Splunk Search

Discussions

Thread Info

why Searches running on only one Indexer ?

Hi All , So I have two indexers in a cluster with CM Two SH's in a cluster with a deployer SH cluster is connected...

by Explorer in

How to remove \ (backslash) using from URLs rex sed?

I am trying to remove the escaped characters of "\" from the URLs coming in via a Twitter REST feed. Does anyone have...

by Builder in

Splunk search query (not including the last x number of events)

Hi, Is it possible to get splunk to search for a query and not include the last X number of events? thanks,

by Explorer in

piechart

I want to create two pie chart each based upon the value of index I am choosing. using below two queries 1. ind...

by Engager in

Consolidate data from 2 indexes

We have 2 index 1. Having user name and his machine details and everything about his login 2. User name and h...

by Path Finder in

How to extract Specific field and segregate the bunched eventslogs

I have logs coming from AWS,first, I need to get just a message (which is an event) from the log Second, in some logs...

by Engager in

Error and Warning Count by Hour or date or timestamp

I have my spark logs in Splunk . I have got 2 Spark streaming jobs running .It will have different logs ( INFO, W...

by Explorer in

How To Filter IP Field Using Subnet Value Stored In Variable

Hello, I am trying to create a drill down dashboard. Basically I want to pass a subnet value (which is currentl...

by Explorer in

Using index/sourcetype ? How to get the details about the dashboards/alerts/Reports/data models in splunk ?

Hi All, We are performing an impact analysis on the application data which are already getting ingested into splu...

by Motivator in

How do I create a calculated field based on data from a different type of log file?

Hello, I am working with historical log data from a train system and I have two different types of log files: log...

by Explorer in

How to add total and percentage column in timechart

Using a simple example: count the number of events for each host name ... | timechart count BY host > ... | tim...

by Explorer in

Combined Search - Difference in two lists

This always feels exceptionally difficult to me, i'm not sure what i'm missing. I have a list of machines, a simple...

by Path Finder in

How to pull latest event

I have a search/dash board that will show data over the last 30 days, the search is as followed index=server ...

by Explorer in

Looking for a regex that extract key=values from same line

Application log file display below at one of the line, looking for a regex that extract value of "0" / "1" / "2" or "...

by New Member in

Check to valid credit card number - mod10|Luhn algorithm

Hello everyone,I'm using the SPL to get credit card numbers on search time (I would like to maintain this on search t...

by Contributor in

help to use EXTRACT in props.conf

I've been trying to extract fields from a log at search time with only the help of props.conf. in the spunk docu I re...

by Communicator in

Limit Max line in every row in a table (like in list)

hey, i got a search like: index = a | table timestamp, id , name, age, message i want to display only the ...

by Explorer in

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Encountered an issue with Splunk SAML authentication in conjunction when using scripted inputs for leveraging splunk ...

by Explorer in

Get results per week for custom _time field

Hello, I am running a search for last 7 days results, and i am using fixed_date field as _time field. fixed_date ...

by Path Finder in

Problem formatting string to json

Hi, I have the following String that is logged by the application and I am wondering if there is a way to pretty p...

by New Member in

Mapping a number against a certain number range in a look up

Hi Everyone, So I'll try and make this as clear as possible, but it's quite hard to explain it in depth. What I'm...

by Loves-to-Learn Everything in

Field extraction and search issue

Hi, I am dealing with an issue because data changed from my source. I was using a lookup as below to search only on...

by Builder in

Would a Splunk guru please explain what span=log2 does or why one might use it?

I've seen the documentation, but it doesn't really explain what or how it might be used. I'm looking for a lightweig...

by Engager in

How to group values

Hi I have a field name called report_name, it can have a number of status values associated with it, i.e. status=a ...

by Contributor in

Event count before and after a specified time

I am looking to count the number of events that occur before and after a specified time (8am) each day to give a tabl...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

why Searches running on only one Indexer ?

How to remove \ (backslash) using from URLs rex sed?

Splunk search query (not including the last x number of events)

piechart

Consolidate data from 2 indexes

How to extract Specific field and segregate the bunched eventslogs

Error and Warning Count by Hour or date or timestamp

How To Filter IP Field Using Subnet Value Stored In Variable

Using index/sourcetype ? How to get the details about the dashboards/alerts/Reports/data models in splunk ?

How do I create a calculated field based on data from a different type of log file?

How to add total and percentage column in timechart

Combined Search - Difference in two lists

How to pull latest event

Looking for a regex that extract key=values from same line

Check to valid credit card number - mod10|Luhn algorithm

help to use EXTRACT in props.conf

Limit Max line in every row in a table (like in list)

Splunk SAML authentication issue when combining SAML and scripted inputs together for Splunk Cloudgateway implementation

Get results per week for custom _time field

Problem formatting string to json

Mapping a number against a certain number range in a look up

Field extraction and search issue

Would a Splunk guru please explain what span=log2 does or why one might use it?

How to group values

Event count before and after a specified time

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions