Splunk Search

Ask a Question

Discussions

Thread Info

How can i disable the search that opens when i click on chart?!

Hi I created a chart panel in a dashboard. The panel is based on an sql query. Everytime i click on the chart it sel...

by Engager in

Updating a lookup table with new row ?

Hello All, I have an existing lookup file newlookupfile.csv. I'm trying to update the lookupfile with new row. I ...

by Path Finder in

Can you help me write a regular expression

Need to extract Insurer , User , Dealer name 2019-11-01 06:54:20 W3SVC4 AUSYD11AS90 172.29.5.28 GET /Areas/Framew...

by Path Finder in

How to set up alerts with multiple fields with different thresholds

Trying to setup up an alert with multiple fields extracted through Field. For example A,B, C etc and each having a...

by Explorer in

How to improve performance of stats sum

Hi I want to improve my search for better search performance, please find the attachment enclosed.![alt text

by Communicator in

検索結果の指定フィールド列で別ソースタイプを検索し結果を右列に追加する方法について

お世話になります。サーチ文の書き方についてご教示ください。まず、以下の検索結果を出しています。・サーチ文「soucetype="test1" | table host, user, state」・サーチ結果 －－...

by New Member in

Problem extracting fields from auto extracted field

Hello, I have events in the following format: 20/08/19 16:34:17 login1 command RunAsUsers="web,tomcat,embed" ...

by Path Finder in

How to append data to a lookup without overwriting anything AND also not adding duplicate data entries into the lookup?

Hi guys, I was wondering if anyone knew of a method of appending data to a lookup, but not overwriting anything i...

by Communicator in

Splunk to verify splunk query results

I have created an alert which basically checks the occurrence in particular keyword in two log files , however there ...

by Path Finder in

How to join two searches on a common field where the value of the left search matches all values of the right search?

I need to join two searches on a common field in which I want a value of the left search matches all the values of th...

by New Member in

How to continue with last known value on a simple timechart

Simple search to look at the battery status on my UPS: UPS_BATT | timechart max(UPS_BATT) span=1m But the UPS_...

by Engager in

Searching string with patterns

Hi, I would want to search for all results for this specific string pattern 'record has not been created for id XXXXX...

by New Member in

After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr

Have a search with many subsearch and append command like below pattern. | makeresults | eval abcd="acded" | app...

by Splunk Employee in

si versus collect

Hi, Is there any benefit to using the old method when using summary indexing? Basically I would like to the know d...

by Explorer in

Sum to have a value as zero in case not found

Hi All, I have some search criteria followed by stats as: Search ns=app1 Error | stats sum(eval(AcctNo="'100039...

by Explorer in

How to display details in table

I need to display a table with 4 columns and date is like this: Colum A Col B Col C Col D x ...

by Path Finder in

Search to filter data

Hi, Can I write my search as: index=idx1 host != (a,b,c) | stats count by host The thing is I want to filter s...

by Explorer in

Macro with tsats query returns no results.

I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When...

by Communicator in

Help removing strings after a certain string with Rex

I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3" ...

by Path Finder in

Exclude a specific date/time of data from an overall average

I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. ...

by Explorer in

Does fields break streamstats?

I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (L...

by Contributor in

How to remove stats list limits that result to 100 despite count=0?

In a search executed via Python SDK, the stat list truncates results to 100 results, despite the fact that count=0. ...

by Path Finder in

How to creat named field with regular expression

Hi Team, I would like to create a named field to filter Ethernet port numbers. My expression: \beth\d*(?:-\d+)*(?:...

by Explorer in

How to create named fields with regular expression

Hi Team I need to filter logs to catch switches port numbers. I use Splunk Cloud, my expression: \beth\d*(?:-...

by Explorer in

Need to remove particular character from a field value

Hi Ninjas, I have the following values for host name field . appra94a0350 appra92a0350 appra84a0201 appra25a020...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can i disable the search that opens when i click on chart?!

Updating a lookup table with new row ?

Can you help me write a regular expression

How to set up alerts with multiple fields with different thresholds

How to improve performance of stats sum

検索結果の指定フィールド列で別ソースタイプを検索し結果を右列に追加する方法について

Problem extracting fields from auto extracted field

How to append data to a lookup without overwriting anything AND also not adding duplicate data entries into the lookup?

Splunk to verify splunk query results

How to join two searches on a common field where the value of the left search matches all values of the right search?

How to continue with last known value on a simple timechart

Searching string with patterns

After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr

si versus collect

Sum to have a value as zero in case not found

How to display details in table

Search to filter data

Macro with tsats query returns no results.

Help removing strings after a certain string with Rex

Exclude a specific date/time of data from an overall average

Does fields break streamstats?

How to remove stats list limits that result to 100 despite count=0?

How to creat named field with regular expression

How to create named fields with regular expression

Need to remove particular character from a field value

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!