Splunk Search

Discussions

Thread Info

echo command in splunk

How can I print out any value or any result in splunk? Does splunk have any echo command system? eval didn't help me ...

by Path Finder in

Regex expression to extract IP from a raw log file

Hi all, I am trying to extract an IP and the word "HOST_NAME" from a raw log file using the following regex express...

by Explorer in

I need to bring back a zero value if my search does not bring anything back.

index=xxxx source="/esbplogsdir/prod/Enable/LOG_Maximo_LSI_Work/Maximo/LSI_IN_msg_prod.log" OR source="/esbplogsdir/p...

by Path Finder in

How to extract fields from regex and put in a table

My current search is: index=rtm* source=/prod/msp/logs/private-auto-loan-credit* | regex "The rule (?<field...

by Loves-to-Learn in

How can I hide the real-time search options from the users?

We would like to disallow our users to use real-time searches. Where do we block the feature from the users?

by Motivator in

Regex help Required

Hi All, We are planning to ingest the SQL login success and failure logs into Splunk. So in the logs there are lot...

by Contributor in

Getting the error ImportError: splunklib.modularinput

I'm running Cisco AMP events input on Splunk 8 on python 2.7.17 and received the following error after configuring th...

by Explorer in

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 has two EXTRACTs with errors in them. EXTRACT-extract_src and EXT...

by SplunkTrust in

case: defaulting to "value" rather than NULL

Hi, I'm using an "eval myvar=case(...)" like the one in the splunk documentation: ... | eval description=case(erro...

by Engager in

Search for text in log containing say, "non contact" but not just "contact"

I have logs that say both contact and non contact. I would like to distinguish them in a search with the complete "no...

by Explorer in

How to get index of a particular letter in string

How can i find index of last occurrence of letter in value of a field string splunk_user microsoft_good_task g...

by Contributor in

What should be my condition that will trigger the alert action, for a search string below

Hello, I have a search string like below, where it is fetching data from stage and giving out aggregates of Trades ...

by Explorer in

How to calculate average for the data which will get changed based on time interval ?

I have below kind of data. App Name StatusApp1 0App2 0App3 0App4 ...

by Communicator in

Using lookup to filter out fields from current searches against lookup fields

Hello Splunk members! I currently have a search that produces "Users" connecting to certain "hosts" whereas the sta...

by Explorer in

How to convert the output of tostring or convert a duration field?

I have a search that returns the diff of two times, but the user wants it in "1 day 5 hours and 23 minutes" format no...

by Explorer in

Search That Looks Back in Time and Checks Fields

I need assistance building a search that looks back in time 5 minutes to check and see if fields are present. If so ...

by Builder in

How to use the existence of a preceding event in timechart?

I have an index where each event has unique EventID and Status fields.Each event is progressing through multiple inte...

by Communicator in

How can my dashboards switch over to the next day at 12AM ETC rather than 12AM UTC?

All of our Splunk users, including members of our Leadership Team are currently in the US/Eastern time zone. All of t...

by Communicator in

Getting authentication error when session login fails in Azure Databricks.

Hi All, I am trying to access Splunk from inside the Azure Databricks instances. I have requirements to run querie...

by Observer in

wanted to populate mutiseect token with if else condition in panel

HiI have a dashboard, my requirement is like when a user will select a value Splunk in a multi-select, my pannel quey...

by Communicator in

Removing Object from Json Array

Currently I have splunk injecting AWS logs showing NACL's. Each event has an array that is called network_acl_entries...

by Observer in

Regular expression only one value

Dear, I need to identify some duplicate events that are right after the "Call-ID:", however in Splunk I am not ge...

by Path Finder in

REGEX HELPING PLEASE

struggling to extract underlined items as RUN NAME

by New Member in

How to force today's date column to display if no data generated for today's date?

I currently have the following SPL query that generates a table, and appears as follows: Service IDResource NameTra...

by Communicator in

Need Help to pull the logs in the below format

Hi Community, I was trying to pull the logs in the following format _time, src, dest, src_port, dest_port by using...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

echo command in splunk

Regex expression to extract IP from a raw log file

I need to bring back a zero value if my search does not bring anything back.

How to extract fields from regex and put in a table

How can I hide the real-time search options from the users?

Regex help Required

Getting the error ImportError: splunklib.modularinput

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs

case: defaulting to "value" rather than NULL

Search for text in log containing say, "non contact" but not just "contact"

How to get index of a particular letter in string

What should be my condition that will trigger the alert action, for a search string below

How to calculate average for the data which will get changed based on time interval ?

Using lookup to filter out fields from current searches against lookup fields

How to convert the output of tostring or convert a duration field?

Search That Looks Back in Time and Checks Fields

How to use the existence of a preceding event in timechart?

How can my dashboards switch over to the next day at 12AM ETC rather than 12AM UTC?

Getting authentication error when session login fails in Azure Databricks.

wanted to populate mutiseect token with if else condition in panel

Removing Object from Json Array

Regular expression only one value

REGEX HELPING PLEASE

How to force today's date column to display if no data generated for today's date?

Need Help to pull the logs in the below format

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions