Splunk Search

Discussions

Thread Info

Word Count in a Url

Newbie Here ! How can I get a word count in a url? I am trying to count the number of occurrence of a word "organizat...

by New Member in

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Hi, So I'm inheriting some splunk code that I'm going through and cleaning up. It contains: rex field=source "/...

by Path Finder in

Need Particular Host "DNS-DC-01" data from metadata

I want to search "August 2018 activity on machine DNS-DC-01" Could you please help me, how to use metadata for pa...

by Explorer in

Need help in field extraction

In the below log, I need to extract genres from the log. In a single log there are multiple genres. Such as for the b...

by Path Finder in

Why doesn't my base search query work?

I wrote this base search query: host=NETWEBA* sourcetype="WinEventLog:Application" AND ApplicationSource="/jpw*" A...

by Engager in

How to build daily average (response time) with data containing hourly average and number of events per hour?

Hello Everyone, I construct a csv (output)lookup file containing the hourly average response time, the hourly numb...

by Engager in

Need to filter search to match src_user and time from one eventcode

below is what I have so far. What I need to do is match the src_user from event code 4724 and the time to events in 4...

by Explorer in

How to get transaction to ignore endswith if startswith doesn't exist

I have an issue where my transaction search finds endswith events with no startswith events. Not to go into too much ...

by Explorer in

how to transform from row to rows ?

i have data like this : used_memory free_memory total_memory used_swap free_swap total_swap 665268 6987204 7652472 0...

by Engager in

Multi search / correlate conundrum

Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puz...

by Explorer in

URGENT REQUEST: how to pull specific values from given query?

sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"...

by Path Finder in

How to extract a word from raw data in Splunk using rex

SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ,J...

by Explorer in

How to format a website/service downtime duration calculation results

Hi all, I have the below dataset for a website. Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10/2...

by Builder in

How to send a single email to multiple email id mentioned in different rows of the table

Hi All I have following table as outcome of my query :- Name lastname Emailid A D abc@gm.com, xyz@redif.com B E...

by Path Finder in

Compare two lookup tables

Hello all... I have to compare two lookup table files in splunk. One is a list of hosts that should Be logging, and t...

by Builder in

Return value based on another field using a muilti-value field

Here is my data in the table: Index Field1 Field2 1 0 A,B,C 1 -5 D,E,F 1 -10 G,H,I I have a complex query that ...

by New Member in

How to compare fields value with old fields value

I am trying to make a search that will compare the fields value with the old fields value to determine if there is an...

by New Member in

Can't MAP a host field with IN clausole in a map searching

As in object, it's a strange behaviour, i can't use an IN clausole with host field in a map search. Here's my sear...

by Builder in

Upgraded from 7.2.6 to 7.3.2, "upload lookup" shows 404 error

we recently upgrade our fairly large deployment of Splunk from version 7.2.6 to 7.3.2, and our users are unable to op...

by Splunk Employee in

What are the basics for using the Splunk search interface?

I'm new to Splunk. What are some basics I need to know about the features in the search user interface?

by Splunk Employee in

Get Saved search name details

How do I get a list of saved searches name, the user who ran it, the last time it ran and the query it ran, and who c...

by New Member in

What is Splunk Dev, and how do we use it to develop and share our own apps?

We have some use cases that we'd like to develop into Splunk apps. How do we use Splunk Dev to develop our own apps a...

by Splunk Employee in

Preview generating custom command result

Hi I want to add a generating custom command that will query one of our DBs. So I have followed the tutorials and ...

by New Member in

Show max ,minimum and average values from a pool of host machines on a chart

I have the follow search which shows the call count being made to a number of hosts every 15mins "cs_dataowner_id=...

by New Member in

Match field values of two fields

Hi, If I have a table 'X' and 'Y' , I want to be able to compare if any individual comma separated value in Y is a...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Word Count in a Url

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Need Particular Host "DNS-DC-01" data from metadata

Need help in field extraction

Why doesn't my base search query work?

How to build daily average (response time) with data containing hourly average and number of events per hour?

Need to filter search to match src_user and time from one eventcode

How to get transaction to ignore endswith if startswith doesn't exist

how to transform from row to rows ?

Multi search / correlate conundrum

URGENT REQUEST: how to pull specific values from given query?

How to extract a word from raw data in Splunk using rex

How to format a website/service downtime duration calculation results

How to send a single email to multiple email id mentioned in different rows of the table

Compare two lookup tables

Return value based on another field using a muilti-value field

How to compare fields value with old fields value

Can't MAP a host field with IN clausole in a map searching

Upgraded from 7.2.6 to 7.3.2, "upload lookup" shows 404 error

What are the basics for using the Splunk search interface?

Get Saved search name details

What is Splunk Dev, and how do we use it to develop and share our own apps?

Preview generating custom command result

Show max ,minimum and average values from a pool of host machines on a chart

Match field values of two fields

Can’t make it to .conf25? Join us online!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Index This | How many sevens are there between 1 and 100?

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!