Splunk Search

Ask a Question

Discussions

Thread Info

How to do regex Extraction on multiple lines?

I have been avoiding RegEx for quite sometime in Splunk but I now I really need to deal with it and understand it. ...

by Loves-to-Learn Everything in

How to optimize my SPL?

Hello Splunkers, I want to optimize my splunk search. I have attached the screenshot of my search. From the raw da...

by Builder in

How do you transform table values like this?

Is there a way or command to make the table results something like on the expected output.current data: hostnameip...

by Engager in

How to bring the deepest data in multiple subsearch

Hi Splunk experts!! Please tell me about how to bring the deepest data in multiple subsearches. Of course, if there...

by Explorer in

How to convert time string to timestamp in 24 hour format?

Hi Suppose the time zone is in string format like 100403, need to convert this in 24 hour format. Output should be li...

by New Member in

How to get pattern recognition in Splunk

Hi, I want to get my event patterns to be recognized automatically. The pattern is not uniform but Splunk should i...

by Contributor in

How do I extract a multivalued field from a windows event

I don't know why I'm finding it so hard, but I want to put the accessess from Windows Event 5145 into a multivalued f...

by Builder in

How to use outlier command?

In Splunk documentation for the outlier command, it say: " The transform option truncates the outlying values to t...

by Explorer in

Conditionally Omit Bin from Chart

Hi, I’m trying to make a stacked bar chart visualization where my y axis is milliseconds, my x axis is a task ID, and...

by Explorer in

Why is my Lookup search not returning results correctly?

Hello all, I am having trouble with a search that is not returning results as it should. The search is below and ...

by Path Finder in

How to get the difference between 2 date fields?

Hi All thank you all so much for helping me. this is a great forum to learn. I have 2 date fields and I'd like ...

by Path Finder in

How to customize length of value with an added prefix?

Hello Community, I would like to add trailing zeros in front of a value, but only display 5 characters for the val...

by Explorer in

How to send splunk alert msg to WebEx chat to individual person?

Hi team, I have a query related to splunk alert msg send to WebEx chat to individual person. If there is any pr...

by Explorer in

How to subtract dates from two iso 8601 date fields in order to find the duration?

Hey, I am working on making a dashboard and wanted to know how can I subtract two dates that are in iso 8601 format. ...

by Loves-to-Learn Everything in

How to get the new errors that don't appear yesterday?

Hi everyone! We want to get the new errors that don't appear yesterday. For example, if an action named A. Its yester...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to do regex Extraction on multiple lines?

How to optimize my SPL?

How do you transform table values like this?

How to bring the deepest data in multiple subsearch

How to convert time string to timestamp in 24 hour format?

How to get pattern recognition in Splunk

How do I extract a multivalued field from a windows event

How to use outlier command?

Conditionally Omit Bin from Chart

Why is my Lookup search not returning results correctly?

How to get the difference between 2 date fields?

How to customize length of value with an added prefix?

How to send splunk alert msg to WebEx chat to individual person?

How to subtract dates from two iso 8601 date fields in order to find the duration?

How to get the new errors that don't appear yesterday?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How to change pie chart font color from within Spl...

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...