Splunk Search

Discussions

Thread Info

Track growth on new items within a time range using a timechart

I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ...

by Contributor in

How to show all the field values (including duplicates) in table

Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows...

by Explorer in

Lookups missing and receiving error message

Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occur...

by Engager in

Number of fields occurrence in json data

I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Filtered stateme...

by New Member in

Help with regular expression extract and match

I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] ...

by Motivator in

Time difference during mid night is showing as more than a day

Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ...

by Explorer in

Interesting fields count and percentage incorrect

I have encountered a strange issue when clicking on an "interesting field" in the left side bar under the events tab,...

by Engager in

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d...

by Path Finder in

Problem with Geospatial lookup and geom command

Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's...

by Communicator in

Clarification about appendcols needed

Hello, My alert looks as follows: |inputcsv anomalies_ls5923.txt | where like(ANOMALY_ID, "iA%")| tail 1 |renam...

by Builder in

struggle with RegEx field extraction on a Windows Event log

Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo...

by Path Finder in

Minutes and seconds formating

I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the...

by Explorer in

Which events has been searching for

Hi all! Need some help with a serach that showing which events has been searching for, last 90 days.

by Explorer in

Need to populate recent time value at the column left and oldest time towards right using chart command

Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Belo...

by New Member in

merge a string in a list relatively to another string

Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in a...

by Explorer in

Total Results With All Fields Showing

I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t...

by Explorer in

Lookup not working, it is generating a "NOT ()" query for some reason.

lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that...

by Builder in

correct TIME_FORMAT for time stamp

Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend...

by Path Finder in

How to extract and create multiple fields for the same log line

If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1...

by Explorer in

count eval, error using AND

Hello, I'd like to count events from Windows Logs in my search that include both EventCode="4624" as well as Account_...

by New Member in

Conversion of epoch time in rex extracted field

Hey All, Need some assistance with extracting/converting the epoch timestamps on index buckets from a search that ...

by Builder in

Can stats be in the subject of an alert-generated e-mail?

We have an alert, that checks for a particular condition (Oracle-errors) across multiple indexes: (index=HOP OR in...

by Path Finder in

Error with eval expression using eventstats command in Splunk Datamodel

Hi, I want to create below search using splunk DataModel: index="oqa_pub" sourcetype="idesk_db_inc" |search RESOLV...

by New Member in

Can we run the query for 100 or so hosts?

We have the following that runs nicely for one host - index=<index name> host=<host name> source=<source name> sou...

by Motivator in

How to evaluate multiple fields and replace field output with new string

I have an issue where events are displaying incorrect information for a particular field in my search. Example: ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Track growth on new items within a time range using a timechart

How to show all the field values (including duplicates) in table

Lookups missing and receiving error message

Number of fields occurrence in json data

Help with regular expression extract and match

Time difference during mid night is showing as more than a day

Interesting fields count and percentage incorrect

How can I pass a list of parameters to a custom Generating command to iterate over and generate events?

Problem with Geospatial lookup and geom command

Clarification about appendcols needed

struggle with RegEx field extraction on a Windows Event log

Minutes and seconds formating

Which events has been searching for

Need to populate recent time value at the column left and oldest time towards right using chart command

merge a string in a list relatively to another string

Total Results With All Fields Showing

Lookup not working, it is generating a "NOT ()" query for some reason.

correct TIME_FORMAT for time stamp

How to extract and create multiple fields for the same log line

count eval, error using AND

Conversion of epoch time in rex extracted field

Can stats be in the subject of an alert-generated e-mail?

Error with eval expression using eventstats command in Splunk Datamodel

Can we run the query for 100 or so hosts?

How to evaluate multiple fields and replace field output with new string

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions