Splunk Search

Discussions

Thread Info

Splunk Python Script to Decode MIME Headers in email subject

I wrote a python script that works great from the command-line however when I run it from the search in the browser I...

by Path Finder in

Blocking New Events from getting triggered based on the status of the Earliest Event

Everyone, Needed help on an issue of event blocking for a Splunk setup which would receive events from a Web page t...

by Path Finder in

unable to extract deeply-nested JSON from AWS CloudTrail

I have a large query which works great to search CloudTrail logs for Security Group changes. Different events, howeve...

by Path Finder in

How do I narrow my base query by time

Greetings, I want to use one base query for my dashboard, with time going back a couple months. I thought I would...

by Path Finder in

Day of Week in Columns to Match Day of Week and Return Results

In my lookup table, I have the days of the week as columns with "Y" or "N" in the field (not able to change this as t...

by Explorer in

List events but exclude if part of transaction

My log has timeout events that occur on calls to UPS. There are timeout events for other reasons as well. I want my s...

by New Member in

How to find the latest events for different values of a field but showing the associated fields in those latest events

Following up with my previous questions context (https://community.splunk.com/t5/Splunk-Search/How-to-make-the-time-r...

by Communicator in

How to extract portion of the different strings using Regex?

Hi Eveyone, Can anyone help me out in this. I have a field name Request_URL which is different each time. ...

by Motivator in

Analyzing logs

Hi Guys, I was hoping you can help me. I am using Splunk to analyz...

by New Member in

Filter on table with javascript (not on the search for the table)

Hi, I have made a (html) dashboard with a table and a search. Now, I would like to add some filtering, but i want t...

by Loves-to-Learn Lots in

How to add in timechart on an addcoltotals search

Hello I am running the following search, which works as it should. What I am trying to build off of it is a way to ad...

by Explorer in

Using transforms and props to search and replace multiple fields in an event

If I have an event that looks like this: META1 META2 {foo:bar,color:green,size:medium} some text ({client: x, ip: ...

by Builder in

Convert a time field and use that time to search

Hi, I have a search which returns a filed name: create_time and the results are like this: 2020-08-11T17:10:00+0...

by Path Finder in

DB Query

Hi All, Can someone advice what is wrong with this following query. |dbquery wmsewprd "select * from sys_code_ty...

by Path Finder in

Predicting when sourcetypes will send data - map command too slow

Hi, I have hundreds of sourcetypes and the intervals when sourcetypes are sending data are not realtime, some are s...

by Path Finder in

How to add a pop-up message to a table?

HelloI have a table in dashboard like below when I hover my mouse on any of the result a pop-up should appe...

by Explorer in

Fetch incident from subject

I am using below query to fetch Incident from the subject line:— rex field=subject max_match=0 “(?<Incident>INC\d+)...

by Path Finder in

splunks

HelloI have a log as shown belowFeatureDetails [tokenValidatorInfo=false, requestValidationRequired=false, requestPa...

by Explorer in

Eval a token value and pass it on a search

Hi, I have a dashboard where I have a drop down which returns me a string. The xml of the drop down is below: <in...

by Explorer in

Scheduled search shows no events, but later searching the same time frame shows that there were

There is a search that runs every 30 minutes and normally it runs okay. But in few instances seemingly at random the ...

by New Member in

automatic lookups

I've got 3 automatic lookups: host::ORAC : LOOKUP-game titlegame_titles id AS title_id OUTPUTNEW publisher_id AS pu...

by Explorer in

Regex for fetching number

how to use regex yo fetch Incident (eg: INC0000453245 or INC0000342568) to fetch INC and exactly 10 numbers after I...

by Path Finder in

strftime day and month: Splunk vs Python

My question is about day and month components of a date without leading zeroes.Python docs provide %-d and %-m respec...

by Communicator in

How to share ML fit result to multiple tiles in dashboard

I have a custom ML model which does anomaly detection and once the fit and apply is done , i need the ML result to be...

by Explorer in

how to chnage "mmss" format strings to mm:ss format

I have searched this but I have not found a suitable answer yet, Here I have a field as below time"0""7""56""101"...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Python Script to Decode MIME Headers in email subject

Blocking New Events from getting triggered based on the status of the Earliest Event

unable to extract deeply-nested JSON from AWS CloudTrail

How do I narrow my base query by time

Day of Week in Columns to Match Day of Week and Return Results

List events but exclude if part of transaction

How to find the latest events for different values of a field but showing the associated fields in those latest events

How to extract portion of the different strings using Regex?

Analyzing logs

Filter on table with javascript (not on the search for the table)

How to add in timechart on an addcoltotals search

Using transforms and props to search and replace multiple fields in an event

Convert a time field and use that time to search

DB Query

Predicting when sourcetypes will send data - map command too slow

How to add a pop-up message to a table?

Fetch incident from subject

splunks

Eval a token value and pass it on a search

Scheduled search shows no events, but later searching the same time frame shows that there were

automatic lookups

Regex for fetching number

strftime day and month: Splunk vs Python

How to share ML fit result to multiple tiles in dashboard

how to chnage "mmss" format strings to mm:ss format

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!