Splunk Search

Ask a Question

Discussions

Thread Info

Extract Error Message String

I am trying to extract the messages of a commonly used error log: Creating review recommendations service case ...

by Explorer in

Help with regex needed

Hello, I am trying to extract the system IDs from single event into the multiple events, I mean that each SID is in...

by Builder in

Analysing combinations

Hi, I'd really appreciate some advice on this. I have a data set looking at users and the apps they have access to....

by Explorer in

Production issue - Memoizer expired - Any ideas?

Hi - I have a production outage...

by Influencer in

Change color of Column Chart bars based on average of last week

Dear Splunk Community, I have the following statistics table and corresponding column chart that show the amount of...

by Communicator in

Search for status of health status of splunkd

Hi everyone, I'm looking for a search, that shows me when the health status of splunkd is changing from green to ...

by Path Finder in

If else conditional search returning table

Hello, i need to configure a search using If else condition but the search outputs in a table format. Can someone p...

by Builder in

Filtering a timechart on time to remove unwanted data

Hello, I'm building some dashboard statistics from telecom data. I have a data source as follows : _time Off...

by Explorer in

multi field extraction form the logs

Hi Experts, Am new to splunk.. I need to extract the fields which is in MSGTXT which are highlighted. Only when M...

by Explorer in

Display days passed between current time and most recent activation - User Role Auditing

The answer to this probably stupid simple. Banging my head on this. Help and patience please. ...

by Explorer in

How to extract value of a required field using regx?

msg: INFO | 2021-10-14 10:38 PM | Message consumed: {"InputAmountToCredit":"22.67","CurrencyCode":"AUD","Buid":"140...

by Explorer in

rex 4 fields

Hi How can extract these fields: field1=Versionfield2=Authorfield3=Datefield4=IssueNo Here is the log: 23...

by Motivator in

request comparison

Hello. How can two files be compared for identity ? file1.csv: usernameid_userJonh123 file2.csv username...

by Communicator in

whois in search. help

How to use "whois" .apps "network tools" doesn't work. "lookup whois" does not work. are there other valid applicatio...

by Communicator in

relative time question

Hello,There is a tube Splunk video on finding new service interactive logins here:https://www.youtube.com/watch?v=bgI...

by Path Finder in

How to calculate the index size from top 10 biggest indexers

Sorry about this lame post. Our Splunk admin had to leave unexpectedly and now it's up to me to do this without any p...

by Explorer in

How do I add an additional calculation to a chart?

Hello, I have two separate chart calculations that I would like to combine into a single chart. The first is an av...

by Motivator in

Multiple clause table

Hey all, I got a really helpful response last time and now I'm back with another question. I have a search with...

by Explorer in

REST API output_mode='json' causes client search error responses to be suppressed

I've been working with the /services/search/jobs/export API recently and I noticed that setting the output mode to 'j...

by New Member in

Splunk query to check for S3 Buckets in AWS using PutBucketPolicy

Can someone help me to build a search query for the below use case ? My use case is to detect if any S3 buckets have...

by Builder in

Limit timechart from lookup table

Hello all, I'm using a lookup table with a _time field to create a timechart which works great. However, the lo...

by Engager in

Search to find Agent/Server with No "Reconnect" Event

Hi, I am hoping to get some help in creating a search, which will be turned into an alert - I am working with s...

by Loves-to-Learn in

Find the good/bad percentage of ERRORS above/below average

Hi Experts, As part of an new initiative looking at SLO metrics. I have created the below query ...

by Path Finder in

rex field message

Hiwhat is the rex for thisfield1=this is message here is the log:00:09:59.990 app module: AB[0000]: Data[{"code":"O...

by Motivator in

find NOCLOSESESSION in logs daily

HiI have two field on my logfile <servername> <CLOSESESSION> need to know when CLOSESESSION is 0 each day by serverna...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract Error Message String

Help with regex needed

Analysing combinations

Production issue - Memoizer expired - Any ideas?

Change color of Column Chart bars based on average of last week

Search for status of health status of splunkd

If else conditional search returning table

Filtering a timechart on time to remove unwanted data

multi field extraction form the logs

Display days passed between current time and most recent activation - User Role Auditing

How to extract value of a required field using regx?

rex 4 fields

request comparison

whois in search. help

relative time question

How to calculate the index size from top 10 biggest indexers

How do I add an additional calculation to a chart?

Multiple clause table

REST API output_mode='json' causes client search error responses to be suppressed

Splunk query to check for S3 Buckets in AWS using PutBucketPolicy

Limit timechart from lookup table

Search to find Agent/Server with No "Reconnect" Event

Find the good/bad percentage of ERRORS above/below average

rex field message

find NOCLOSESESSION in logs daily

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!