Splunk Search

Ask a Question

Discussions

Thread Info

When comparing to 2 lookup files, is there way to remove records/rows when there's a match?

We have 2 inputlookup files, 1 with All-users and another with Disabled-users. Is there a way to remove the records...

by Path Finder in

rex field extraction

need to extract only the number.. ie., 23DiskDrive: \\.\PHYSICALDRIVE23

by Path Finder in

How to search for DR string ../../../../ ??

Hi everyone, I just wanted to do a quick search in URLs requested in Splunk but cannot get the directory traversal ...

by Explorer in

Help with regex

Hello everyone, I need help with regex I have search index=*| regex Commandline="my_regular_expression" How c...

by Contributor in

Display values of all fields in a row if one field value is greater than 100

Hi All, I am displaying the names based on dates and used where condition to display only values that are greater t...

by Engager in

Splunk cannot read .log file

I have health check file with extension .log. When I uploaded it to Splunk, it came out like this. The real fil...

by Path Finder in

Center _time on a column chart

Hello, I would like to center the dates of my timechart (column) : I'm using the timechart...

by Explorer in

Help explain Log4Shell baseline query

Hello all. I was reading over the article at https://www.splunk.com/en_us/blog/security/log4shell-detecting-log...

by Observer in

A question about using the "collect" command.

index="my_index"|eval check=if(html_code==200,"error","OK")|stats count values(clientip) as src_ip by ip , check|tabl...

by Path Finder in

Unable to hide y-axis in outlier graph (Splunk_ML_Toolkit.OutliersViz)

I'm try to disable the y-axis using similar option in line chart graph but using outlier graph it cant not hide the y...

by New Member in

Merge Splunk dbxquery with search

I am trying to merge Splunk search query with a database query result set. Basically I have a Splunk dbxquery 1 which...

by New Member in

want to extract field values from log and perform stats on it.

Hi, Below is my Log: "{"log":"{'URI': '/api/**/***/search?', 'METHOD': 'POST', 'FINISH_TIME': '2021-Dec-15 12:15:...

by Engager in

how to change table field value if it's equal to previous record field.

I have Splunk table output as below. for every different id 1st occurrence, I want to keep id value here, but for a...

by Communicator in

get bottom 3 duration within each group

I have duration for multiple websites. How can I get 3 least duration for each websites. So here is example Du...

by Communicator in

How to add a calculated column to a chart

Hello, I have the following query. <base query> | rex field=msg "HTTP/1.1\\\" (?<http_status>\d{3})" | where ht...

by Engager in

Field Extraction with Inconsistence Data Structure

Hello, I have some issues with Field Extraction, since there are some inconsistences in the structure of its field ...

by Motivator in

Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log

Hi, I am getting the following error on my search head whenever i run query in a newly created app. Search result...

by Builder in

Passing values from subsearch to Parent Search

I am stuck with a query where I am trying to pass the field value from sub search to parent search: Query: ...

by Contributor in

splunk search query

if i have employees list .for each employee there are two status logged in and logged out, i need to find out the eac...

by Path Finder in

splunk search query

suppose if i have user1,user2,user3 i need to find out last log message of each user h

by Path Finder in

I want to extract the same result from stats.

I want to see the result values of Src_ip and dst_ip are the same and "ok" and the number of these result values. Wha...

by Path Finder in

Split a MV field into different, multiple fields

Hi, I have a very specific problem. I have a field with following values at different timestamps. Example: 1,3,20...

by Explorer in

Using where to compare for one value in a multivalue field

Is it valid to use a where clause to compare a string value to a multivalue field in order to know if that value is o...

by Path Finder in

parsing a JSON list

Hi, I have a field called "catgories" whose value is in the format of a JSON array. The array is a list of one or mor...

by Path Finder in

Best way to find destination IPs that become source IPs?

Hi, I'm attempting to build a query to find destination IP addresses that became source IPs for traffic in a 5min win...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

When comparing to 2 lookup files, is there way to remove records/rows when there's a match?

rex field extraction

How to search for DR string ../../../../ ??

Help with regex

Display values of all fields in a row if one field value is greater than 100

Splunk cannot read .log file

Center _time on a column chart

Help explain Log4Shell baseline query

A question about using the "collect" command.

Unable to hide y-axis in outlier graph (Splunk_ML_Toolkit.OutliersViz)

Merge Splunk dbxquery with search

want to extract field values from log and perform stats on it.

how to change table field value if it's equal to previous record field.

get bottom 3 duration within each group

How to add a calculated column to a chart

Field Extraction with Inconsistence Data Structure

Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log

Passing values from subsearch to Parent Search

splunk search query

splunk search query

I want to extract the same result from stats.

Split a MV field into different, multiple fields

Using where to compare for one value in a multivalue field

parsing a JSON list

Best way to find destination IPs that become source IPs?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!