Splunk Search

Thread Info

Is it possible to have multiple break_only_before regex for one sourcetype

I'm currently working through each of my companies Java apps and updating their sourcetypes using transforms and rege...

by New Member in

How to trim everything from a field after a comma

I have a field that contains: CN=Joe Smith,OU=Support,OU=Users,OU=CCA,OU=DTC,OU=ENT,DC=ent,DC=abc,DC=store,DC=cor...

by Engager in

how to extract a string before the @ symbol from an email adress?

I have the username filed extraction as follows in the props.conf which extracts the email address:- [sourcetype_...

by Builder in

Field extraction stanza help in props.conf?

I have the username filed extraction as follows in the props.conf which extracts the username:- [sourcetype_X] EXT...

by Builder in

Can you please help me in creating a table with multiple rows of the same field using stats or some other code?

I need to display multiple rows having the same PART_NUMBER value for each FLIT_COMPONENTS and AMOUNT sourcetype=f...

by Explorer in

How to count top results in each column?

Hi everyone, Trying to find out the top 10 values from different host long_message index functionality.. So tried lik...

by Explorer in

change colon to dash in Search

First, let me start by saying I am not a programmer, a Splunk expert, highly experienced with Regex or SED. I say thi...

by New Member in

What's the best easter egg in Splunk 4.2?

I think the title says it all.

by Splunk Employee in

Removing values from a field

how to remove values from fields highlighted in red index=main | eval description=case(status == 200, "OK", s...

by Explorer in

Outer Join not working

I have data in a CSV called 25_million_Linie_Rule.csv (example below) host,source,count "INTERFACES_BUILD","/hp547...

by Influencer in

Different element between two stats values() lists

search made before ...| stats values(user) as AllUsers, values(usr_mod) as ModifiedUsers And it returns two lists...

by Path Finder in

How do I show full series name while mouse over on the legend?

Hello, I have a line chart with multiple series in my dashboard. The series names are quite long, so they cut in t...

by Builder in

Subtract One Field from Another

Hi guys, I'm having trouble making a simple subtraction (well, I thought it would be simple!). Field1 is a number ...

by Path Finder in

What's the easiest way to return a multivalue result containing the values that are present in two multivalues?

Hello, Working with Splunk 7.3.2. I have two multivalues that have a set of values in common: | makeresults ...

by Motivator in

BREAK_ONLY_BEFORE_DATE=TRUE seems to not be working

A custom web application produces logs in the tomcat format like this: 2020-01-31 18:19:02,091 DEBUG [com.vendor.m...

by Contributor in

Arithmetic on multi field values

I am new to Splunk, and I need to perform arithmetic on some multi-field values. What is the best way to do this? Her...

by Engager in

How to sum the percentage of this two value in the table and rename it as X and show it in the table next to other values?!

As you can see in the picture there is 2 value (ChargeInProgress & Charging) which I know they are same (but whit the...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Is it possible to have multiple break_only_before regex for one sourcetype

How to trim everything from a field after a comma

how to extract a string before the @ symbol from an email adress?

Field extraction stanza help in props.conf?

Can you please help me in creating a table with multiple rows of the same field using stats or some other code?

How to count top results in each column?

change colon to dash in Search

What's the best easter egg in Splunk 4.2?

Removing values from a field

Outer Join not working

Different element between two stats values() lists

How do I show full series name while mouse over on the legend?

Subtract One Field from Another

What's the easiest way to return a multivalue result containing the values that are present in two multivalues?

BREAK_ONLY_BEFORE_DATE=TRUE seems to not be working

Arithmetic on multi field values

How to sum the percentage of this two value in the table and rename it as X and show it in the table next to other values?!

How to extract data

can't use a field with special characters in search --> _@timestamp

plot rate of change

Search fieldsummary values for search keyword

Logs aren't coming in, forward servers are listed as inactive

How to find events that are not splitting correctly

Scheduled Searches delayed by one hour

how to use the rex command to extract data when we have space

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...