Splunk Search

Discussions

Thread Info

My events are in the below mentioned description format, How can extract fields with multi values, perfect solution/query ?

Event 1: Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.0G 1.7G 71% / /dev/sd...

by Engager in

How multivalue of field can be extracted in the below mentioned event , all the events are in the same format, any solution/query ?

Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.3G 1.4G 77% / /dev/sda1 ext3 1...

by Engager in

where does splunk store output of shell scripts?

Hi, On Splunk forwarders, we have few shell scripts in "SPLUNK_HOME/etc/apps/my_app/bin/" that are being run. Just...

by New Member in

How to extract value using KV pairs?

Hello all, How I can extra value from my event? 23-Oct-2019 08:07:23 <TestCase1>23</TestCase1> 23-Oct-2019 08:0...

by New Member in

How to create a search to find offline event that does not have a corresponding succeeding online event

Hello, I have a sourcetype which has data telling me if something goes offline and then when it comes online. I a...

by Path Finder in

simple table to count monthly and yearly

Hi together i have some events like: date product count_soled_today 2019-01-06 bike ...

by New Member in

using greater than comparison on a property is not working

I am trying to filter my results on a property that is greater than a certain value and it is not returning any resul...

by New Member in

How to display the values in search result as fields?

I have a search which return below results: status total_user passed 7 failed 3 unknown 14 ...

by Path Finder in

Lookup/join from another index

Hi there i am looking to join information from 2 separate indexes but due to performance constraints i am not able...

by Engager in

when set no_priority_stripping = true the host change

Hi, when I set no_priority_stripping = true the host change from IP Address to Host name when performing a search ...

by Path Finder in

Network_Traffic DM

Splunk - Bytes Out/In are not going into Network_Traffic Data Model correctly. How would I troubleshoot to find the a...

by Loves-to-Learn Everything in

Replacing part of the field value

eval name=replace(dependency_name,"GET /getreadinesscheck","GET") trying to replace GET /getreadinesscheck with Get i...

by New Member in

What makes a CIDR lookup?

We are meeting with the vendor for a demo and they asked that we fix a CIDR lookup. What should be in a CIDR lookup?

by Motivator in

paychex/Splunk.Conf19 Cover Your Assets (CYA): Export error with fields tagged.abcd=efgh

I get the following error for the export search example (CYA_Export_For_Core_Splunk_Query). Seems to be due to fields...

by Path Finder in

help me on how i can create lookup file in lookup editor

Greetings!! help me on how i can create lookup file in lookup editor I use to see a field called host that is i...

by Communicator in

Splunk eval if ELSE or case

Hi All, Im working on windows AD data and gathering info from various eventIds. i have grouped the eventIds and...

by Path Finder in

How to search for "*" (asterisk) values in a field?

Hi, I have TYPE field, that have a value of *, **, ***. When I'm trying to |search TYPE="*" (all of the events ...

by Engager in

Check for event that has not changed for X days

Hello. I'm struggling with a query. We want to search Windows Event logs for accounts whose passwords have not bee...

by Builder in

How to get percentage of null vs not-null values grouped by each day?

Hi, I've written a query to get percentage of null vs not-null values of a particular field (i.e. billValue). Howe...

by Explorer in

How to get timechart to work in a search with multiple calculations

Hello, I am trying to make a timechart for my field "finalProfit" in the search below. I have tried doing timechart ...

by Path Finder in

timecharting 2 seperate data sources with a case statement. What about this makes it so it will never get the label "msad", EVER

Something about this search makes it so we absolutely never get into the case that would label the column "msad". I h...

by Path Finder in

Use Date String in Search

Background I have a date string that I want to use in a search, but I don't know how. Log I have this text (...

by Engager in

How to extract the protocol, Device_IP, transaction sequence number and the message type with regex

I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input....

by New Member in

How can i run some script (python or powershell) if i receive some particular log ??

How can i run some script (python or powershell) if i receive some particular log ?? either in search or in alert ??

by New Member in

conditional search

I've read other answers related to conditional searches, still cannot find an answer to my problem. The situation is ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

My events are in the below mentioned description format, How can extract fields with multi values, perfect solution/query ?

How multivalue of field can be extracted in the below mentioned event , all the events are in the same format, any solution/query ?

where does splunk store output of shell scripts?

How to extract value using KV pairs?

How to create a search to find offline event that does not have a corresponding succeeding online event

simple table to count monthly and yearly

using greater than comparison on a property is not working

How to display the values in search result as fields?

Lookup/join from another index

when set no_priority_stripping = true the host change

Network_Traffic DM

Replacing part of the field value

What makes a CIDR lookup?

paychex/Splunk.Conf19 Cover Your Assets (CYA): Export error with fields tagged.abcd=efgh

help me on how i can create lookup file in lookup editor

Splunk eval if ELSE or case

How to search for "*" (asterisk) values in a field?

Check for event that has not changed for X days

How to get percentage of null vs not-null values grouped by each day?

How to get timechart to work in a search with multiple calculations

timecharting 2 seperate data sources with a case statement. What about this makes it so it will never get the label "msad", EVER

Use Date String in Search

How to extract the protocol, Device_IP, transaction sequence number and the message type with regex

How can i run some script (python or powershell) if i receive some particular log ??

conditional search

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions