Splunk Search

Discussions

Thread Info

How to edit the time field in the index?

I want to create a 30 day index of data that changes it's indexed timestamp as each day passes. Therefore the data wi...

by Path Finder in

How to get a field extraction of a field extraction within one regex?

Hi there, so I have a line of log like this: http://some.url/path/?param=x,y,z So I want to extract a field...

by Explorer in

How to display a field ending with the same alphabet

I have a field(eventCode) which has a code values, and few of them ends with certain alphabets , I want to extract o...

by Path Finder in

Regular Expression extract beginning and end of string- What am I missing?

Hello, I have a situation where I am trying to pull from within a field the nomenclature of ABC-1234-56-7890 but w...

by Explorer in

Why am I receiving this license error?

Hi Splunk team, I have a question when I search in Splunk console. I got an issue as below: Error in 'litsearc...

by Engager in

Why converting hex doesn't work for 1 alert? [solved]

EDIT: Solved. Used regex to target the printable portion first then converted to ascii For a couple dashboards,...

by Explorer in

How to make presets as default in Splunk Cloud Default Time Picker?

In Splunk Cloud, when I go to change the time picker it brings up relative options. It used to bring up presets. Ho...

by Explorer in

How to sort this multi-value fields based on the latest timestamp and status?

Hi Splunkers, I need help on how to sort this multi-value fields based on the latest timestamp and status. Here...

by Explorer in

PROPS Configuration with CSV Header- Requesting feedback and if there is a way to change field name

Hello, I have CSV (with epoch time) source files (file with a few sample events given below) with header info. I w...

by Motivator in

Why is aggregating by custom Salesforce fields not working?

I'm not sure if I'm missing something simple or not, but I've got event logs from my Salesforce instance fed in, as w...

by Explorer in

How to count and compare the max amount of used different devices each day by groups for a week?

Hello,I try to count and compare the max amount of used different devices each day by groups for a week with the maxi...

by Explorer in

Removing certain results from reports

I'm attempting to extract statistics of user logins from a custom log format and create a bar chart. I have users A, ...

by Path Finder in

How to use Subsearch to achieve this ?

I have 2 Splunk SPLs=====================index=computer_admin source=admin_priv sourcetype=prive:db account_name=admi...

by Contributor in

Help with temp tables and variables

New to splunk and been struggling manipulating search results into a final result that I am looking for. In powershel...

by Explorer in

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

All, I need some help on a problem I am trying to solve. Problem: I need to calculate the average user events p...

by Path Finder in

Compare results from two separat search results

I have two separate searches that provides me the same data field in two different fieldds. I want to identify the co...

by Explorer in

How to find number of events, size (in GB), and frequencies of ingestion?

Hello, are there any queries we can use to find the Total Number of Events, Total Size/Volume (in GB) of Data, Fre...

by Motivator in

How to add hyperlinks for column values in table?

If col A contains a b c d e f, I want a separate link to be opened for each value. E.g If the user click on "a", it s...

by New Member in

Conditional regex help: How to capture two groups if they have an "exclusion type"?

hi everyone, i'm trying to parse json inline. i'm using kv mode= json already but i'm trying to achieve selective...

by Loves-to-Learn in

How to capture in chart?

Hello I have a table I want this I am not sure which tool (chart, table anything else) and a...

by Explorer in

Why is my alert report only showing the first result of every row?

I have this table and I'm trying to send it as a report/alert every morning to our teams chat group T...

by Contributor in

help to change the chart label size

Hi I use this CSS code in order to enlarge the size of the data values in the bars chart Now I also need to enlar...

by Motivator in

How to get stats max count of a field by another field?

Hi There, I am looking to produce an output where the field with maximum count is display based on another field. ...

by Communicator in

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

Here is the SPL: index=name reqHost="host" | rex field=cookie "care_did=(?<care_did>[a-z0-9-]+)" | rex fi...

by Explorer in

help to solve a different syntax field between a lookup and a main search

hi I use a lookup with a field corresponding to a site name | inputlookup site.csv | search site=*paris* ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit the time field in the index?

How to get a field extraction of a field extraction within one regex?

How to display a field ending with the same alphabet

Regular Expression extract beginning and end of string- What am I missing?

Why am I receiving this license error?

Why converting hex doesn't work for 1 alert? [solved]

How to make presets as default in Splunk Cloud Default Time Picker?

How to sort this multi-value fields based on the latest timestamp and status?

PROPS Configuration with CSV Header- Requesting feedback and if there is a way to change field name

Why is aggregating by custom Salesforce fields not working?

How to count and compare the max amount of used different devices each day by groups for a week?

Removing certain results from reports

How to use Subsearch to achieve this ?

Help with temp tables and variables

SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)?

Compare results from two separat search results

How to find number of events, size (in GB), and frequencies of ingestion?

How to add hyperlinks for column values in table?

Conditional regex help: How to capture two groups if they have an "exclusion type"?

How to capture in chart?

Why is my alert report only showing the first result of every row?

help to change the chart label size

How to get stats max count of a field by another field?

How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred?

help to solve a different syntax field between a lookup and a main search

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions