Splunk Search

Discussions

Thread Info

How to display column results in descending order?

It shows the result in the below format uri 208 400 ... .... ... I w...

by Engager in

help on eval condition

Hi I use the search below which works fine but I have an issue with my eval command why i can retrieve the "No SPLUNK...

by Motivator in

Is there a difference in efficiency between this sort and reverse?

Delta cites an example using sort - _time. Is there a difference in efficiency between this sort and reverse?

by SplunkTrust in

Event count from 2 dates

How do we get event count from 2 dates. Something like this - 2/11/18 3/11/18 4...

by Explorer in

Why do some events display date fields and other don't?

Hi, I noticed that one of my custom feeds has date fields (date_hour, date_mday...), but other ones, which are nat...

by Champion in

One Value from one field should compare every other value from other field and return the 3rd field value.

Query: index=data_core sourcetype=data_log is_scheduled=1 | rex max_match=0 field=search "savedsearch\s{0,}\"{1}(...

by Explorer in

How to query a lookup table based on time

HI All I have a lookup table which is populated by a scheduled search once everyday. The lookup table looks like b...

by Path Finder in

How to separate a search by groups of hosts?

Hello! If I run this query, I'll get a graph of the # of queries over time aggregated for all of my hosts. host...

by Explorer in

Why is CSV data with multiple values in one cell parsing incorrectly?

I'm trying to upload a CSV file into Splunk, however, it doesn't seem to parse it correctly for the multiple values f...

by Engager in

How to extract substring in a string for eval case?

Hi All, I have a field "CATEGORY3," with strings for example:- Log 1.2 Bundle With 12 INC Log 1.2 Bundle With 3 I...

by Communicator in

Field extraction receiving error message

Any time I try using the Extract Field option in an event list the next page returns this error: Error in 'rex' co...

by Explorer in

Help with regex for field extraction

Hi, I have a field value as below. These are all fixed positions all across. /COMPANY LOCATIONS/PA/PHILADELPHI...

by Builder in

Escape a period in transforms regex to drop log?

I'm collecting DNS logs and I'm trying to drop all logs with sub.domain.com as the query. In my transforms.conf I hav...

by Builder in

How to disable location clustering of results on a map generated by the geostats command in Splunk 6.1?

I have a geostats map in version 6.1 and I want to force it to NOT use clustering. I want to see an indicator for eac...

by Explorer in

Splunk rex help: regex for windows and unix path

Hi, I am a newbie to SPL. I am trying to write a regex that will extract the unix/windows path from the full_log fiel...

by New Member in

How to create a timechart that makes same search run for a different date range in a single chart

I have a search string that runs a SQL search and returns two columns (items and count) from DB. I run this search on...

by Explorer in

How to convert Day Mon Date HH:mm:ss UTC Year to YYYY-MM-DD HH:MM:SS:Q

Hi, I have a Timestamp field as Fri Nov 22 03:37:15 UTC 2019 and I want to convert into YYYY-MM-DD HH:MM:SS:6Q format...

by Explorer in

IT Audit in full network, servers ??

Need to perform the full audit of all the network and servers.

by New Member in

How to make search efficient with spath and regex

How can I make this search efficient? earliest=-1m source="/var/log/aws/opsworks/opsworks-agent.statistics.log" h...

by Path Finder in

How to search for a specific field

Here is the output of my log message: {"line":"2019-11-21T22:09:29.982Z LCS LCE [abc-75] INFO i.r.queue.poller...

by Path Finder in

How to add up the number of IPs in a row and output the count into a field within the same table

Good morning to all, I want to add up the IPs in each row under the Affected_IPs field and output the count into t...

by New Member in

How to search against multiple elements

I'm trying to capture occurrences when multiple criteria are true in an event where elements can exist multiple times...

by New Member in

Inconsistent Count result

Original Search sourcetype=xxx | dedup user | timechart span=1d count(user) I found that the results are differ...

by Explorer in

Help with rex for part of a file path

Here is my path: C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log I would like to grab just the "sample.doma...

by Path Finder in

iplocation returning erronius results

Hello, we are seeing some strange results when trying to map RAS connections to our organisation.. The search i am...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display column results in descending order?

help on eval condition

Is there a difference in efficiency between this sort and reverse?

Event count from 2 dates

Why do some events display date fields and other don't?

One Value from one field should compare every other value from other field and return the 3rd field value.

How to query a lookup table based on time

How to separate a search by groups of hosts?

Why is CSV data with multiple values in one cell parsing incorrectly?

How to extract substring in a string for eval case?

Field extraction receiving error message

Help with regex for field extraction

Escape a period in transforms regex to drop log?

How to disable location clustering of results on a map generated by the geostats command in Splunk 6.1?

Splunk rex help: regex for windows and unix path

How to create a timechart that makes same search run for a different date range in a single chart

How to convert Day Mon Date HH:mm:ss UTC Year to YYYY-MM-DD HH:MM:SS:Q

IT Audit in full network, servers ??

How to make search efficient with spath and regex

How to search for a specific field

How to add up the number of IPs in a row and output the count into a field within the same table

How to search against multiple elements

Inconsistent Count result

Help with rex for part of a file path

iplocation returning erronius results

ATTENTION!! We’re MOVING (not really)

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

AppDynamics Summer Webinars

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions