Splunk Search

Ask a Question

Discussions

Thread Info

mvexpand multi-value fields when not null

Hi all. I'm trying to create a table from AWS WAF logs. There is a section of the log that is called ruleGroupList{...

by Engager in

Search help - find total sum of lengths of array

My current search returns a series of events like: {'field1' : {'field2' : [obj1, obj2, obj3]}} {'field1' : {'fi...

by Loves-to-Learn in

Filtering out HTTP/1.1 200 logs from being forwarded to splunk.

Hi, We have a large amount of data in /opt/app/axtract_fe1/var/log/apache2/main_collector_access-*.log file, and we...

by Loves-to-Learn in

command "where" not working

the "where" command checks only one condition doesn't work like that my search: . . . . | where NOT (id_old...

by Communicator in

How do I properly configure schedule search/cron/alert times?

This question is based on a comment from @woodcock on this post: https://community.splunk.com/t5/Splunk-Search/Wh...

by Path Finder in

Test

by Explorer in

Subsearch in splunk

Is there any way we can add some filter in subsearch savedsearch so that we wont skip any data/records as its limitin...

by Observer in

search user check

It is necessary to check if the user is in the index in this file or not. If not, then add to the file, if it is in t...

by Communicator in

extract errorcode

Hi Here is th e log: 2021-10-26 08:17:19,117 WARN AbCD-App2-0000 [SqlExceptionHelper] SQL Error: -268, SQLState: ...

by Motivator in

How to chance color of the row based on field name

Hi experts, i have below table.. how do i change background colour of the row where error Categories = Total_error_...

by Explorer in

How to pass Input Tokens as arguments to custom search - js-python script

Dear community, I have been trying to integrate splunk for my scripting purpose for some time now and it's time to ...

by Explorer in

How to split the call based on TimeTaken

I would like to create a Pie chart to show how many calls took less than 100ms, 200ms, and 300ms. index=star env=p...

by Explorer in

extract all "cause by"

Hi I have lots "Caused by:" in (single or multiple) events How extract all line that contain "Caused by:" like...

by Motivator in

How can I generate a search to find hosts which are missing a certain sourcetype?

I have a sourcetype which is a log created by the AV application on the host. I would like to find hosts which are mi...

by Path Finder in

use lookup file inside if statement

Hi, I'm trying to use a lookup file inside an if statement, and it doesn't return any data. I would appreciate it if ...

by Explorer in

Duration of spike

I am trying to determine the length of spike to see if it goes beyond our requirements. Here is a test of my se...

by Observer in

ERROR AdminManagerDispatch - Admin handler 'alert_manager' not found.

Hi everyone. I was watching some events from the internal logs and I saw so many events related to "ERROR AdminMana...

by Observer in

Regex for a nullQueue multiple strings

I am trying to set a regex that works when i use say regexr.com but doesn't apply in my transforms/props file. I am...

by Path Finder in

Limiting a Search by number of events over a period of time

I am trying to search for a number of events over a select period of time (4 hours) and then expand that to see how m...

by Explorer in

How can I use block or line comments to test the intermediate output of a multiline splunk query?

https://docs.splunk.com/Documentation/SCS/current/Search/Comments says that we may use block comments or line comment...

by Explorer in

The file a bug link is broken

The file a bug link under the help menu goes here: http://www.splunk.com/r/bugs If you go there it asks you to ...

by Loves-to-Learn Lots in

New search button is really slow

When I click new search in the context menu it opens a new tab with a search with the single field I click on. The ne...

by Loves-to-Learn Lots in

json_extract returns zero results - why?

I have a JSON-based log file for which every line is a valid JSON document. When searching it like this: source="/p...

by Explorer in

distinct count of specific words with replacing them with another word

Hi, I have logs coming with server names listed into it and my requirement is to the distinct count of server by as...

by New Member in

Append fields to table after using xyseries.

This question is related my previous post. https://community.splunk.com/t5/Splunk-Search/XML-field-Extraction/m-p/5...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

mvexpand multi-value fields when not null

Search help - find total sum of lengths of array

Filtering out HTTP/1.1 200 logs from being forwarded to splunk.

command "where" not working

How do I properly configure schedule search/cron/alert times?

Test

Subsearch in splunk

search user check

extract errorcode

How to chance color of the row based on field name

How to pass Input Tokens as arguments to custom search - js-python script

How to split the call based on TimeTaken

extract all "cause by"

How can I generate a search to find hosts which are missing a certain sourcetype?

use lookup file inside if statement

Duration of spike

ERROR AdminManagerDispatch - Admin handler 'alert_manager' not found.

Regex for a nullQueue multiple strings

Limiting a Search by number of events over a period of time

How can I use block or line comments to test the intermediate output of a multiline splunk query?

The file a bug link is broken

New search button is really slow

json_extract returns zero results - why?

distinct count of specific words with replacing them with another word

Append fields to table after using xyseries.

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...