Splunk Search

Ask a Question

Discussions

Thread Info

How to find license usage based on the all the indexes

When I run the below search I can see 94 indexes available. | eventcount summarize=false index=* index=_*| dedup i...

by New Member in

Field extraction

/data/scripts/esx/output_crc/dc1-ch1-esxi05.dca.com-vmnic0-20191211-10:40:40.txt I need to extract the field "dc1-...

by Explorer in

field extraction

/data/scripts/esx/outfile/dc1-ch1-esxi05.dca.com-vmnic0.txt I need to extract the dc1-ch1-esxi05.dca.com-vmnic0 f...

by Explorer in

How to change bar chart color and the legend label

How do I change a bar chart color base on the syslog severity level. Example: Informational to blue color, warning to...

by Path Finder in

How to rename timechart legend static names with variable names

Hello, I have a timechart search (search code snippet below), everything works great. The chart shows up and the leg...

by Engager in

Field Extraction And Evaluation

From the screenshot, i would like to achieve the below; LCU04 = 500 x 00000 LCU03 = 500 x 01985 LCU02 = 500 x 0198...

by Observer in

Track growth on new items within a time range using a timechart

I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ...

by Contributor in

How to show all the field values (including duplicates) in table

Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows...

by Explorer in

Lookups missing and receiving error message

Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occur...

by Engager in

Number of fields occurrence in json data

I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Filtered stateme...

by New Member in

Help with regular expression extract and match

I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] ...

by Motivator in

Time difference during mid night is showing as more than a day

Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ...

by Explorer in

Interesting fields count and percentage incorrect

I have encountered a strange issue when clicking on an "interesting field" in the left side bar under the events tab,...

by Engager in

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d...

by Path Finder in

Problem with Geospatial lookup and geom command

Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's...

by Communicator in

Clarification about appendcols needed

Hello, My alert looks as follows: |inputcsv anomalies_ls5923.txt | where like(ANOMALY_ID, "iA%")| tail 1 |renam...

by Builder in

struggle with RegEx field extraction on a Windows Event log

Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo...

by Path Finder in

Minutes and seconds formating

I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the...

by Explorer in

Which events has been searching for

Hi all! Need some help with a serach that showing which events has been searching for, last 90 days.

by Explorer in

Need to populate recent time value at the column left and oldest time towards right using chart command

Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Belo...

by New Member in

merge a string in a list relatively to another string

Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in a...

by Explorer in

Total Results With All Fields Showing

I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t...

by Explorer in

Lookup not working, it is generating a "NOT ()" query for some reason.

lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that...

by Builder in

correct TIME_FORMAT for time stamp

Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend...

by Path Finder in

How to extract and create multiple fields for the same log line

If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find license usage based on the all the indexes

Field extraction

field extraction

How to change bar chart color and the legend label

How to rename timechart legend static names with variable names

Field Extraction And Evaluation

Track growth on new items within a time range using a timechart

How to show all the field values (including duplicates) in table

Lookups missing and receiving error message

Number of fields occurrence in json data

Help with regular expression extract and match

Time difference during mid night is showing as more than a day

Interesting fields count and percentage incorrect

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

Problem with Geospatial lookup and geom command

Clarification about appendcols needed

struggle with RegEx field extraction on a Windows Event log

Minutes and seconds formating

Which events has been searching for

Need to populate recent time value at the column left and oldest time towards right using chart command

merge a string in a list relatively to another string

Total Results With All Fields Showing

Lookup not working, it is generating a "NOT ()" query for some reason.

correct TIME_FORMAT for time stamp

How to extract and create multiple fields for the same log line

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Customer success is front and center at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions