Splunk Search

Discussions

Thread Info

extract all "cause by"

Hi I have lots "Caused by:" in (single or multiple) events How extract all line that contain "Caused by:" like...

by Motivator in

How can I generate a search to find hosts which are missing a certain sourcetype?

I have a sourcetype which is a log created by the AV application on the host. I would like to find hosts which are mi...

by Path Finder in

use lookup file inside if statement

Hi, I'm trying to use a lookup file inside an if statement, and it doesn't return any data. I would appreciate it if ...

by Explorer in

Duration of spike

I am trying to determine the length of spike to see if it goes beyond our requirements. Here is a test of my se...

by Observer in

ERROR AdminManagerDispatch - Admin handler 'alert_manager' not found.

Hi everyone. I was watching some events from the internal logs and I saw so many events related to "ERROR AdminMana...

by Observer in

Regex for a nullQueue multiple strings

I am trying to set a regex that works when i use say regexr.com but doesn't apply in my transforms/props file. I am...

by Path Finder in

Limiting a Search by number of events over a period of time

I am trying to search for a number of events over a select period of time (4 hours) and then expand that to see how m...

by Explorer in

How can I use block or line comments to test the intermediate output of a multiline splunk query?

https://docs.splunk.com/Documentation/SCS/current/Search/Comments says that we may use block comments or line comment...

by Explorer in

The file a bug link is broken

The file a bug link under the help menu goes here: http://www.splunk.com/r/bugs If you go there it asks you to ...

by Loves-to-Learn Lots in

New search button is really slow

When I click new search in the context menu it opens a new tab with a search with the single field I click on. The ne...

by Loves-to-Learn Lots in

json_extract returns zero results - why?

I have a JSON-based log file for which every line is a valid JSON document. When searching it like this: source="/p...

by Explorer in

distinct count of specific words with replacing them with another word

Hi, I have logs coming with server names listed into it and my requirement is to the distinct count of server by as...

by New Member in

Append fields to table after using xyseries.

This question is related my previous post. https://community.splunk.com/t5/Splunk-Search/XML-field-Extraction/m-p/5...

by Communicator in

How to assign a field value to other events that fulfill a certain condition?

Greetings dear Splunk Community, I'll try to keep it short and simple: I have a Query that gets multiple fiel...

by Explorer in

Join Indexes and Host to Build one Query

Hello champions, I run the below 1,2,3 queries on the given datasets to find out which users ran the enable command...

by Path Finder in

Extraction picking the next match

Hello all, I am trying to extract a field from the below event and the extraction is working fine on events tha...

by Path Finder in

Extract information like time from NLog formatted event?

Hello, So this is my first time trying to consolidate logs and use the data extraction and I am a little lost. I ha...

by Engager in

Splunk outputlookup concurrency

I have multiple concurrent saved searches(around 6). All searches have outputlookup command which is writing to separ...

by Path Finder in

Undesirable result replace (stats) with (eventstats)

I have a rather complicated query that go like this: index=* source=* earliest=-4mon@mon latest=@mon RE...

by Communicator in

Conditional Splunk Query (if else)

Hi Champions, In this below mentioned dataset. I want to create a conditional splunk query. Ex: I want to check ...

by Path Finder in

arules Given fields support / Implied fields support for same value varies

While running arules command across multiple fields, The 'Given fields' generated with various 'Implied fields'. But ...

by Loves-to-Learn in

Search alias for a dashboard

Hello! A dashboard runs a search and I want to create an alert for this. So I replicated the search code to the...

by Path Finder in

IIS Logs not Parsing as expected

I have a props conf file that is not parsing data as i expected. I can see in the raw log that the IIS log has the he...

by Communicator in

Search time field extractions with backslash not showing up

Hello Splunk Wizards, I know there are plenty of people who've had similar issues, but I haven't been able to use t...

by Explorer in

No Event Code 1024 appear

Hello everyone, I have the following inputs.conf file which is actually working for the first 2 stanza, but not for...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extract all "cause by"

How can I generate a search to find hosts which are missing a certain sourcetype?

use lookup file inside if statement

Duration of spike

ERROR AdminManagerDispatch - Admin handler 'alert_manager' not found.

Regex for a nullQueue multiple strings

Limiting a Search by number of events over a period of time

How can I use block or line comments to test the intermediate output of a multiline splunk query?

The file a bug link is broken

New search button is really slow

json_extract returns zero results - why?

distinct count of specific words with replacing them with another word

Append fields to table after using xyseries.

How to assign a field value to other events that fulfill a certain condition?

Join Indexes and Host to Build one Query

Extraction picking the next match

Extract information like time from NLog formatted event?

Splunk outputlookup concurrency

Undesirable result replace (stats) with (eventstats)

Conditional Splunk Query (if else)

arules Given fields support / Implied fields support for same value varies

Search alias for a dashboard

IIS Logs not Parsing as expected

Search time field extractions with backslash not showing up

No Event Code 1024 appear

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions