Splunk Search

Ask a Question

Discussions

Thread Info

Extract field after text

Here is log example - http://host/manager/resource_identifier/ids/getOrCreate/bulk?dscid=LuSxrA-1c42bb5b-f862-4861...

by Explorer in

Help to write the query

Hello, I have below query. Getting data from dc_nfast index and putting it in test index and using this test index...

by Explorer in

Problem using a single lookup multiple times in same search

I am using the Fundamentals 1 dataset to learn about lookups. I have created a csv file with a column for productId ...

by Explorer in

Timechart of a percentage using data from X hours ago ?

Here is the query I am starting with: index=anIndex sourcetype=aSourceType ("StringA" OR "StringB") | eval type=c...

by Contributor in

Chart count by 3 fields

Hello, I am trying to build a chart based on 3 fields: 2 calculated fields and a simple one: | query="select...

by Explorer in

Need search assist for a query that is not bringing back the expected result

A client of mine is asking: I’m hoping you can help me with something. I am trying to analyze the volume to a partic...

by Path Finder in

Why is my dashboard giving error for only one lookup ?

Hello Everyone I have a dashboard and when i ran it, it gave the following error: [IDX01] Failed to re-open lookup...

by Explorer in

removed extracted fields still remain on specific index!

Hi, I create some field extraction in the past and remove them, but still on specific index when I use this spl sh...

by Motivator in

Detect abnormalities with splunk

Hi I have key value that call (duration) in my application log that show duration of each job done. each day when...

by Motivator in

extract names from URL using regex

Hello all, I haven't used rex many times. I have a URL like this, http;s://ab-abcd.in.xyz.com/abcd_xyz/job/exampl...

by Communicator in

Tooltip text customization in line chart

I am displaying a line chart and the tool tip text only showing Y axis field. I want to customize the tooltip text th...

by Explorer in

What do the start time and the stop time of a SignalFlow job mean?

Don't know why there is not a location for "SignalFx" related questions. According to SignalFlow API doc: https://d...

by Engager in

How to run a Python script after search returns a value?

I am trying to get a Python script to run after a search returns a username. The search returns one username after...

by Explorer in

Most Recent record with a specific field value

Hi, I am try to get the most recent value and search for specific status item itemdesc _time statusITEM01 COKE 20...

by Engager in

Looking to join the SC4S Slack

Hi, im attempting to setup the Splunk connect 4 syslog. Im getting some issues and could use some assistance troubl...

by Explorer in

Connecting Tableau to Splunk

I am trying to connect Tableau to a Splunk instance. I know almost nothing about Splunk and am hoping some folks have...

by New Member in

Field Extraction for Unstructured Quotation/Pair delimiter

Hello, How, I would write the regex for the following events (3 sample events provided below). It has "," pair de...

by Motivator in

How to fetch values with regex which is inside double backslash

Can anyone please help me to create the regex expression for the below log. > {\\n \\\"process\\\": \\\"get_input\...

by Communicator in

Dashboard

I have an issue when I try to convert my date time format to y/m/d/h/m it fails to do so I currently have my date tim...

by Loves-to-Learn in

Data comparison: past 24 hours v. Week or Month

Greetings Splunk Community! I've looked through the pages here and haven't been fortunate to find a working answer ...

by Explorer in

Use of multireport crashed after Update to 8.2.2

Hello guys! I use some reports with the | multireport command like this: ...sea...

by Path Finder in

Time subtraction from different jobs

Hi everyone, I am currently facing an issue so I'm coming here to ask for your help. My issue is basic : I get th...

by Explorer in

How to use an if on Tags ?

Hi,I am new to SPLUNK/SPL and I am wondering how can I check if the Tags field contains a tag "foo" within an eval. ...

by Path Finder in

Splunk Service Getting Down Suddenly

Hi, So I have an issue with my Splunk Enterprise deployment. I have three instances on my architecture, a Search He...

by Explorer in

Login Error

Hi Splunk Support Team. I am using Splunk trial version for training/learning purpose which was activated on 2nd Se...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract field after text

Help to write the query

Problem using a single lookup multiple times in same search

Timechart of a percentage using data from X hours ago ?

Chart count by 3 fields

Need search assist for a query that is not bringing back the expected result

Why is my dashboard giving error for only one lookup ?

removed extracted fields still remain on specific index!

Detect abnormalities with splunk

extract names from URL using regex

Tooltip text customization in line chart

What do the start time and the stop time of a SignalFlow job mean?

How to run a Python script after search returns a value?

Most Recent record with a specific field value

Looking to join the SC4S Slack

Connecting Tableau to Splunk

Field Extraction for Unstructured Quotation/Pair delimiter

How to fetch values with regex which is inside double backslash

Dashboard

Data comparison: past 24 hours v. Week or Month

Use of multireport crashed after Update to 8.2.2

Time subtraction from different jobs

How to use an if on Tags ?

Splunk Service Getting Down Suddenly

Login Error

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions