Splunk Search

Ask a Question

Discussions

Thread Info

How to use docker Splunk forwarder image to forward logs to an external Splunk enterprise?

I have splunk enterprise setup on a separate machine and I have an application running on another instance. Now I am...

by New Member in

Optimize rex command

Hi all, I want to extract fields form log events. I have two errors patterns : * Can not convert FOO from...

by Path Finder in

assigning repeating / rolling sequential field

I am looking to have a new field that will assign a reference to each, this reference will be sequential and will rep...

by Communicator in

how to add just field name in the main result which have no result ,value just want to display the name .

Hello all I want to display the field name(CNB) in the main result which has no result now but in future it ll. ...

by Path Finder in

Extrapolation of data volumes after connection of new systems / predicted license costs with lookup

The relevant data about the future development of CustID are read in via a lookup (new_custID.csv) based on the table...

by Path Finder in

Changing the color of comment macro

We can add comments to a splunk search by using "comment" macro. However to distinguish between SPL and comment, is t...

by Explorer in

weirdness using max() and min() in eval, operating on numeric multivalue fields

It seems like if you I have a numeric multivalued field, I should be able to use eval to take the max and min of the ...

by SplunkTrust in

How to modify a single row in a lookup file based on a particular row value?

I have a CSV lookup present with 1000 rows as per the below query. sourcetype="snow:cmdb_ci_service" | stats lates...

by Explorer in

help for calculating a trend in a table panel

hello from the code below, i would like to be able to add a new colum in my table panel which calculate the percen...

by Motivator in

Splunk Support for Active Directory: How to get results for multiple ldap host after running |ldaptestconnection command

Splunk Support for Active Directory: How to get results for multiple ldap host | ldaptestconnection domain="my Dom...

by Engager in

Splunk service on indexer server gets killed by OOM killer when it should not.

We operates splunk platform of 10+ SHC members & indexer cluster with 100+, version 7.2.9. From time to time we see t...

by Splunk Employee in

How to properly display trend comparison of values over Hour by Day for multiple days?

The following query will display a simple chart for trend comparison. This works well if you keep the days you're com...

by Path Finder in

Access Field for Value in Drop Down loaded by an input lookup file

Hi, I have prepared an input lookup file which has the following contents: OperationCode,Meaning,Direction 1001...

by Path Finder in

how to exclude a holiday from search splunk using lookup csv

Hi everyone , I would like to exclude a holiday list from my search using a lookup.csv . how to do ? thanks all of...

by New Member in

How to set specific options for certain fields in a chart

I am trying to get one of the fields in my timechart to not connect points on null values, whilst still allowing the ...

by Explorer in

filed extraction on specific path

Hi I want to create "field extract" on all logs that exist in below address. /opt/logs/file1.log /opt/logs/file2.log...

by Motivator in

help on complex dynamic pie chart

Hello I use the search below in order to display datas in a pie chart As you can see in my eval command, I agregat...

by Motivator in

LookUp Files Issues

I have a lookup file called PriceFactot.csv. I have defined this lookup table and then in query I use | inputlookup ...

by Contributor in

Is there any way to decode an encoded html values saved in a log file?

I want decode all the encoded html values present in an log file while indexing itself. Is there any way to do it ?

by New Member in

how to reduce SQL connections from splunk to oracle DB for good performance?

we are building various dashboards for monitoring purpose. Most of the dashboards need the data from database, which ...

by Engager in

Splunk table and regex filter

I have following data in "log" field, date1 name : message one date2 name : message two date3 name : message one date...

by New Member in

Combining results in a search

I have a search that graphs the number of events based on host name. It even colour codes into Windows and Linux host...

by Contributor in

Range Marker

I am trying to achieve the same visualization as documented over here: https://wiki.splunk.com/Community:Search_Repor...

by Communicator in

Is there an Equivalent of splParser?

I am trying to parse Splunk queries, is there an equivalent of splParser ? splParser outputs parse trees of SPL queri...

by New Member in

How to configure props.conf and transforms.conf to route data matching a certain regex to a specific index and drop all other events?

Hi, I'm running a test setup with some live syslog data and I want to do the following on my forwarder: 1) Rout...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use docker Splunk forwarder image to forward logs to an external Splunk enterprise?

Optimize rex command

assigning repeating / rolling sequential field

how to add just field name in the main result which have no result ,value just want to display the name .

Extrapolation of data volumes after connection of new systems / predicted license costs with lookup

Changing the color of comment macro

weirdness using max() and min() in eval, operating on numeric multivalue fields

How to modify a single row in a lookup file based on a particular row value?

help for calculating a trend in a table panel

Splunk Support for Active Directory: How to get results for multiple ldap host after running |ldaptestconnection command

Splunk service on indexer server gets killed by OOM killer when it should not.

How to properly display trend comparison of values over Hour by Day for multiple days?

Access Field for Value in Drop Down loaded by an input lookup file

how to exclude a holiday from search splunk using lookup csv

How to set specific options for certain fields in a chart

filed extraction on specific path

help on complex dynamic pie chart

LookUp Files Issues

Is there any way to decode an encoded html values saved in a log file?

how to reduce SQL connections from splunk to oracle DB for good performance?

Splunk table and regex filter

Combining results in a search

Range Marker

Is there an Equivalent of splParser?

How to configure props.conf and transforms.conf to route data matching a certain regex to a specific index and drop all other events?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!