Splunk Search

Discussions

Thread Info

Bug? Custom drilldown cannot handle question mark

Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio...

by SplunkTrust in

How to extract words and digits from a particular field

Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA...

by New Member in

How to get a numeric field extracted

I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 ...

by New Member in

Splunk querying nested log

I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? M...

by Explorer in

How to remove a duplicate from a lookup or only return one of the results?

I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning...

by Explorer in

Unable to extract value and receiving error message

What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" | rex field...

by Explorer in

extract valued of a field

Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ...

by New Member in

Dynamic multiple field and value extraction

Hello together, i use splunk the version 7.2.4.2 and had the following issue by creating a dynamic field exctratio...

by Explorer in

How to combine information to a list

Hello, I have a query to get the following lines: element ID value temp (wanted) ABC 1 false "false false false tr...

by Explorer in

Seeking help running excessive DNS queries report

Hi Splunkers. I'm not very good with writing more complicated searches so I am seeking your help. I wrote a search to...

by Path Finder in

How to join two events based on one common value?

Hi, I have two different events of data : Event 1 = mail : id_mail : 1 title_mail : test mail_srv : host1 Even...

by New Member in

How do I get a unique count with my query?

Below is a query that I am able to get a list of accounts, and the total times they each have been received. How c...

by New Member in

Table Different from Return

Hello, I don't understand why the values in my | table are different from the values in my | return.... | format comm...

by Builder in

How do we clean our multi-site replication and search factor settings?

On our cluster master I see the following - [clustering] .... mode = master multisite = true available_sites = sit...

by Motivator in

Alert - Throttling is not working for search query

Hi, I have a requirement. Please suggest how to proceed further. In the Alert need to run the search query for every ...

by New Member in

How to combine two fields with eval ?

paymenttype RefunpaymentType DEBIT DEBIT GIFTCARD PGIFTCARD ORIGINAL CREDITCARD ORIGINAL DEBITCARD I am trying ...

by Explorer in

Restoring old data to Splunk Indexer Cluster

Hi All, We have 7 indexers and they are in a cluster. Our hot and warm buckets are stored inside the local storage...

by Communicator in

Convert epochtime to minutes

Hi I need to Convert an #epoch time to #minutes any ideas please guys would be really grateful - Thanks

by Engager in

Table keep last event by criteria

Hi I've a question regarding stat or eventstat option last. I would like to keep the last "event" in a table with ...

by Engager in

help on subsearch which works randomly

Hi I use the search below what is strange is that sometimes it works fine and five minutes ago I can retrieve the ...

by Motivator in

Splunk skips or delays indexing of the log file during the rotation occassionaly

Hello Splunkers, I have an issue where Splunk some times skips to index the log file during the rotation or delays...

by Path Finder in

lookup and index

Hello, my research: index="dc_winaudit" host=IN1101D9 OR host=IN1101DA OR host=IN1101DB OR host="IN1101DC" OR host="...

by Path Finder in

How to group and count similar field values

Hi, Im looking for a way to group and count similar msg strings. I have the following set of data in an transactio...

by New Member in

Reg Ex/ REX to match patterns

Hello All, THis might be simple question but need some guidance here: i'm using pattern match like below but no...

by Path Finder in

Performantly overriding sourcetype per event with new replacement string, not backreference?

I know how to use Splunk 7.3.0 to overrride source type per event using a backreference. For example, given this snip...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Bug? Custom drilldown cannot handle question mark

How to extract words and digits from a particular field

How to get a numeric field extracted

Splunk querying nested log

How to remove a duplicate from a lookup or only return one of the results?

Unable to extract value and receiving error message

extract valued of a field

Dynamic multiple field and value extraction

How to combine information to a list

Seeking help running excessive DNS queries report

How to join two events based on one common value?

How do I get a unique count with my query?

Table Different from Return

How do we clean our multi-site replication and search factor settings?

Alert - Throttling is not working for search query

How to combine two fields with eval ?

Restoring old data to Splunk Indexer Cluster

Convert epochtime to minutes

Table keep last event by criteria

help on subsearch which works randomly

Splunk skips or delays indexing of the log file during the rotation occassionaly

lookup and index

How to group and count similar field values

Reg Ex/ REX to match patterns

Performantly overriding sourcetype per event with new replacement string, not backreference?

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions