

Hello, I want to calculate the count of total events, count of errors and show the total percent of the failures fr...

by Communicator in

Getting the Date for the max() value

Howdy I have a search like this: Everything is great! Would it be possible to add a column that contai...

by Loves-to-Learn in

rex extract number

Hi 2022-01-04 23:10:43,224 INFO [APP] sessionDestroyed, Session Count: 02022-01-04 23:12:34,238 INFO [APP] sessionC...

by Motivator in

Searching a 2nd index with a field extraction using rex

I have a index=weblogs where I filter results and then REX extract an IP address to a new field called RemoteIP. I ...

by Explorer in

Using "earliest" and other time modifiers in ad hoc queries

Is it possible to put time modifiers like "earliest" into a search and essentially disregard the time range drop-down...

by Path Finder in

Using stats command to return 0 value

Hi There: I'm trying to return the list of access_users with 0 web hits from the web_hits table. How can i adjus...

by Path Finder in

Old data cannot load

Splunk can not load old data only load current data. Though it shows event count. Before that I have moved some splun...

by Observer in

Column Chart - unstack and stack in one chart. Show a column value as tooltip

I have two questions. 1.Is it possible to Stack and unstack in a single column chart?in the below chart the line on...

by Explorer in

How to combine multiple values to single row

I want to divide different multi-values based on IP. Current results: IPdateeventrisk1.1.1.12022-01-012022-01-02a...

by Explorer in

How to display two lines in a linechart based on one value?

Dear Splunk Community, Every 5 minutes the following event is generated : 2022-01-05 21:20:33 : Running OR 20...

by Communicator in

Unable to extract from the field

Hello all, I am trying to extract an field from the below event and using the below add extraction, however thi...

by Path Finder in

Splunk regex ignore fields before match

I need to extract the contents of the message field into a json log, but the first strings must be ignored until 'std...

by Path Finder in

Remove Alike Values in a Field

Hello Splunk Answers, How can I remove this duplicate line? See sample below: From: row1 row2 row31.1....

by Path Finder in

How to Search for the Rows If at Least One Row in the Whole source Meets a Criteria

I want to search like: index=whatever "term_1" AND (at least one event in the source of the found record contains t...

by Explorer in

Exclude IP address returned from subsearch in main search

Hello, I've got a search query where I'm looking for unexpected ssh connections to my instances, but I've got one s...

by Explorer in

Break up search over large timeframe into searches of smaller timeframes

TLDR: I'm trying to automate the large 25 day search to break up into 25 separate one day searches. I'm updating a ...

by Explorer in

Log4J Search slows down after a few minutes (Large Query)

Log4J Query: index=* | regex _raw="(\$|%24)(\{|%7B)([^jJ]*[jJ])([^nN]*[nN])([^dD]*[dD])([^iI]*[iI])(:|%3A|\...

by Explorer in

Creating a new field from another field

Hi, Wondering if anyone can help. I am trying to create a new field called FS_Owner_Mail using |eval from both ...

by Engager in

Choose one result in Splunk table Query

Hello All, 1) I would like to add radio button / any way to select - one of the results of my below REST query sea...

by Explorer in

Search based on two different dropdowns

I have two dropdowns. I only want to run a single dropdown everytime for a search. Closed Dropdown has token value...

by Engager in

..

by Engager in

Find Ids of a table not in other search table

I have 2 type of search messages - Problem #1 Problem #5 and other one goes like this - Solved problem_id suc...

by Engager in

Daily and weekly discrete count in the same query?

I've got some queries I need to do periodically that use the exact same base search, one with teh weekly uniques and ...

by Explorer in

java curl splunk search produces error in SearchParser - missing a search command

In Java, I am trying to call a curl command that has a Splunk search to get contents of a lookup file. I've used ht...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

JOIN on some of the columns

stats count by field and show total

Getting the Date for the max() value

rex extract number

Searching a 2nd index with a field extraction using rex

Using "earliest" and other time modifiers in ad hoc queries

Using stats command to return 0 value

Old data cannot load

Column Chart - unstack and stack in one chart. Show a column value as tooltip

How to combine multiple values to single row

How to display two lines in a linechart based on one value?

Unable to extract from the field

Splunk regex ignore fields before match

Remove Alike Values in a Field

How to Search for the Rows If at Least One Row in the Whole source Meets a Criteria

Exclude IP address returned from subsearch in main search

Break up search over large timeframe into searches of smaller timeframes

Log4J Search slows down after a few minutes (Large Query)

Creating a new field from another field

Choose one result in Splunk table Query

Search based on two different dropdowns

..

Find Ids of a table not in other search table

Daily and weekly discrete count in the same query?

java curl splunk search produces error in SearchParser - missing a search command

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

breaking multiple mv fields into single events bas...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas