Splunk Search

Discussions

Thread Info

Error when trying to add token to limit table results in a search?

I recreated the dashboard using the report search and have the search returning all of the table results. I have an i...

by Engager in

CEF app, Create output group button missing in New CEF Output step during CEF output app creation

We are trying to use the CEF App, to create a new Output App to be deployed to our two indexers. However during the "...

by Engager in

multisearch

Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that ...

by Explorer in

How to separate fields and create a pie chart of status count?

Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-...

by Explorer in

How to create a search that compares two log files and displays results in a table format?

I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680...

by Explorer in

Using fieldformat and rename

Hey there, I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current...

by Engager in

Link to search in new tab

Hi Team, Link to search on a new tab for raw events when we click on a particular value in the line chart? Is i...

by Builder in

Two evals in one query , query not returning results

Hi All, I have the following query with 5 source types and 2 evals in one query, common field between source types is...

by Explorer in

Streamstats change state count

Hi below is my sample data- Date source State 29-05-20 01:00:00 a...

by Builder in

How to extract two values from a string using regex?

I'm requesting help constructing a regular expression for the following: I need to extract two values from the str...

by Engager in

Remove host name in Account_Name field

When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. W...

by Explorer in

How do I change field names (extracted field name) to field values?

I have a json structure that contains an object map: { "correlation_id": "f9535d13-f75b-4dd7-8c39-1e77b1559afe",...

by New Member in

Extracting a field thats not recognized

My rawdata from log is below METHOD="POST" URI="CALLOUT-LOG" USER_ID_DERIVED="00532000004sefcAAA" EVENT_TYPE="Apex...

by New Member in

Filter out events based on other events WITHOUT using JOIN/Subsearch

I have a index named Events Example events: AccountCreated { "AccountId": 1234, "EventName": "AccountC...

by Explorer in

Help regex for masking

Hi, Can someone please help me regex a password field to mask data? I've been trying to figure out how to mask ...

by Explorer in

How to extract a key and value from the json data?

Hi all, I am not able to extract the below-given value from the JSON file fields are "initiator": test_abce, "release...

by Path Finder in

How can i make my chart overlay use the same axis?

I have my search query being as such where I am displaying the tickets, flowing in and out. Now, i want to put a line...

by New Member in

What if Same input (Modular Input) is rescheduled and first one is still running...?

What if Same input is rescheduled and first one is still running.. option A -> First one stops, Second one Starts ...

by Explorer in

How to use timechart command across time ranges

I have a query in splunk index = * STATUS_CODE earliest=-2mon@mon latest=-1mon@mon | fields STATUS_CODE | rex field=_...

by Explorer in

How to use timechart span

I have a query in splunk index = * STATUS_CODE earliest=-2mon@mon latest=-1mon@mon | fields STATUS_CODE | rex field=_...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Error when trying to add token to limit table results in a search?

CEF app, Create output group button missing in New CEF Output step during CEF output app creation

multisearch

How to separate fields and create a pie chart of status count?

How to create a search that compares two log files and displays results in a table format?

Using fieldformat and rename

Link to search in new tab

Two evals in one query , query not returning results

Streamstats change state count

How to extract two values from a string using regex?

Remove host name in Account_Name field

How do I change field names (extracted field name) to field values?

Extracting a field thats not recognized

Filter out events based on other events WITHOUT using JOIN/Subsearch

Help regex for masking

How to extract a key and value from the json data?

How can i make my chart overlay use the same axis?

What if Same input (Modular Input) is rescheduled and first one is still running...?

How to use timechart command across time ranges

How to use timechart span

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...