Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Error message when creating a diag file

Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting compone...

by Path Finder in

How to add a value from a lookup table to results, by using a field value from the search?

I want to include a value from a lookup table in search results, by using a field value from the main search.

by New Member in

How to abort a search if lookup file is causing errors and incomplete results?

Hello all, I'm using a search that baselines user activity (looks back in time). But I've noticed that sometimes t...

by Explorer in

How to extract fields between backslashes and quotes with rex command?

These rows have a field that begins and ends with a quote, but have different meanings between the backslashes. 1s...

by Explorer in

Month to date for previous month with current month date

Hi, I have to extract the sum of particular search output from my query and the same needs to be compared with pre...

by Explorer in

How to add a new column with serial number based on the uniqueness of the existing column?

I have a column called "message" which has duplicate records in it. I want to create a new column named "serial" besi...

by Path Finder in

I want number of days between two events in splunk search?

My query index=main source=secure.log sourcetype=* | stats earliest(_time) as start, latest(_time) as stop | eval...

by Contributor in

Multiselect: value's prefix and suffix not working

Hi Splunk colleagues, I'm having a problem with multiselect in my dashboards. Here's the code of the multiselect: ...

by New Member in

What is the usage of "(?msi)" in Splunk with rex comamnd?

Hi,I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that?

by Path Finder in

How to display the value of the difference result in Splunk?

Hi, How can I display the actual value of the difference in a new column? The value is "cts16k1sacc". Row 1 in att...

by Explorer in

stats count or eval

I am trying to make an overview with different counts. The message always starts with : logger="blahblah-main.Star...

by Path Finder in

Why does search only display 24 hours of event data on Linux, but all-time on Windows?

There are approximately 1.5 Billion ingested entries from 40 forwarders.Performing a search with any criteria on Wind...

by Observer in

How to get the field value from a previous event to compare with the value of the same field in the following event?

Hi all, I'd like to get value on a field to my previous event to compare this same field with the current value ...

by Path Finder in

generate a list of unique hashes and append new hashes hourly

I would like to take the following search that generates the hashes and outputs the lookup: index=windows source="...

by Communicator in

Field extraction from data within backslashes

Hi, I have dateset that contains IP addresses. IP Addresses are coming in variations due to ranges they are assign...

by Contributor in

How to resolve error in rex command when parsing a long string with escaped double quotes?

Hi everybody, When parsing a long string containing escaped double-quotes I get this error: Error in 'rex' comm...

by Explorer in

command modifier what is the use of it in simple terms

What is the use of command modifier in layman terms, please I don't know what it does apart from the understanding th...

by New Member in

inputs.conf whitelist regex issue on message field

I am unable to whitelist input, I do not understand why, my Splunk is ingesting data from a c-icap server logfile and...

by New Member in

How to plot line graph against average over different time periods?

We have a set of logs from different hosts that specify a metric. I want to display a line graph over a user-selectab...

by New Member in

How do I join two searches with common field?

I have one search that checks for entries with duration >= 50000 (responses for requests) source="abc.log" | regex...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Error message when creating a diag file

How to add a value from a lookup table to results, by using a field value from the search?

How to abort a search if lookup file is causing errors and incomplete results?

How to extract fields between backslashes and quotes with rex command?

Month to date for previous month with current month date

How to add a new column with serial number based on the uniqueness of the existing column?

I want number of days between two events in splunk search?

Multiselect: value's prefix and suffix not working

What is the usage of "(?msi)" in Splunk with rex comamnd?

How to display the value of the difference result in Splunk?

stats count or eval

Why does search only display 24 hours of event data on Linux, but all-time on Windows?

How to get the field value from a previous event to compare with the value of the same field in the following event?

generate a list of unique hashes and append new hashes hourly

Field extraction from data within backslashes

How to resolve error in rex command when parsing a long string with escaped double quotes?

command modifier what is the use of it in simple terms

inputs.conf whitelist regex issue on message field

How to plot line graph against average over different time periods?

How do I join two searches with common field?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...