Splunk Search

Discussions

Thread Info

Earliest_time and Latest_time

Hi all, I am trying to use Earliest_time and Latest_time in splunk query in order to simulate the REST API (running ...

by Contributor in

Need rex help with URL

Hi I have this rex I'm trying to filter on for any URL that points to file extensions that have two or more extension...

by Path Finder in

Extract date (timestamp) from raw data and source field

Hi my events looks like- 31,04:56:47:928, abc:0xabc, 49.716720, -59.271553,197 30,04:56:47:928, abc:0xabc,...

by Builder in

Help with regular expression

Hi, all I would like to create a mechanism that generates an alert when a regular expression extracted matches. ...

by Path Finder in

Can not get rid of a blank field.

Hello fellow Splunkers, I am having this problem where i can not get rid of a field that shows up blank with no i...

by Contributor in

手動サーチとアラート結果が異なる

Lookup tableを使用して手動サーチを行った結果と、同様のサーチコマンド、検索範囲を使用してアラートメールを飛ばした際の結果が異なるのはなぜでしょうか。

by New Member in

Trimming one double quote from beginning of matching field values

Hi, I have a field name "Software" in my search results. Field values are: "Java Development Kit 1.5 "Java Deve...

by Builder in

Comparing fields when extracting the field from the source

Evening all, Ive been at this for a couple of days, and although I have built the rest of the search I still cant...

by Path Finder in

How to count a number of keys in json object for each event?

Hi, I am trying to create a table witch show number of fields in json object: Event example: { "project": ...

by New Member in

Add second value to Single Value panel

We've setup a new Splunk dashboard and I'm looking to improve the trend graphs/panels. We now have three panels ea...

by Engager in

How to multiply a field count by the field value?

We have a field whose values change called received_files. The values could be any integer. I need to take these valu...

by New Member in

Metrics vs Events

Is there a way to use the results of a metrics search as a field value(s) for an event search? For example, a spe...

by Explorer in

Change splunk URL

Hi all, Splunk search head web url is set to https://hostname:8000 Is there a way to change it to just https://...

by Path Finder in

Regex to print 7th word of a one if a particular condition is met

Hi , below is the sample data : 12:10:32,946 INFO [class_name] [IP address] [id1] [-] [null,null,null,null,nu...

by Path Finder in

What does "action.logevent.ttl" value represent?

Been running into issues with alerts living on way past they are supposedly expired, filling up our dispatch director...

by Contributor in

How to highlight table cell based on few conditions?

Hello i have a table with multiple fields but i want to highlight only few of them based on some conditions: the rele...

by Communicator in

How to trend data over backlog data with input lookup

I have the below query which updates from an input lookup but what I want is trend data that shows what the total amo...

by Communicator in

Extend table visualization with new properties to initialize table header with default sort order?

With apologies, I'll admit to being lazy asking this question. @niketnilay has already provided an answer to my simil...

by Builder in

Ingesting files with a .bak extension

Hi Splunkers. We have an application which roles over logs and renames them to have a .bak extension. I've been h...

by Path Finder in

How to use eval to group dates?

I have 4 columns of data: Country City Date Price I want to make a table where the Price column is is...

by Engager in

crcsalt query

I have some CSV files indexed via splunk. I have noticed that files are getting indexed daily even though there is no...

by New Member in

Guru Needed: I need to find a way to compare files and then create triggers when files are changed/modified etc.

Sorry in advance this is such a long post so I'll try describing this in a sentence or two in case this is so easy yo...

by Explorer in

work with the versions of the csv

Hi Is it possible to work with the versions of the csv files every time it is modified in the Lookup Editor app wi...

by Loves-to-Learn in

'How do I use regex in Splunk to pull out numbers and decimals and not letters;?

For instance: the results have 01.2.3 and ABC5. How do I only pull out 01.2.3?

by New Member in

How to create a column chart with line chart

I need to make a chat similar to the following picture base on the data below. The column chart should show 2 column...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Earliest_time and Latest_time

Need rex help with URL

Extract date (timestamp) from raw data and source field

Help with regular expression

Can not get rid of a blank field.

手動サーチとアラート結果が異なる

Trimming one double quote from beginning of matching field values

Comparing fields when extracting the field from the source

How to count a number of keys in json object for each event?

Add second value to Single Value panel

How to multiply a field count by the field value?

Metrics vs Events

Change splunk URL

Regex to print 7th word of a one if a particular condition is met

What does "action.logevent.ttl" value represent?

How to highlight table cell based on few conditions?

How to trend data over backlog data with input lookup

Extend table visualization with new properties to initialize table header with default sort order?

Ingesting files with a .bak extension

How to use eval to group dates?

crcsalt query

Guru Needed: I need to find a way to compare files and then create triggers when files are changed/modified etc.

work with the versions of the csv

'How do I use regex in Splunk to pull out numbers and decimals and not letters;?

How to create a column chart with line chart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!