Splunk Search

Discussions

Thread Info

How to show the whole text in a table column while hovering on it ?

I want to display the text of a column of a table in one line. After hover to it, it should show whole the descriptio...

by Path Finder in

Help building regex for searches based on cs_username field.

I'm having no luck building a regex to match cs_usernames. What I'm looking for are two separate searches both based ...

by Observer in

Timechart glich with column VALUE

Got a cenario where timechart returned me a column named 'VALUE' where I don't have a value=VALUE in my logs as part ...

by Engager in

srchMaxTime default unit in authorize.conf

Hello guys, is it OK to use srchMaxTime = 9000, it looks like it does 9000 seconds? In authorize.conf doc it as...

by Motivator in

How to return a single value from a subsearch into eval Part 2

I found a different answer article with an example of what I'm trying to do, but I can't get it to work on my end. ...

by Path Finder in

How to create search for daily license usage report per host?

Hi All, I need to create a Splunk License usage report on a daily basis for all the reporting hosts. Can someone p...

by Path Finder in

Filter results based on aggregates (Another question of Splunk's way to emulate SQL's "HAVING" )

My goal is to design an alert that will populate a table of raw results, but only when certain evaluation aggregates ...

by Path Finder in

Crowdstrike TA error

Hi, Running into this error trying to setup the Streaming API: 04-03-2020 11:37:21.473 +0000 INFO TcpOutputPro...

by New Member in

How do you add a static drop-down for specific field values with conditonal?

System OS ABC Windows-Server-2016 ABC Windows-10-Enterprise ABC Mac-OSX DEF Windows Server-2016 DEF Windows Server-2...

by Communicator in

Need to create a search thatshows both success percentage and failure count in dual axis combo chart.

Hi, I need to write a search that shows both the success percentage and failure count in a dual axis combo chart....

by Path Finder in

Rex mode=sed diff between replace and substitute

What are the differences between option "s" and "y"? index=_internal sourcetype=splunkd | rex mode=sed “s/idx=\d+...

by Builder in

CSV Lookup - Exclusions - Help Required.

Hi guys, I'm trying to work out what's wrong with my search (see below). I have a CSV lookup file with a list of n...

by Path Finder in

Extract Comma seperated fields

I have 3 fields(Key, Version, Date) seperated by comma and records(can be many) seperated by ;(semicolon). Exampl...

by Observer in

How to filter values to remove attributes from a table?

Hello Splunkers, I appended two different searches within Splunk. Then I created a table, and now I need to filter...

by New Member in

How to convert tabular data to time series data?

I have a lookup file, which is of the format: "Department", "Jan FY20", "Feb FY20", "Mar FY20", "Apr FY20" "Sales"...

by Path Finder in

How do I extract a comma separated field during search?

I have event data in Splunk that look like this: 2013-02-14 11:32:46.4314 app=ws3 sev=INFO mid=1325748 , Fooo, Bar...

by Path Finder in

How to display count from last week and avg from last month on one timechart

I'm trying to plot count of errors from last week per day and daily average value from month. The result from query b...

by Path Finder in

How to extract data of JSON in one row?

I have this JSON, and I want extrac the value when the name is "ca-channel" and value when name is "Ca-Request-Id" bu...

by New Member in

Another method to connect two search results other than using the join command?

Hello is there another way to connect these two other than join... I have read that stats is faster than join ... is ...

by Explorer in

Remove extra fields

I search the syntax and find Account_Domain result contains two column. How can I result first column so that I left ...

by Explorer in

Search time knowledge and lispy

I have been participating in Splunk Advanced Searching and Reporting course and there is one thing that is mentioned ...

by Explorer in

How to count number of API calls on multiple distributed hosts?

Hi Team, I have 10 APIs, which run on two distributed hosts, and I want to know the count of API calls on each of ...

by Explorer in

Average of stats two fields values

I have Below Splunk query to get some data from my logs index=myindex sourcetype=mysourcetype "search string" | s...

by Engager in

Field Extraction from Raw Data

Hello, Im new to splunk and just started learning it and im having little issues extracting some fields from a raw...

by Engager in

How to search how much bandwidth a forwarder is using?

I'm trying to find how much bandwidth a forwarder is using and how many hosts are sending over the forwarder. I want ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to show the whole text in a table column while hovering on it ?

Help building regex for searches based on cs_username field.

Timechart glich with column VALUE

srchMaxTime default unit in authorize.conf

How to return a single value from a subsearch into eval Part 2

How to create search for daily license usage report per host?

Filter results based on aggregates (Another question of Splunk's way to emulate SQL's "HAVING" )

Crowdstrike TA error

How do you add a static drop-down for specific field values with conditonal?

Need to create a search thatshows both success percentage and failure count in dual axis combo chart.

Rex mode=sed diff between replace and substitute

CSV Lookup - Exclusions - Help Required.

Extract Comma seperated fields

How to filter values to remove attributes from a table?

How to convert tabular data to time series data?

How do I extract a comma separated field during search?

How to display count from last week and avg from last month on one timechart

How to extract data of JSON in one row?

Another method to connect two search results other than using the join command?

Remove extra fields

Search time knowledge and lispy

How to count number of API calls on multiple distributed hosts?

Average of stats two fields values

Field Extraction from Raw Data

How to search how much bandwidth a forwarder is using?

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!