Splunk Search

Discussions

Thread Info

Pass JSON or XML as parameters to custom Python script via Splunk REST API

Hey guys, How to Pass JSON or XML as parameters to custom Python script via Splunk REST API ? Example: I use REST...

by Contributor in

How to modify x-axis labels to show bin centers?

I am trying to create a histogram plot, but I want to make the x-axis labels more readable. How do I go about doing t...

by Engager in

How to make a timechart by shift?

Hi all, I am trying to create a timechart that divides the data by 12 hour shifts. I have| timechart span = 12h (...

by Engager in

Can an already indexed field be hid globally since it can't be removed?

for GDPR compliance I need to modify a ClientIP field that is already indexed (4+ year so far) and wipe it.Was thinki...

by Engager in

Splunk search for field values in multiple sources

There are two sourcetypes , sourcetype=A sourcetype=B and we have extracted a field "login" in both sourcetypes ...

by Explorer in

Limiting a query to 'known good' values plus 'others'

I have a query similar to the following which we are using to capture information about email traffic between certain...

by Engager in

Need help with Splunk query to merge subsearch with main search

Hi, I am trying to craft a query that will look for Windows devices that have been rebooted and then have accessed ...

by Loves-to-Learn Lots in

How to skip the part of Search Query based on a Condition

My requirement is just to skip few lines of SPL query if a certain condition is met. Or some kind of If-Else for runn...

by Path Finder in

Using another index and replace the missing values in the current index data.

I have a index say index1 having Air Details and ServerName of which some Air is missing for some serverNames. I ha...

by Loves-to-Learn in

Support for LogEntries KVP format?

Splunk would not automatically extract fields from my application log files that have Key-Value Pairs (KVP) delimited...

by New Member in

Field Extraction from Multi line _raw data

Hi, I want to extract the fields Name, Version, VendorName, usesLicensing, LicenseType, ExpiractDateString, License...

by Path Finder in

SPL

Hello , I am not getting any result while executing below query. Can you please help me to know what i am doing wro...

by Motivator in

Add Field to Result based on lookup with CIDRMATCH in Lookup file

Hi, i try to find the correct way to query a lookup file based on a where clause with CIDRMATCH. I have the fol...

by Path Finder in

How to use regex to filter out Windows events with Account names ending with $?

Hi How to edit props.conf and transforms.conf to exclude the windows events with event Codes 4634 at indexing time...

by Builder in

How to analyze raw metric data

I am getting following PCF metric log every 15 seconds. How should I visualize these data? I need to do a calculati...

by Observer in

Display latest data in dashboard

Hello all, I have a requirement below : I'm pushing csv file(not pushing regularly) data to splunk index using sp...

by Communicator in

How to get all the values in y axis - Visualization Tab

Hi All, How do we all the values for a single field? Currently, the chart is displayed with the LoginName(x axis)...

by Engager in

Calculate the average run duration for a job and display as a visualization

Hi everyone! In my logs coming in, I log the duration for a job to complete, for several different jobs. Example of d...

by Loves-to-Learn Everything in

Report with percentages and counts per month

I did a search of the last 3 months on fields A = "xxx" and B = "yyy" and it has to return me 2 other fields, C and D...

by Communicator in

Asterix search returns nothing

When I first setup Splunk on my local machine (Playing around with it as I learn it), I could search for '*' and get ...

by Explorer in

Help on where condition which doesn't works

Hello The search below returns results but the where condition doesnt works `wire` | eval USERNAME=upper(...

by Motivator in

Search for tag!=foo when "foo" doesn't exist as a tag returns nothing instead of all events.

Hello All, I am new to Splunk and ran into my first wall when attempting to omit search results using tags. Any hel...

by Engager in

multisearch in table format

Hi, I was trying to add 2 searches | multisearch [search host=p-css* SRCreateRequest 400 | stats ...

by Explorer in

How to parse p4 logs

2020/11/12 12:37:17 pid 282689 compute end .028s 23+5us 0+32io 0+0net 16472k 0pf Perforce server info: Server net...

by Engager in

Regex and subnets

Hi all!Help write a regular expression. You have to filter by url + filter exclude subnets.For example:example.com/ar...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Pass JSON or XML as parameters to custom Python script via Splunk REST API

How to modify x-axis labels to show bin centers?

How to make a timechart by shift?

Can an already indexed field be hid globally since it can't be removed?

Splunk search for field values in multiple sources

Limiting a query to 'known good' values plus 'others'

Need help with Splunk query to merge subsearch with main search

How to skip the part of Search Query based on a Condition

Using another index and replace the missing values in the current index data.

Support for LogEntries KVP format?

Field Extraction from Multi line _raw data

SPL

Add Field to Result based on lookup with CIDRMATCH in Lookup file

How to use regex to filter out Windows events with Account names ending with $?

How to analyze raw metric data

Display latest data in dashboard

How to get all the values in y axis - Visualization Tab

Calculate the average run duration for a job and display as a visualization

Report with percentages and counts per month

Asterix search returns nothing

Help on where condition which doesn't works

Search for tag!=foo when "foo" doesn't exist as a tag returns nothing instead of all events.

multisearch in table format

How to parse p4 logs

Regex and subnets

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions