Splunk Search

Ask a Question

Discussions

Thread Info

Charts over X-days

Good Day Team, I started reading on Splunk today and I have began my exercises. I am stuck on how to generate char...

by Explorer in

Timechart values using an eval field

Hello all, I have a search that goes like this: index="_internal" (ticket_type="Incident") (classification="le...

by Path Finder in

How to search values from stats to output other stats

Hi, I'm new to Splunk and I'm trying to make the following search work: Search: | >= 50 document queries fro...

by Engager in

How to change alignment of String to right side

Hi splunkers, After generating the table the columns having string datatype will automatically aligned to left sid...

by Contributor in

How to list all sourcetypes

I am trying to list all sourcetypes in an index using dc Using index="test" | stats dc(sourcetype) as sourcetypesonly...

by Path Finder in

Only one value from subsearch being used by parent

I would like all the results from a field extraction in search "A" to be used as search criteria in search "B". I am ...

by New Member in

How to use regex to look for hosts from /24, /25, and /26 subnets?

I have a dozen /24 subnets that I am looking to find any IP addresses on that subnet in my search as well as a addres...

by Explorer in

How to calculate a value from 2 different sources?

I am pretty new to splunk. It would be great if someone can help me with a search command. I have productId as one of...

by Engager in

How to merge 2 fields and get unique value

We have prod and non prod events and trying to display the environment names in dashboard. The prod events contain ho...

by Path Finder in

Can one do less than greater than comparisons from fields in a lookup table?

I have a lookup table that is composed of beginning IP and ending IP addresses for a location and the name of the ass...

by New Member in

Count of repeated expression in a field

Below is sample field value Response : UX 189000055 - RESPONSE1, BB 10437470 - RESPONSE1, AB 11123345 RESPONSE2 If...

by New Member in

Displaying logs last x days for every month

Not displaying logs more than the last 3 days. This pattern is the same for the last months as well. for example. ...

by New Member in

Finding the Duration between two timestamps

I am currently attempting to create a query that returns the Name of the job, Begin Time, Finish Time, and Duration. ...

by Engager in

How to increase the maximum number of concurrent historical searches?

Splunk warns that: The system is approaching the maximum number of historical searches that can be run concurrentl...

by Communicator in

Help with field extraction regex

- com.texh.servers.policy.assertion.ServerAuditDetailAssertion: com.texh.log.custom.Applications: com.texh.log.custom...

by Path Finder in

Field Extraction: Regex global flag/modifier

Hi Splunkers, I know that it is possible to match multiple times using rex (using max_match=0). Can I apply the...

by Explorer in

Need help to speed up a search

the below search is what I have working now to see what users are not in the first event code. index="wineventlog...

by Explorer in

Expand button in tables

Hi all, I tried finding my answer in the existing topics, but I couldn't find it. So I created my own topic. Maybe...

by New Member in

Problem with optimization of the regex: limits.conf

Hi I have a problem with the error message of the Splunk: Error in 'rex' command: regex="(?ms)]+^\s\" has exceeded co...

by Contributor in

How to delete unwanted special characters in alphanumeric string?

I have a string as below, I need to delete the below special character and make the below as a single value. 123as...

by Explorer in

Generating custom command not streaming output

I have created following custom command: @Configuration(streaming=True) class GenerateTextCommand(GeneratingComman...

by Explorer in

Comparision of two fields Splunk

Hi , Suppose I write a query and if say I have a field (A) and field (B) A B 1 1,3,4,5,8,9,10 5 1,3,4,5,8,9,10 ...

by New Member in

Search that Alerts for two events with a matching field

Hi I'm new to Splunk and am having a hard time finding a simple solution to this. I tried using subsearch and append...

by New Member in

Regex for fields

Hi All, can you please help in extracting three fields from below data using regex Name code Type Below are three ...

by Path Finder in

Help with regex to extract words before column"

Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 9999: ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Charts over X-days

Timechart values using an eval field

How to search values from stats to output other stats

How to change alignment of String to right side

How to list all sourcetypes

Only one value from subsearch being used by parent

How to use regex to look for hosts from /24, /25, and /26 subnets?

How to calculate a value from 2 different sources?

How to merge 2 fields and get unique value

Can one do less than greater than comparisons from fields in a lookup table?

Count of repeated expression in a field

Displaying logs last x days for every month

Finding the Duration between two timestamps

How to increase the maximum number of concurrent historical searches?

Help with field extraction regex

Field Extraction: Regex global flag/modifier

Need help to speed up a search

Expand button in tables

Problem with optimization of the regex: limits.conf

How to delete unwanted special characters in alphanumeric string?

Generating custom command not streaming output

Comparision of two fields Splunk

Search that Alerts for two events with a matching field

Regex for fields

Help with regex to extract words before column"

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!