Splunk Search

Discussions

Thread Info

how to create a record if missing

exmaple below column1:column2 1:10 2:15 4:30 5:40 in this example, column1 is missing "3", i would like to crea...

by Builder in

need help with UI based lookup wildcard/CIDR

I recently noticed that the UI for lookup definitions now has an advanced checkbox. If I select that I get the option...

by Builder in

How to add a conditional where based on the field existence?

mvexpand metrics | spath input=metrics | rename "cityCode" as pcc | where if($selected_pcc|s$="all",like(pcc,"%"),lik...

by New Member in

Data Model acceleration not working for 1 out of 5 event datasets

I have one data model accelerated which contains 5 event datasets with simple fields conditions. Now when I try to ju...

by Contributor in

How to check total logs size in MB being sent by a host

Hey Guys, Our Netflow monitoring system shows that most of the bandwidth is being consumed by port 9997 coming fro...

by Explorer in

Eval expression field not working in data model.

Here is my attempt to create a new field eval in datamodels (no results): Here is the same data, just not usi...

by Communicator in

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

Hi, I have the following rest call on a new 6.4 environment, and it's coming back with error: curl: (56) Failur...

by Champion in

Extract the name of the current running alert search

Hello, I have several alerts running on minute base and would like to know within the SPL of the currently running...

by Builder in

Field Extraction needed

Hi, I need extraction on below data. Variations are many but I need a specific string extracted from each variatio...

by Builder in

How to hide the minus character from the bar graph

Hello, I have generated a bar graph which has values on both positive and negative sides of the x axis. Logically,...

by Path Finder in

Join across multiple sources display all sources with values present or not

Hello, I have query which joins across 4 sources and correlationid may or may not exists across all sources, I want t...

by Explorer in

Cannot update .js files on local server

I have updated the .js files of a local host of an app. I have been unable to update using url commands when trying t...

by New Member in

Splunk data for a particular time span

Hi , I am looking to get a data in the format from tomcat access logs for particular time span.

by New Member in

How to disable a search for a dashboard panel?

I have a dashboard (really a form) with few panels each doing a search and export and several input fields each (all ...

by Path Finder in

rex not working as expected

What is wrong with this rex?? This is the rex that the system gives me when I do a extract fields option. index=x ...

by Motivator in

how to enable Annotation based on token value.

Hello, I am using event Annotation on timechart. but I want to activate only in case of specific services/ based o...

by Builder in

How to get timestamps from first and last transaction events to calculate the time difference in hours?

I have multiple events in a server that I would like to get the timestamp from the very first transaction and the tim...

by Path Finder in

How to create a conditional rex statement on file extension or directory?

I'm trying to figure out how to do a conditional rex statement that looks at a windows file path and determines if th...

by Contributor in

How to calculate the difference between the first and the last row for each page in search results?

My search produced the following CSV: Date Page_1 Page_2 Page_3 Page_4 Page_5 Page_...

by Contributor in

nested eval with stats count not working while using Data Model

Below is my query: |datamodel testing search |search wells.API="enroll" |stats count(eval(wells.resp_code="S" OR (...

by Communicator in

Splunk chart for time interval

HI , I am trying to get the number of hits of users for very 3 minutes . And am able to generate the chart with...

by New Member in

How to extract the username from a raw event?

Here is the raw event log: Apr 22 08:04:46 10.14.10.66 1 2020-04-22T08:04:47-07:00 connect.abcd.com PulseSecure: -...

by New Member in

how to send Splunk email alert to inbox not junk mailbox?

Recently, i have created an splunk search alert. It had successfully triggered the alert, while the alert mail sent t...

by Explorer in

extract content of brackets

how can i extract content of first bracket if it is string? e.g: 2020-04-21 23:59:59,093 INFO xxx.xxx-zz-00000 [pr...

by Motivator in

Efficiently counting the occurrences of a delimited substring across events.

In my event data, I have a field called "blocks", the content of that field is a comma separated list of blocks. ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to create a record if missing

need help with UI based lookup wildcard/CIDR

How to add a conditional where based on the field existence?

Data Model acceleration not working for 1 out of 5 event datasets

How to check total logs size in MB being sent by a host

Eval expression field not working in data model.

Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"?

Extract the name of the current running alert search

Field Extraction needed

How to hide the minus character from the bar graph

Join across multiple sources display all sources with values present or not

Cannot update .js files on local server

Splunk data for a particular time span

How to disable a search for a dashboard panel?

rex not working as expected

how to enable Annotation based on token value.

How to get timestamps from first and last transaction events to calculate the time difference in hours?

How to create a conditional rex statement on file extension or directory?

How to calculate the difference between the first and the last row for each page in search results?

nested eval with stats count not working while using Data Model

Splunk chart for time interval

How to extract the username from a raw event?

how to send Splunk email alert to inbox not junk mailbox?

extract content of brackets

Efficiently counting the occurrences of a delimited substring across events.

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions