Splunk Search

Discussions

Thread Info

How to compare two strings and find the difference

Hi all, In the middle of a search, I have two string fields, one is called A and the other B (both have the ";" as...

by Builder in

Help with rex to get a particular field

The search I am using is below and in the output for few I am getting 3 records in the filed manage. Please help me t...

by Communicator in

Event logs are related to incidents ; each log having an incident number and the state of that incident along with other attributes.

If a certain incident is in resolved/closed state I want all logs pertaining to that incident to be excluded from the...

by New Member in

Can someone clarify how the map command is supposed to work or if I have made a mistake in my search?

Hello, I am currently trying to do a search across two different sourcetypes using the map command: sourcetype=...

by Path Finder in

count of the exact match

Hi, I would want to have the count of a string (say "abcdef"). sometimes the string occurs multiple times in the s...

by Explorer in

How to group by forcing line value

Hi, I want to show how many lines contains some value even if no line return. My data : Row 1 : F1: a Row 2...

by Explorer in

How to return items dependent on occurrence

I have the data field "user" with data like: user1, user1, user2, user2, user3, user3, user3, ... How do I get/co...

by Engager in

How to bring non matching values into the same column

by Path Finder in

What is the difference in name capturing group"(?<name>)" and "(?P<name>)"?

How differences named capturing group expression between "(?<name>)" and "(?P<name>)"?

by New Member in

Wildcard * does not work with If or Case in Splunk

There are 3 different values for one particular field say field1 - "INTPAY\ITS\TD_EFT\can contain other data", "INTPA...

by Explorer in

Disble hover for charts?

Hi how to disable the hover functionality for line charts? I've tried disabling tooltips but it just hides the label-...

by Engager in

Can sampling for subsearches be used to parameterize main search?

Is there a way to set sampling for subsearches separately from the main search? For example, given a search of a huge...

by Engager in

Can Splunk pull the contents of a lookup created in a search head cluster via rest command search into a non-cluster search-head?

I created a Splunk Health Dashboard for myself on the server that runs my Monitoring Console. The MC server is not pa...

by Communicator in

Help charting or displaying multiple fields

I'm working on creating either a report with a table or a dashboard to visualize the status of my Windows Audit Polic...

by Path Finder in

Stats search in SDK: Receiving task cancelled error

Hi Team, I am trying to run stats splunk search using c# SDK and getting task cancelled error. Kindly help me on ...

by New Member in

Is there a programmatic method to list and analyze which objects/resources (indexes, macros, lookups) are used by scheduled searches?

Hello fellow Splunkies, is there a method to programatically list the objects/resources used by (scheduled) search...

by Path Finder in

Comparing two searches from separate time ranges while still having a clean chart

Hello, I am trying to compare two time windows in the same index but I would like the chart comparing them to be ...

by Engager in

How to get the earliest and latest for the last full hour

Hello, How would I set the earliest and latest to the last full hour? Example: current time 5:19 pm I want earlies...

by Builder in

getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf"

Below is the regex I am using |rex field=_raw "\d*\-\d*\s\d*\:\d*\:\d*\.\d*\s(?<Primary_Server>[^\s]+)\s*(?<Prima...

by Builder in

Search String for Connection hangs

I have been toying around with the task of identifying servers on our network with abnormal connection times . We hav...

by New Member in

How to get tstats results independent of time range

Hi All, is it possible to get list of sourcetype by host and index irrespective of time range? I just want the lis...

by Builder in

Highlight entire row in table after the row is clicked

I want to highlight an entire row in a table when its clicked. I want this to be persistent so when I click outside t...

by Engager in

Splunk query for sum of fields

Hi i have a field A B C D for example with following data A B C D 1 2 3 4 1 2 2 3 2 3 3 4 I want a result "to...

by Path Finder in

How to add a column to a stats table using rex

I'm fairly new to splunk and have just learned how to use the rex/regex. I am trying to add a column in my string sea...

by Path Finder in

How to sort table by total errors in descending order?

Hi, I have this search and basically it shows a table with the channel. Error type, total error, and the sum total o...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare two strings and find the difference

Help with rex to get a particular field

Event logs are related to incidents ; each log having an incident number and the state of that incident along with other attributes.

Can someone clarify how the map command is supposed to work or if I have made a mistake in my search?

count of the exact match

How to group by forcing line value

How to return items dependent on occurrence

How to bring non matching values into the same column

What is the difference in name capturing group"(?<name>)" and "(?P<name>)"?

Wildcard * does not work with If or Case in Splunk

Disble hover for charts?

Can sampling for subsearches be used to parameterize main search?

Can Splunk pull the contents of a lookup created in a search head cluster via rest command search into a non-cluster search-head?

Help charting or displaying multiple fields

Stats search in SDK: Receiving task cancelled error

Is there a programmatic method to list and analyze which objects/resources (indexes, macros, lookups) are used by scheduled searches?

Comparing two searches from separate time ranges while still having a clean chart

How to get the earliest and latest for the last full hour

getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf"

Search String for Connection hangs

How to get tstats results independent of time range

Highlight entire row in table after the row is clicked

Splunk query for sum of fields

How to add a column to a stats table using rex

How to sort table by total errors in descending order?

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions