Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Help with the query that works with splunk server groups

Hi, Below is the query i am using to get the hostname , IP addresses and last reported to splunk . | metadata ...

by Path Finder in

How to use AND operation with multivalue fields?

I have a two multivalued fields 1)segment_status -with values SUCCEEDED-100 FAILED-100 2)segmentproviderid-wi...

by Builder in

How to Build an If Statement based on if a field contains a string

For every record where the field Test contains the word "Please" - I want to replace the string with "This is a test"...

by Path Finder in

How to count events from a same file with having two different raw text ?

Hi Splunker, I have to count success and failure count from the same index and sourcetype on the basis of raw text...

by Explorer in

How to upload multiple files in Splunk? Is it possible to upload multiple files like 100 1MB files in Splunk at the same time?

How to upload multiple files in the Splunk?

by New Member in

Why is using base searches causing major performance issues on my dashboard?

Working on making dashboards to help report on activity. To make the dashboards as performant as possible, I'm usi...

by Explorer in

Can we use Start/End times from a query to get duration to use it in another search query to get an average of a field in that duration ?

I am able to get the Start/End times of a load test execution from a search query (by getting End time from Timestamp...

by New Member in

Lookup: Replace / Create new field

Hi. For example: When I run search and see field Sub_Status - 0xC0000064 I wanna new field that will explain what the...

by Builder in

How do I create a capture group that continues until it matches two exact characters in a row

Hey everyone, This question probably shows my lack of understanding with regex, but this is giving me a headache ...

by Communicator in

Easiest way to exclude ingestion of events for a specific IP address from a SourceType

I am looking to not ingest events from a specific IP address. I have an IP address that once a week generates a LOT o...

by Path Finder in

How can I extract a field from a JSON strcuture and combine it in a search with other fields from different JSON structures??

Hi SPL guru's! im struggling with how to 1 pluck one field's value from one JSON structure and [2] combine in the...

by Path Finder in

Not able to get response queries with special characters in If statement

Hi, I am trying to get response time between events using below query but for some reason i am not being returned...

by New Member in

AND OR not working correctly

I am getting the below error when trying to form an AND & OR in my query. Error in 'eval' command: The expression...

by Communicator in

Eval and stats not bring friendly

index=ios host=1.1.0.2 srcip="1.2.2.1" "NBRCHANGE" | head 1 | eval status = if(like(raw, "%down%"), 1 , 0) | stats...

by New Member in

How does one search for a CIDR range of addresses?

If I want to search for a range of addresses, say anything in 10.0.1.0/24 from anywhere in the log, how do you do tha...

by New Member in

EVAL causes a field to be blank

I need the field "Location" added to my search as seen in the screenshot attached. However, in this query below the L...

by Communicator in

Regex for multline events

Hi , The Logstash client on the application box is configured to identify multiline events and send each event as ...

by Path Finder in

How to dynamically change number of rows displayed in the table with simple XML using Splunk 6.1.x?

I am using Splunk 6.1.2 and have a panel with a table developed in simple xml. I would like to allow users to be a...

by SplunkTrust in

i want to keep the SSED_BUS-number as it is and i want mask other number and email id

SSED-BUS-0123 the package is failed to accept SSED-BUS-1466 master id 1-fjdfh23 SSED-BUS-13583 master 85793 SSED-BUS-...

by Builder in

pls help with regular expression

i want to keep the pattern of specific word which starts with OS0003/SSED-BUS-0015 as it is and want to mask others n...

by Builder in

Splunk Search

Discussions

Help with the query that works with splunk server groups

How to use AND operation with multivalue fields?

How to Build an If Statement based on if a field contains a string

How to count events from a same file with having two different raw text ?

How to upload multiple files in Splunk? Is it possible to upload multiple files like 100 1MB files in Splunk at the same time?

Why is using base searches causing major performance issues on my dashboard?

Can we use Start/End times from a query to get duration to use it in another search query to get an average of a field in that duration ?

Lookup: Replace / Create new field

How do I create a capture group that continues until it matches two exact characters in a row

Easiest way to exclude ingestion of events for a specific IP address from a SourceType

How can I extract a field from a JSON strcuture and combine it in a search with other fields from different JSON structures??

Not able to get response queries with special characters in If statement

AND OR not working correctly

Eval and stats not bring friendly

How does one search for a CIDR range of addresses?

EVAL causes a field to be blank

Regex for multline events

How to dynamically change number of rows displayed in the table with simple XML using Splunk 6.1.x?

i want to keep the SSED_BUS-number as it is and i want mask other number and email id

pls help with regular expression

Problem replicating config (bundle) to search peer

Trying to get Variance by test type

Measure Memory Available_Bytes using sai_metrics_i...

search on aggregation

Is there a way to populate missing/non-existent va...