Splunk Search

Ask a Question

Discussions

Thread Info

What should I use to put a TAB literally in a regex replacement within transforms.conf?

What should I use to put a TAB literally in a regex replacement within transforms.conf? I've tried \t but that's n...

by Path Finder in

display columns from 2 splunk queries based on a common column

Hi All, I have a query where I am passing one field from the output( outer query )to the another query using subse...

by Explorer in

how to get data from starting day of this week till today and starting day of last week till same day in last week

Hi All,how to get data from starting day of this week till today and starting day of last week till same day in last ...

by Explorer in

Regex: I want to extract two fields from a log message and visualize as a line chart

HI , I have a log message like " total accounts for user is 11 retrieved in 67 milliseconds". How to extract 11...

by Explorer in

join tables

I would like to obtain the results of two tables. | dbxquery query = "select * from table1 " connection = "Connecti...

by Explorer in

[help]stats with key and value extracted by rex not return correct result.

Hi team, I have below 2 events: C_BN="[{pmRating:3},{riskOfLoss:9}]"C_BN="[{sysOverallPerformance:3},{sysOverallP...

by Path Finder in

Group count percentage by key

We have 5 host and 3 on west 2 on east, and each of them take x% of request, the stats we have right now looks like: ...

by Observer in

How to format a custom time field

Hello, I have a search running that shows the custom "Sign-on_Time" field in a table. I want to format it to a mor...

by Path Finder in

Warning when searching without results

Hello, I have a simple distributed search config on a windows host, 1 SH, 1 IDX and 1 License server. Running a se...

by Path Finder in

Search not retuning all values from a array search

HI Im trying to get data from an object containing an array, and my search returns some of the results but i cant s...

by New Member in

Detect Brute Force auth success after multiple failures

Hi, I'm trying to detect brute force activity by detecting multiple auth failures followed by success. I started w...

by Explorer in

[SmartStore] How is the Replication of Summary bucket managed in Splunk Smartstore?

there has been a huge spike in the number of uploads, resulting in many more failed uploads from throttling than ...

by Splunk Employee in

How to convert string into percentage

I want to convert a column of text values into percentage. STATUSontimelateontimelate

by Loves-to-Learn Lots in

Join multiple fields and change their name

Hi everyone, I have some data with a lot of fields. Some fields represent the same data, but with different field...

by New Member in

Restrict search to a role using a search restriction is not working

Hi All. I have a local instance on my laptop for demo purposes, so no complex deployment on this machine. I have ...

by Path Finder in

calculating field percentages before stats command

index= base search | stats count, avg(ElapsedTime) as duration, by requestName, LogType, errorMessage, HttpStatus, i...

by Loves-to-Learn in

command="predict", Too few data points: 0. Need at least 1 (too many holdbacks (0) maybe?)

Hello, I have tried the following command to forecast recipient using predict command and Forecast time series assi...

by Path Finder in

How to compare events from two sources to find outliers in data?

Hi, I'm trying to compare events from two sources to show where the outliers are (they "should" be the same but we...

by Communicator in

How to create a single query that can show Internal AND External users all in one table.

All users are located under POP_Address. If the POP_Address = 192.168.* or 172.16.*, etc, we consider them to be inte...

by Explorer in

Table containing url, total requests, error responses

Seems pretty simple, but it's kicking my butt so here I am. I've tried more variations than I'd like, but I have a to...

by Loves-to-Learn Lots in

How to track memory/cpu usage per search execution (on Search Head/Indexer)?

Hi I am looking for a way to track memory/cpu usage per search execution on search head and indexer. I thought I c...

by Motivator in

Extract a Particular value from a already extracted field

Hi Team, I have extracted a field which contains some response. From that response in that field I need only ce...

by Engager in

Search and display results of a single field among two sourcetypes

Hello, I have a sourcetype called "signons" and it has a field called "Session_ID" and "System_Account" In my se...

by Path Finder in

Source IP not plotting on cluster map

I'm trying to plot source IP Addresses (src_ip) from web events on a cluster map but it does not seem to work. It ...

by New Member in

rex

I'm trying to extract this line from my linux logs in splunk using rex but I'm not sure how to extract it TCP 191....

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What should I use to put a TAB literally in a regex replacement within transforms.conf?

display columns from 2 splunk queries based on a common column

how to get data from starting day of this week till today and starting day of last week till same day in last week

Regex: I want to extract two fields from a log message and visualize as a line chart

join tables

[help]stats with key and value extracted by rex not return correct result.

Group count percentage by key

How to format a custom time field

Warning when searching without results

Search not retuning all values from a array search

Detect Brute Force auth success after multiple failures

[SmartStore] How is the Replication of Summary bucket managed in Splunk Smartstore?

How to convert string into percentage

Join multiple fields and change their name

Restrict search to a role using a search restriction is not working

calculating field percentages before stats command

command="predict", Too few data points: 0. Need at least 1 (too many holdbacks (0) maybe?)

How to compare events from two sources to find outliers in data?

How to create a single query that can show Internal AND External users all in one table.

Table containing url, total requests, error responses

How to track memory/cpu usage per search execution (on Search Head/Indexer)?

Extract a Particular value from a already extracted field

Search and display results of a single field among two sourcetypes

Source IP not plotting on cluster map

rex

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions