Splunk Search

Discussions

Thread Info

How to add up the number of IPs in a row and output the count into a field within the same table

Good morning to all, I want to add up the IPs in each row under the Affected_IPs field and output the count into t...

by New Member in

How to search against multiple elements

I'm trying to capture occurrences when multiple criteria are true in an event where elements can exist multiple times...

by New Member in

Inconsistent Count result

Original Search sourcetype=xxx | dedup user | timechart span=1d count(user) I found that the results are differ...

by Explorer in

Help with rex for part of a file path

Here is my path: C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log I would like to grab just the "sample.doma...

by Path Finder in

iplocation returning erronius results

Hello, we are seeing some strange results when trying to map RAS connections to our organisation.. The search i am...

by Path Finder in

How to ingest .doc format file into splunk with correct format

I am trying to ingest a doc format file into Splunk but getting it in 00\x00c\x00\x00\x00 format. Can someone help pl...

by Explorer in

include date in request - stats count

Hello, I have a problem. This is my request, it works well. index=wineventlog EventID=4624 host=wipr625a OR...

by Path Finder in

Multi Field values into Single field value

I need help in getting multiple field values into single field to compare it and get the match if any. For example...

by Explorer in

SPLUNK BOOT

The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command...

by Explorer in

Bug? Custom drilldown cannot handle question mark

Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio...

by SplunkTrust in

How to extract words and digits from a particular field

Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA...

by New Member in

How to get a numeric field extracted

I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 ...

by New Member in

Splunk querying nested log

I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? M...

by Explorer in

How to remove a duplicate from a lookup or only return one of the results?

I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning...

by Explorer in

Unable to extract value and receiving error message

What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" | rex field...

by Explorer in

extract valued of a field

Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ...

by New Member in

Dynamic multiple field and value extraction

Hello together, i use splunk the version 7.2.4.2 and had the following issue by creating a dynamic field exctratio...

by Explorer in

How to combine information to a list

Hello, I have a query to get the following lines: element ID value temp (wanted) ABC 1 false "false false false tr...

by Explorer in

Seeking help running excessive DNS queries report

Hi Splunkers. I'm not very good with writing more complicated searches so I am seeking your help. I wrote a search to...

by Path Finder in

How to join two events based on one common value?

Hi, I have two different events of data : Event 1 = mail : id_mail : 1 title_mail : test mail_srv : host1 Even...

by New Member in

How do I get a unique count with my query?

Below is a query that I am able to get a list of accounts, and the total times they each have been received. How c...

by New Member in

Table Different from Return

Hello, I don't understand why the values in my | table are different from the values in my | return.... | format comm...

by Builder in

How do we clean our multi-site replication and search factor settings?

On our cluster master I see the following - [clustering] .... mode = master multisite = true available_sites = sit...

by Motivator in

Alert - Throttling is not working for search query

Hi, I have a requirement. Please suggest how to proceed further. In the Alert need to run the search query for every ...

by New Member in

How to combine two fields with eval ?

paymenttype RefunpaymentType DEBIT DEBIT GIFTCARD PGIFTCARD ORIGINAL CREDITCARD ORIGINAL DEBITCARD I am trying ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add up the number of IPs in a row and output the count into a field within the same table

How to search against multiple elements

Inconsistent Count result

Help with rex for part of a file path

iplocation returning erronius results

How to ingest .doc format file into splunk with correct format

include date in request - stats count

Multi Field values into Single field value

SPLUNK BOOT

Bug? Custom drilldown cannot handle question mark

How to extract words and digits from a particular field

How to get a numeric field extracted

Splunk querying nested log

How to remove a duplicate from a lookup or only return one of the results?

Unable to extract value and receiving error message

extract valued of a field

Dynamic multiple field and value extraction

How to combine information to a list

Seeking help running excessive DNS queries report

How to join two events based on one common value?

How do I get a unique count with my query?

Table Different from Return

How do we clean our multi-site replication and search factor settings?

Alert - Throttling is not working for search query

How to combine two fields with eval ?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions