Splunk Search

Ask a Question

Discussions

Thread Info

Compare 2 queries in a dashboard

hello All, I have created a dashboard with two panels. The first panel runs a search (query below) for time-window...

by Explorer in

Splunk field extraction

Hello All, I am new to splunk and I have a question regarding the splunk field extraction. Consider the follow...

by Explorer in

How to convert seconds to [h]:mm:ss?

Hi Guys! I have an error duration in seconds, how can I convert it to [h]:mm:ss? I used the below query but the...

by Communicator in

Using bar dashboard with drilldowns > link to search > custome (with $click.value$ variable)

I am trying to use the Drilldown on Click > Link to Search > custom : LOGRC_TYPE=F8 | eval FUNC_TRAN =AFI_LOG03FUN...

by New Member in

Passing dynamic parameters in search running from cli

Hi, Is there was to dynamically pass a value like below in Splunk for running a search from cli. I am trying to ...

by Path Finder in

Extracting XML value with <> using regex

I need to create a regex to match the fieldname for first match and fieldvalue for the second match. Issue happens...

by Path Finder in

How to check the total consumption out of the 500MB provided by free splunk?

Hi, In my production environment, I have two Asterisk Servers installed where one of them caters to 95% of the ...

by Explorer in

more regex help :/

Hey All, I am trying to pull the username from the following event which is everything after the Rightnetworks\ in ...

by Path Finder in

How to disable 'Export Results' for specific users or roles?

Hi Splunkers, I was wondering if there is an option to disable Export Results option for specific users or roles. ...

by Communicator in

Listing detail of an individual without using stats and BY

Hi, I have a dataset about transactions, each event is a transaction detail about response code(success or not), th...

by Communicator in

rex for dynamic parttern

by Communicator in

how to extract one value from log

Hi, i have log like this [Information] WebService Call CheckVehicle : country=111111, licensePlate=12DUMMY And ...

by Path Finder in

How to sort the count

by Explorer in

Search 1hr using IPs from 24hr

How would I take a 24 hour search such as: index=* | iplocation src_ip | stats count by src_ip, Country, dest_ip, des...

by Explorer in

convert table data to comma separated key value pair output

I am pretty new to splunk and i have a query which uses TABLE command to filter output on certain fields. The output ...

by New Member in

Using stats to join data instead of transaction

I have two sources that have a common field (user) and am currently using transaction to join the user_a with the sou...

by Engager in

Comparing two fields in different format from two different sources

Hi Everyone,I am trying to use a lookup table and an index to get an output as a comparison of two fields from two d...

by Observer in

Add an inputlookup from a csv to an existing search

Good Morning As I am new to Splunk, sometimes I need to try things that are beyond my comprehension at this time. ...

by Path Finder in

How to extract some fields from a part json part text log in Splunk

I am fairly new to splunk and still learning. I have a splunk event which is a mix of some texts and json in between....

by Loves-to-Learn Lots in

Fields are not showing

I have raw event like : time action severity host , etc., But when I checked interesting filed action filed is not...

by Path Finder in

How do I combine multiple lookups into one lookup?

Lets say I have 3 lookups >>> a-list.csv, b-list.csv, c-list.csv and the lists only have 1 column header = NameAlice ...

by Builder in

Search events by field value from search result

Hello friends, Please try to assist me. My data structure is - Date , field1 , field2 , field3 I need to sear...

by Explorer in

How do you search users who were not logged in the past 30 days?

Hi, I am trying to search for a list of users who have not logged into the Splunk environment in the past 30 days....

by New Member in

how do I edit my search to create mutliple graphs using timechart?

index=_* OR index=* sourcetype=Kamailio BC="Current Billable Calls Count:" | rex field=_raw "Count:(?<Billablecalls>....

by Explorer in

Could not load lookup=LOOKUP-browser ???

Hello All, I just upgraded to the latest version of Splunk 7.2.5 and now when I search anything i recieve errors s...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare 2 queries in a dashboard

Splunk field extraction

How to convert seconds to [h]:mm:ss?

Using bar dashboard with drilldowns > link to search > custome (with $click.value$ variable)

Passing dynamic parameters in search running from cli

Extracting XML value with <> using regex

How to check the total consumption out of the 500MB provided by free splunk?

more regex help :/

How to disable 'Export Results' for specific users or roles?

Listing detail of an individual without using stats and BY

rex for dynamic parttern

how to extract one value from log

How to sort the count

Search 1hr using IPs from 24hr

convert table data to comma separated key value pair output

Using stats to join data instead of transaction

Comparing two fields in different format from two different sources

Add an inputlookup from a csv to an existing search

How to extract some fields from a part json part text log in Splunk

Fields are not showing

How do I combine multiple lookups into one lookup?

Search events by field value from search result

How do you search users who were not logged in the past 30 days?

how do I edit my search to create mutliple graphs using timechart?

Could not load lookup=LOOKUP-browser ???

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions