Splunk Search

Ask a Question

Discussions

Thread Info

Getting Average for this search

I am trying to get each value to be divided by certain number (x). So if x=7, the first value would be 138. index=n...

by Explorer in

How to filter rows based on a regex match on all fields?

Is it possible to filter search result rows by a search expression which can be applied to all fields of a row? Acc...

by Explorer in

limit for values of field 'message' reached. Some values may have been truncated or ignored. What it means?

I got below warning: "'anomalydetection' command: limit for values of field 'message' reached. Some values may have...

by Communicator in

Parse JSON only at 1st level

I want my nested JSON to be parsed only at 1st level instead of parsing all the nested parts. I have below JSON: ...

by Communicator in

Search time line break using REX

Hi Splunkers, Can anyone please help with search time line break for the following log. {"audits"...

by Observer in

How do i extract field usinng regex .

Hi all, I'm new to splunk and i had hard time extracting fields using regex for the following example :Class (six,...

by Engager in

What is the most efficent way to do partial matches on a field?

I want to check if a field contains a specific value and the field is multivalue. What is the most efficient way t...

by Path Finder in

TIme Conversion

Hi ,how to change the below raw time field to yyyy-mm-dd hh:mm:ss2020-09-09T18:21:12.2685607Zam using the below query...

by Explorer in

Get Log size

I want to get the log size in MB and GB. I have used this command index=index1 |eval raw_len=(len(_raw)/1028) | stat...

by New Member in

DBX Query

Hi, I am having issues with dbx queries I created a dashboard with dbx queries, I can run the queries, dashboard ...

by New Member in

Timechart Table with "No results found"

Hi all, I have a request from a tenant in our environment that requires us to create a dashboard where each column...

by Path Finder in

How to run a search that compares errors in results from two different indexes?

I have two searches below: index=dev 'error' index=prod 'error' I want to run the ab...

by Explorer in

Can I add two table values in a single table

Hi team, How can I add the below two queries into one single query and present in a single table. query 1 : i...

by Communicator in

cisco asa add-on - default regex not working in UI with regex/rex command

Hello I download cisco asa add-on from splunk base and in default folder/transforms.conf some regexes cannot be use...

by Path Finder in

Time matching w/ a +/- 5 min window

Greetings Splunkers,I have a lookup file that has a list of set jobs with a frequency timestamp (e.g. Mon-Fri @ 3:30)...

by Communicator in

Seeing no results when broadening streamstats search - Concurrent Failed Logins

Hi All, I've been working on a search that will give me the Account_Name of someone who has failed to login 6-10 ti...

by Explorer in

When there is no result filed is displays as "No logon found". I want to color that value "

the below displays first login in the system. If user has no logon information, it should display "No logon found" in...

by Loves-to-Learn Lots in

How do you make fields into individual rows with each field value?

I have a search that does the following: | inputlookup system_scores.csv | search "big search goes here" | ...

by Communicator in

SPLUNK ITSI (Cloud)

I have an urgent requirement to build a datasets where I have to create multiple fields based on a flag field.eg. but...

by Loves-to-Learn Lots in

Need help in writing query in Splunk

Query required : If a count of certain condition in the last rolling 12 hours exceeds 10% more than the avg daily n...

by Path Finder in

Splunk tracking user with timebased lookup

I want to tracking login and logout users on computers with timebased lookup. I have logon and logoff time for exam...

by Path Finder in

Calculating Kill / Death ratio in a game at iPhone 11

I'd like to calculate K/D ratio for the game Insurgency. it game battery iphone it hot I have two searches that c...

by Observer in

How can find all the possible fields from our raw logs for a index, excluding internal fields generated by Splunk

Hi, I want to generate a new dashboard from the splunk logs . I want all the fields that are present in the raw d...

by Motivator in

Omit "NULL" and "OTHER" from area chart

How do I omit "NULL" and "OTHER" from the results of an area chart?

by Explorer in

searching fields that have multiple lines by using \n or \r\n doesn't work but using <enter> does

I'm trying to do some windows event blacklisting due to a high volume on a particular server. However, I'm having tro...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Getting Average for this search

How to filter rows based on a regex match on all fields?

limit for values of field 'message' reached. Some values may have been truncated or ignored. What it means?

Parse JSON only at 1st level

Search time line break using REX

How do i extract field usinng regex .

What is the most efficent way to do partial matches on a field?

TIme Conversion

Get Log size

DBX Query

Timechart Table with "No results found"

How to run a search that compares errors in results from two different indexes?

Can I add two table values in a single table

cisco asa add-on - default regex not working in UI with regex/rex command

Time matching w/ a +/- 5 min window

Seeing no results when broadening streamstats search - Concurrent Failed Logins

When there is no result filed is displays as "No logon found". I want to color that value "

How do you make fields into individual rows with each field value?

SPLUNK ITSI (Cloud)

Need help in writing query in Splunk

Splunk tracking user with timebased lookup

Calculating Kill / Death ratio in a game at iPhone 11

How can find all the possible fields from our raw logs for a index, excluding internal fields generated by Splunk

Omit "NULL" and "OTHER" from area chart

searching fields that have multiple lines by using \n or \r\n doesn't work but using <enter> does

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions