Splunk Search

Discussions

Thread Info

feed query results to raw data in makeresults

| makeresults| eval _raw = "user_name machine_name event_name logon_timeuser1 machine1 logon 12/9/2021 7:20user1 mach...

by Explorer in

How to extract json fields from json inside single quotes?

Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of ’{“field”: “va...

by New Member in

SEDCMD vs Transforms to mask data

Hi, When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data ...

by Builder in

Timezone offset causing blanks during conversion

I have a date column that I'm trying to convert to %m/%d/%Y. The date stamp is a little complex but I got it to work ...

by Observer in

Event breaking to middle text at index time

Hello, I have some text I indexing, In the middle I have csv table, and some information at end, look like this T...

by Observer in

Date Comparison with current date

Hi, I am trying to display results in separate panels based on date fields in my dataset. I want to display result...

by New Member in

Get the chart count by in the form of percentage

Hey folks, I am trying to pull a result based on chart count by, I am also not sure if there is any other command w...

by Communicator in

Extracting fields from _raw in Splunk

Hi All, I'm trying to extract 2 fields from _raw but seems to be a bit of struggleI want to extract ERRTEXT and MSG...

by Explorer in

add multiple spaces for fields

hi i want to add multiple space for a fields i tried to use : | eval fieldname1= fieldname2 . " " . fieldname3 bu...

by Contributor in

How to use Streamstats command with conditions added ?

my tablular output contains columns/fields like,account_number | colour | team_name | business_unitI am getting the ...

by Contributor in

How to de-aggregate the STATS result ?

I have this query where I need to use stats to aggregate the results based on account_number. Now, some of the resul...

by Contributor in

How splunk search work

Hi I have 4 huge log file that ingest into the Splunk File1 File2 File3 File4 Now i want to know whe...

by Motivator in

Cluster Map doesnt show correct events

Hello guys, I have a problem with the "Cluster Map" so I have add a log 2 weeks ago and when I do a search about t...

by Path Finder in

Setting sourcetype with a complex regex - transforms.conf

I am using transforms.conf to pull the sourcetype from the source via a complex regex. It doesn't seem to be working,...

by Motivator in

Enable/Disable indexing a debug log file on demand?

Is there any easy way to enable/disable indexing of a debug log file so that it can be indexed only when needed? We h...

by Explorer in

Passing a time restriction while using join

Hello, I would like to ask, if it is possible to pass a time restriction to a subsearch of an join ? Unfortunately ...

by Path Finder in

Distsearch.conf

Hi, What are the 4 important attributes to be considered under distsearch.conf

by Builder in

Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart?

I have data in source which shows Y/N for fields investor, borrower, guarantor, benefic for each customer. Need to sh...

by Path Finder in

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'To ensur...

by Communicator in

How to count for each host

Hi every one I have some difficulty to count my consumedHostUnits I have this commande : index="dynatrace_hp" | searc...

by Engager in

need to update values of a lookup search by count

Splunk Queryindex="abc" source=def[| inputlookup ABC.csv | table text_strings count | rename text_strings as search]P...

by Engager in

How to add a new column in table results

Hi, I am providing sample data below: [2021-12-07 03:50:14,666] {{taskinstance.py:1532}} INFO - Marking task as F...

by Loves-to-Learn Everything in

Matching field values to text

I have a base search:index=oswin EventCode=19 SourceName="Microsoft-Windows-WindowsUpdateClient" earliest=-10d Comput...

by Loves-to-Learn Lots in

does OCI loggin addon work?

Hi everyone, Recently, I have tried to install the OCI addon in a test enviroment but it does not work. According ...

by Observer in

Filtering substring content

I have a search which looks at rare events in Windows Event Logs and provides output shown below. source="winevtlog...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

feed query results to raw data in makeresults

How to extract json fields from json inside single quotes?

SEDCMD vs Transforms to mask data

Timezone offset causing blanks during conversion

Event breaking to middle text at index time

Date Comparison with current date

Get the chart count by in the form of percentage

Extracting fields from _raw in Splunk

add multiple spaces for fields

How to use Streamstats command with conditions added ?

How to de-aggregate the STATS result ?

How splunk search work

Cluster Map doesnt show correct events

Setting sourcetype with a complex regex - transforms.conf

Enable/Disable indexing a debug log file on demand?

Passing a time restriction while using join

Distsearch.conf

Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart?

The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'

How to count for each host

need to update values of a lookup search by count

How to add a new column in table results

Matching field values to text

does OCI loggin addon work?

Filtering substring content

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

AppDynamics Summer Webinars

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions