Splunk Search

Ask a Question

Discussions

Thread Info

How to set host field in metrics to the value of a specific field when creating metrics from event data?

I am attempting to populate a metrics index with data from an event index. Using a search similar to: index="myindex...

by New Member in

How to round the output from chart command?

Hello, I have produced a table which shows distances between the cities. The search is shown below: my search |...

by Path Finder in

Help with search for average response time based on TotalTime value

I have multiple log events like below based on my search criteria- 2020-03-11 08:23:55,141 - [UserId=xyz | UserNam...

by Engager in

Help fixing string with newline that is not searchable

Hi, if my string is "asdf .\r\n asdf" and I filter on that (Add to search) I get "No results found". Any idea h...

by Engager in

add seconds or minutes every 50000 events

Good afternoon Currently you try to index data to an index summary, but these events do not contain a timestamp so...

by Path Finder in

Timestamp comparison from an inputlookup

Hi All, I do have cumbersome problem...I have a table built out from an inputlookup search. We have n-columns in this...

by Explorer in

is there a way to display each row in a table as a tile..?

I want to show each row as a tile with different customization. 1. Based on the row value i should change the color o...

by Path Finder in

lookup users that do not match users in search

I have created a search to match search results for users to users in a lookup: | inputlookup AD_User_LDAP_list ap...

by Communicator in

Using tokens in XLM dashboard table "fields" tag- fields won't update dynamically

I have an XML form that has a select box control that allows users to select the fields they want displayed in the ou...

by Path Finder in

Field extraction of multi-line event with header

I have a script for Linux that executes "sar -n DEV" and formats the output to look like: Linux <kernel version> (...

by Communicator in

How to trim splunk logs to get time and particular field

Below are the sample entries from splunk. Highlighted the entries which i want to list down. Please suggest a splunk...

by New Member in

Icelandic unicode character - "Interesting fields" showing no result

Hi, I'm writing json NLog files from Visual Studio into Splunk (with NLog WebService target). In my Splunk sear...

by Engager in

How to extract Json array of objects data into table format in Splunk ?

Example data : We need to extract below json data into table format in Splunk ?link text "assets": [ { "id": 1, ...

by Motivator in

Splunk Cloud rex extraction on search

Attempt A index="w3c" | rex field=_raw "?(sessionid=?)\w{8}-\w{4}-\w{4}-\w{4}-\w{12}" | table ABC _raw Attempt B in...

by New Member in

How to pull events on status events based on time stamps

When someone gets activated and deactivated this data is consolidated -- always. My question is how can I separat...

by New Member in

List of top URLs with hourly count > 50

Hi, I have a ask where I need to find out top 100 URL's who have hourly hits more than 50 on the server means if a pa...

by Explorer in

Chart - select multiple values for drilldown

Hi, I am looking forward to create a bubble chart like this: https://www.highcharts.com/demo/bubble, where I can c...

by Path Finder in

Sub search not returning string

Why does a sub search return a boolean value? I am expecting to see the department value. index="activedirectory" ...

by Path Finder in

Get all data even host name is getting changed while searching

Hi I am monitoring log file from one folder and giving host field name as hostname. ex. I am monitoring C:\Logs\GTA(...

by Builder in

timestamp issue

Hi I have issue with timestamp, here is the problem: every day at "1 AM" all log files copy into the logserver. this ...

by Motivator in

Writing a join query to extract usernames from sessionID

Hi there, I need help writing a query that finds the username of whoever ran a command on A Linux server. For exa...

by Path Finder in

substraction: | eval field1=mvfilter(match(field, "OUT$")) <-substract-> | eval field1=mvfilter(match(field, "IN$"))

Hello Community, I evaluate the values of a single field which comes with values such as: OUT; IN; DENIED and can ...

by Explorer in

how to find index names from Splunk saved searches

How to find the indexes that the saved searches are running against? Few of my searches are not using index names wit...

by Path Finder in

json field extraction

Hi , Below is the json snippet properties: { [-]columns: [ [-]{ [-]name: PreTaxCosttype: Number}{ [-]name: Usag...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to set host field in metrics to the value of a specific field when creating metrics from event data?

How to round the output from chart command?

Help with search for average response time based on TotalTime value

Help fixing string with newline that is not searchable

add seconds or minutes every 50000 events

Timestamp comparison from an inputlookup

Recommended No of Concurrent searches for the current infrastructure

is there a way to display each row in a table as a tile..?

lookup users that do not match users in search

Using tokens in XLM dashboard table "fields" tag- fields won't update dynamically

Field extraction of multi-line event with header

How to trim splunk logs to get time and particular field

Icelandic unicode character - "Interesting fields" showing no result

How to extract Json array of objects data into table format in Splunk ?

Splunk Cloud rex extraction on search

How to pull events on status events based on time stamps

List of top URLs with hourly count > 50

Chart - select multiple values for drilldown

Sub search not returning string

Get all data even host name is getting changed while searching

timestamp issue

Writing a join query to extract usernames from sessionID

substraction: | eval field1=mvfilter(match(field, "OUT$")) <-substract-> | eval field1=mvfilter(match(field, "IN$"))

how to find index names from Splunk saved searches

json field extraction

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions