Splunk Search

Community Activity

How to split a single line which contains multiple field values separated by spaces into multiple fields in Splunk? I have a csv file query as follows :- \| inputlookup file_1.csvwhich gives the result as follows in a single line as a... by pavanae Builder in Splunk Search 09-03-2021 1 1	1	1
How to fetch and compare unique id's from different events in Splunk query Hi team, I am creating a query to fetch a unique id from different events which are having different statuses. If t... by rkishoreqa Communicator in Splunk Search 09-03-2021 0 4	0	4
Convert Splunk results from spl to JSON before 8.2 Hello everybody,I'm using an spl query that extracts some values from a lookup and sends them to a web API via POST r... by D0do Explorer in Splunk Search 09-03-2021 0 2	0	2
how multiple sourcetype stats There are multiple sourcetypes in index="main".I'm trying to stats at SOURCETYPE number one and I need a field of sou... by nnonm111 Path Finder in Splunk Search 09-03-2021 0 3	0	3
Unable to initialize modular input "validation_mi" I'm unable to use the Validate & Package function of Add-on builder. When I run it, it says 'preparing validation' th... by kfennell Engager in Splunk Search 09-02-2021 0 0	0	0
How to calculate average of response time in seconds Hi,I need to calculate average of response time in seconds for my application. Query i am usingindex="prod_ping" s... by Madhusri Engager in Splunk Search 09-02-2021 0 3	0	3
Why aren't all my field extractions working? Hi,I'm having an odd issue. I made some field extractions and validated them through Regex101. However only some of t... by ebs Communicator in Splunk Search 09-02-2021 0 6	0	6
Difference between two fields from two events based on condition I have two events as below -event 1 "id=1 api=xyz apiResTime=50" event 2 "id=1 api=xyz duration=200" I want to plot... by rohinisb91 Observer in Splunk Search 09-02-2021 0 1	0	1
Sorting the fields based on values in a row This is my splunk query index=xxxxx "searchTerm")\|rex "someterm(?<errortype>)" \| timechart count byerrortype span ="1... by nsingh49 Explorer in Splunk Search 09-02-2021 0 2	0	2
Taking Value of One Field, Adding Text, And Comparing Against Another Field Greetings,I want to exclude search results if a field contains a value compared against another field with additional... by SplunkLunk Path Finder in Splunk Search 09-02-2021 0 1	0	1
change table view Helloi have a table that looks like this : and i want it to look like this: so the type values will be the header wha... by sarit_s Communicator in Splunk Search 09-02-2021 0 16	0	16
Table not generated with join subsearch Hi,We are sending a reduced size logs to out splunk to do some smarts. We realized for the past year or so one of our... by vantoryc Explorer in Splunk Search 09-02-2021 0 9	0	9
Search in splunk with string having " and / Hi,I want to search "xyzetc\";0, ---this is my string .Unable to search this exact pattern, Unba... by opamlan Loves-to-Learn in Splunk Search 09-02-2021 0 1	0	1
How to calculate percentages with multiple count function？ I'm trying to calculate percentages based on the number of events per vary group. There are actually a lot of events,... by homer07 Explorer in Splunk Search 09-02-2021 0 4	0	4
using transaction in subsearch to define earliest latest in mainsearch I want to use the subsearch to get start and endtime of the newest transaction (here a botsession).The subsearch alon... by TheEggi98 Path Finder in Splunk Search 09-02-2021 0 3	0	3
sort table values by table values HelloI have a table with 3 columns1 is stringsand 2 columns with numbersis there a way to sort the table from the hig... by sarit_s Communicator in Splunk Search 09-02-2021 0 6	0	6
Need to get all the values in piechart Hi,Current piechartIn the above piechart highlighted cities details are not displaying.have to use mouse over to chec... by Madhusri Engager in Splunk Search 09-02-2021 0 1	0	1
Filter data from showing up Hi Guys, I would like to check if it's possible to prevent some data from showing up in the search. Below is what I w... by splunknewbie81 Engager in Splunk Search 09-02-2021 0 5	0	5
Zero count not displaying when stats count is used My query is :index="stage" source="record service*" \| eval type=case(like(message, "%successful generated account%"... by Harshi1993 New Member in Splunk Search 09-02-2021 0 3	0	3
get max figure for latest time in data Hi,I have data as below sample:Date Time val1 val2 val3 ......21/08/31 01:00:00 2 1 2 2 2 2 2 1 1 2 69 1 0 2 0 0 3 32... by mcaulsc Path Finder in Splunk Search 09-02-2021 0 2	0	2
Help with Rex Commands Hi All, I am having some trouble extracing out the following with the following details 1. username 2. Default Msg3. ... by splunknewbie81 Engager in Splunk Search 09-02-2021 0 12	0	12
Searches delayed in search head captain Hi all,We have 3 search heads are in cluster. serach head 1 is captain.Recently we upgraded to 7.2.3 to 8.0.3.after t... by btshivanand Path Finder in Splunk Search 09-01-2021 0 3	0	3
How to use mvindex to break json file with multiple values Hello All, So i have a field like below with JSON file {"results_appcodes": [{"count": 2, "app_code": "XYZ", "group... by rczone Path Finder in Splunk Search 09-01-2021 0 7	0	7
PROPS Configuration for HTML data source Hello,How I would write my Props Configuration (Tme Prefix, Time Format, LINE/EVENT Breaker...etc) for following HTM... by SplunkDash Motivator in Splunk Search 09-01-2021 0 5	0	5
Input Configuration file Hello,I have some issues using following input configuration file for windows machine: [monitor://T:\Toshtest\logs\te... by SplunkDash Motivator in Splunk Search 09-01-2021 0 1	0	1