Splunk Search

Thread Info

Expand button in tables

Hi all, I tried finding my answer in the existing topics, but I couldn't find it. So I created my own topic. Maybe...

by New Member in

Problem with optimization of the regex: limits.conf

Hi I have a problem with the error message of the Splunk: Error in 'rex' command: regex="(?ms)]+^\s\" has exceeded co...

by Contributor in

How to delete unwanted special characters in alphanumeric string?

I have a string as below, I need to delete the below special character and make the below as a single value. 123as...

by Explorer in

Generating custom command not streaming output

I have created following custom command: @Configuration(streaming=True) class GenerateTextCommand(GeneratingComman...

by Explorer in

Comparision of two fields Splunk

Hi , Suppose I write a query and if say I have a field (A) and field (B) A B 1 1,3,4,5,8,9,10 5 1,3,4,5,8,9,10 ...

by New Member in

Search that Alerts for two events with a matching field

Hi I'm new to Splunk and am having a hard time finding a simple solution to this. I tried using subsearch and append...

by New Member in

Regex for fields

Hi All, can you please help in extracting three fields from below data using regex Name code Type Below are three ...

by Path Finder in

Help with regex to extract words before column"

Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 9999: ...

by Path Finder in

How to use self join

Hi All, I have table in which I have columns such as name, id, type, business group etc type field has 2 values 'user...

by Path Finder in

largest single day result in a 90 day period

I have a search to find total ingest into splunk, which i can run for a day or against a longer period by using the t...

by Path Finder in

Field extraction based on position of character

Hi, I have field that gives me NETBOS of a Host. Sample Host Name: 123456W12345678 The 7th character makes t...

by Builder in

How to pass values from previous search into map search

Hello all, my search is below: index=tcxelevate_webpos registerType=kioskBridge registerNbr=* countryCode=US tagNa...

by Explorer in

Help creating a search for events when a field value changes

Is there a Splunk search idiom that I can use to get all the events in a dataset whenever a particular field value A ...

by Engager in

Splunk regex error: Missing terminating ] for character class

Hey Splunkers, Noob. Trying to only retrieve the log names (ex. utility.log) after the last slash blah\blah\bla...

by Communicator in

Can I pass a time/date into the "latest" time modifier

I have a search created that alerts when a user has used remote desktop to log into a domain controller. It works spl...

by Explorer in

Typing and Index queue shows 100%

I have noticed that Splunk is running relatively slow as of recently and found that the typing queue and indexing que...

by Explorer in

How to reduce the width of bars in column chart?

I have plotted a column chart. I need to reduce the width of bars. I have tried with "columnSpacing" and "param". Bot...

by Explorer in

can we give colors in Geostats based on ranges of some value?

Hi. Can we use rangemaps to give colors to the charts in the geostats map. I am having some range values. they sho...

by Contributor in

Cannot sum two numbers

I have the following problem: I have a variable "number_of_past_events" which comes from a "| inputlookup file.csv" a...

by Path Finder in

Using span option with timechart causes incorrect column names.

Splunk Ver : I tested in 7.3.0 and 6.6.12. Timezone : I don't know if it’s relevant to this problem, but it is JST ...

by Builder in

Using timechart earliest/latest with lookup files

Hi all, I've created a _time field and timechart works for me, but the earliest/latest command does not. Here is m...

by Explorer in

How to reduce the width of bars in column chart?

I have plotted column chart. I need to reduce the width f bars. I have tried with "columnspacing" ,"param". Both are ...

by New Member in

How do you find the percent of each srcip within a stats command?

base search | stats values(srcip) as Source count by catdesc Above is my search. The results now yield each catego...

by Explorer in

help on if condition for results = 0

hello In a panel table, I need to display every key_path even if the key_path result = 0 I have done an if conditi...

by Motivator in

search on variable

I have a dashboard where I select the type of item I want to look for in an IIS log. What I look for is a regular exp...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Expand button in tables

Problem with optimization of the regex: limits.conf

How to delete unwanted special characters in alphanumeric string?

Generating custom command not streaming output

Comparision of two fields Splunk

Search that Alerts for two events with a matching field

Regex for fields

Help with regex to extract words before column"

How to use self join

largest single day result in a 90 day period

Field extraction based on position of character

How to pass values from previous search into map search

Help creating a search for events when a field value changes

Splunk regex error: Missing terminating ] for character class

Can I pass a time/date into the "latest" time modifier

Typing and Index queue shows 100%

How to reduce the width of bars in column chart?

can we give colors in Geostats based on ranges of some value?

Cannot sum two numbers

Using span option with timechart causes incorrect column names.

Using timechart earliest/latest with lookup files

How to reduce the width of bars in column chart?

How do you find the percent of each srcip within a stats command?

help on if condition for results = 0

search on variable

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...