Splunk Search

Discussions

Thread Info

inserting newline, tab into eval-ed field

Running | makeresults | eval s="foo\nbar" displays foo\nbar and it is unclear if the variable ...

by Explorer in

SNMP bandwidth using foreach

Hello everyone,I am new to Splunk and learning the ropes. I am stuck on a query I am trying setup. I have SNMP data c...

by Loves-to-Learn Lots in

How to join multiple events based on one common value with different filters?

Hi,I've written a query query below which joins 2 different event types from same source with different filters. so...

by Explorer in

Can I Show Data Values on a Specific Field?

Hi, I have a column chart with multiple overlaying fields (see blue orange and yellow lines below). Right now i am ...

by Path Finder in

splunk props timestamp issue

I have a CSV file with the below data, trying to push to Splunk. Example - Thu JUN 24 15:27:52 +08 2021,name1,a...

by Communicator in

How to check for the same values in a field and replace another field with specific text

So currently i have: |Name | Branch | Age -------------------------------...

by Engager in

Monitoring Searching of Sensitive Data

Is there a way to monitor the searches for some specific fields? Let's say I wish to monitor if anyone is running a...

by Path Finder in

How to join 2 searches from 2 different sourcetypes

I am encountering problems joining 2 querries that are getting values from 2 different sourcetypes.I would like to ge...

by Explorer in

How to Grab Variance

Hello,I am ingesting files containing host and ports for each host.For each Source (FILE) The Nodes(host) and ports ...

by Path Finder in

I want to get error logs counts from windows event logs from multiple servers.

I want to get error logs counts from windows event logs from multiple servers.Want to create a separate dashboard whe...

by New Member in

How can I split an event into a varible number of events?

Hello,I have a directory structure which i want split up in separate events. For example \MAIN\SUB1\SUB2\SUB3\fil...

by Path Finder in

Query to find top 10 indexers w.r.t index max allocated storage.

Kindly help me out with Query to find top 10 indexers w.r.t index max allocated storage.

by Observer in

It is truncated subsearch. tstats command.

Hi. I have one problem. It is truncated subsearch result. index="test-index01" sourcetype="test_s...

by Explorer in

How to extract and aggregate by extracted fields

Hi I have the data that looks like thisuser, ip, (metrics kv pairs) ---- sample results for search -- user=user1...

by Engager in

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

All my dashboards panels, written in Simple XML, default to Search Mode "Fast" when the "Open In Search" icon is sele...

by Explorer in

props file not recognizing time field

Hi All, I have a CSV file with the below data, trying to push to splunk. Example - Thu JUN 24 15:27:52 +0...

by Communicator in

How to compute the field value a time interval earlier?

I want to compute the change in temperature for each location in a given interval, say, 15 minutes, or 30 minutes. I ...

by Communicator in

Field Extraction - Multi Line Text Comma Separated

Hello, Hoping someone can help with a Field Extraction question regarding multi line text and capturing a specific ...

by Explorer in

How To Pass Parameters to Saved Search Using Splunklib

Hello, Does anyone know how to pass parameters to a saved search using the splunklib for the Splunk API? I am abl...

by Path Finder in

How do I extract value from stats list

I want to extract count from list (picture 1 ) to table (picture 2) How do I do? |stats count by...

by Explorer in

Bar chart width resize in Simple XML

Hello, I have created a vertical bar chart using Simple XML, My requirement is to fix the width of all the bars. I...

by Engager in

Ignore if a certain string is present in the next X min

Hi, I am working on a search that looks for instances of "string1", but only those that are not followed by instan...

by Loves-to-Learn in

Error in 'IndexScopedSearch': The search failed

We're trying to run a search but are getting these errors while doing so: 3 errors occurred while the search...

by Engager in

inputlookup special fields

Hello,I have recently found there is a strange difference between lookup and inputlookup commands. |makeres...

by Explorer in

Regex help connected string

I would like to extract two groups which are TestName and Model. In the second row, the TestName is connected to Mode...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

inserting newline, tab into eval-ed field

SNMP bandwidth using foreach

How to join multiple events based on one common value with different filters?

Can I Show Data Values on a Specific Field?

splunk props timestamp issue

How to check for the same values in a field and replace another field with specific text

Monitoring Searching of Sensitive Data

How to join 2 searches from 2 different sourcetypes

How to Grab Variance

I want to get error logs counts from windows event logs from multiple servers.

How can I split an event into a varible number of events?

Query to find top 10 indexers w.r.t index max allocated storage.

It is truncated subsearch. tstats command.

How to extract and aggregate by extracted fields

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

props file not recognizing time field

How to compute the field value a time interval earlier?

Field Extraction - Multi Line Text Comma Separated

How To Pass Parameters to Saved Search Using Splunklib

How do I extract value from stats list

Bar chart width resize in Simple XML

Ignore if a certain string is present in the next X min

Error in 'IndexScopedSearch': The search failed

inputlookup special fields

Regex help connected string

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions