Splunk Search

Discussions

Thread Info

Splunk Y2K-type bug arriving on September 13, 2020

Edit 2019-11-28: Splunk has released a better fix-it app than the one below. Edit 2019-11-25: I didn't notice the ...

by Path Finder in

How to table/chart over a period of time

trying to calculate groupings of VMs capacity growth over time but a chart or table looks to be the best answer if yo...

by Contributor in

Help creating a search that monitors after hour employee login

Hello, I had requested for anyone to provide me with a good search to monitor after hour employee login and I was pro...

by New Member in

System login after hours

Hello, I had requested help with a "search language that could determine system logins after core hours" and one of t...

by New Member in

Help with rex to search logs for deleting user context

I know I am missing something simple here, but I cannot seem to figure this out. I am trying to search my logs for t...

by Explorer in

field extraction between brackets

I have log file like this: A[1020/09/09] B[1013/09/09] C[05-07-00000000-000-A-B-C] want to extract field of A,...

by Motivator in

eval / rex a field and change its output

hello all, I have a lookup with two fields sourcetype and interval ( like below) ..some of the intervals are in se...

by Communicator in

What are THE most important SPL commands?

I get asked some form of this question often and I know what my answer is but I am curious about others. What is your...

by Esteemed Legend in

Filtering WinHostMon with transforms/props so it doesn't index the status of a particular service.

Hello, I am trying to use transforms/props to filter a service from being indexed This is what I have: /etc/...

by Explorer in

How to download existing lookup file? and how to add new row and modify existing lookup file table?

by Communicator in

Why is search not returning result when using map?

Hello, My following search results records for Account: index="X" AND (sourcetype="A:Proxy" OR sourcetype="A:order...

by New Member in

Add additional events to transaction by field

Hi, I need to group events where the first event begins with "Receive message" and grouped by thread id. But then nee...

by Engager in

How to dynamically remove a field from search & how to dynamically use threshold from lookup file and change color based on it?

Hi All, Hope you all are doing good. I am stuck with 2 questions may be due to my Splunk query knowledge, hope ...

by Explorer in

How to find license usage based on the all the indexes

When I run the below search I can see 94 indexes available. | eventcount summarize=false index=* index=_*| dedup i...

by New Member in

Field extraction

/data/scripts/esx/output_crc/dc1-ch1-esxi05.dca.com-vmnic0-20191211-10:40:40.txt I need to extract the field "dc1-...

by Explorer in

field extraction

/data/scripts/esx/outfile/dc1-ch1-esxi05.dca.com-vmnic0.txt I need to extract the dc1-ch1-esxi05.dca.com-vmnic0 f...

by Explorer in

How to change bar chart color and the legend label

How do I change a bar chart color base on the syslog severity level. Example: Informational to blue color, warning to...

by Path Finder in

How to rename timechart legend static names with variable names

Hello, I have a timechart search (search code snippet below), everything works great. The chart shows up and the leg...

by Engager in

Field Extraction And Evaluation

From the screenshot, i would like to achieve the below; LCU04 = 500 x 00000 LCU03 = 500 x 01985 LCU02 = 500 x 0198...

by Observer in

Track growth on new items within a time range using a timechart

I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ...

by Contributor in

How to show all the field values (including duplicates) in table

Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows...

by Explorer in

Lookups missing and receiving error message

Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occur...

by Engager in

Number of fields occurrence in json data

I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Filtered stateme...

by New Member in

Help with regular expression extract and match

I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] ...

by Motivator in

Time difference during mid night is showing as more than a day

Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Y2K-type bug arriving on September 13, 2020

How to table/chart over a period of time

Help creating a search that monitors after hour employee login

System login after hours

Help with rex to search logs for deleting user context

field extraction between brackets

eval / rex a field and change its output

What are THE most important SPL commands?

Filtering WinHostMon with transforms/props so it doesn't index the status of a particular service.

How to download existing lookup file? and how to add new row and modify existing lookup file table?

Why is search not returning result when using map?

Add additional events to transaction by field

How to dynamically remove a field from search & how to dynamically use threshold from lookup file and change color based on it?

How to find license usage based on the all the indexes

Field extraction

field extraction

How to change bar chart color and the legend label

How to rename timechart legend static names with variable names

Field Extraction And Evaluation

Track growth on new items within a time range using a timechart

How to show all the field values (including duplicates) in table

Lookups missing and receiving error message

Number of fields occurrence in json data

Help with regular expression extract and match

Time difference during mid night is showing as more than a day

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions