Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to replace the string with the other string in a token?

I have a multiselect fied with $team_name$ with Team A, Team B, Team C fields If I select Team A and Team B in mul...

by Explorer in

Does anyone have an example of a custom alert action script that uses a bash script?

All the ones I ever see is Python. I need one that uses a bash script.

by Communicator in

optimize lookup search

I have a lookup file with 50,000 records. When I want to do a search, it takes a lot of time to find my results. Is t...

by New Member in

How to find top 20 results and then do a subsequent search?

I need to find out the Top 20 sites within my sourcetype and then from there be able to do further analysis on other ...

by Explorer in

How to extract a field that returns after a line_breaker

Hello, We are trying to split a nested json message into seperated events. As we not wish to use the spath functi...

by Explorer in

Adding Color as a 4th Dimension to Bubble Chart

Hi; I'm messing around with the new Bubble Chart Feature and it is almost doing everything I want but coloring. He...

by Path Finder in

Find orphaned transactions in a series

I have the data in the following format Msg Id Event Timestamp ( Format Example) 123 A 24/06/2019 10:02 123 B 24/...

by New Member in

How to create a regex to match URL ending with file extension to detect file downloads?

I am trying to write a regex which will detect/match URLs ending with 2, 3 & 4 letter file extensions (eg - .py, .txt...

by New Member in

How to create Splunk Alert based on custom condition?

New to Splunk, can anyone please help me with the below scenario? I am receiving events like below: Event La...

by New Member in

How to increase elastic search timeout?

Sometimes my search gets fail and unable to fetch data because of below error: ConnectionTimeout at "/opt/splunk/e...

by Explorer in

How to get an alert if the specific search takes more than 10 min?

Ex: "Acquired" is a keyword. This keyword is getting for every minute. I have to get alert if this keyword is not g...

by Explorer in

How do I export extracted fields for use in another app?

I am creating two apps that use the same data (weird,I know, but I am testing something in my environment). I've buil...

by Explorer in

How to create a search that lists all fields? (and data validation question)

Hi, I am looking to create a search that allows me to get a list of all fields in addition to below: | tstats coun...

by Contributor in

How to create a search for Server Uptime for Windows & Linux in Splunk?

I need a Splunk search for finding server uptime for Windows and Linux index= linux sourcetype=cpu

by New Member in

How to correlate events from three sources based on time condition

I have one index which have events from 3 different sources (A, B & C). The value of CELL, CALLERNO & CALLEDNO are th...

by New Member in

How to create a search based on multi-value fields

I am new to Splunk, currently working on a Shift roster. There are 3 teams and 3 members in each team(totally 9 membe...

by Explorer in

How to configure source_type to regex value?

I'm using a Universal Forwarder and want Splunk to return source_type as what's defined for source within the monitor...

by Explorer in

API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone?

How can I specify Splunk to return dates with a UTC or GMT offset rather than a time zone abbreviation? Right now I g...

by Path Finder in

How to multiply column values?

The way I do this in excel is by using the formula "=PRODUCT(C2*C3*C4*C5)" How can I do that in Splunk? Ideally, I...

by Path Finder in

Is there a way to add an extra row based on a pre-defined list of stores if the stores don't exist in the search results?

I've searched around and I've been having a hard time finding an answer to this probably due to how I'm phrasing the ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to replace the string with the other string in a token?

Does anyone have an example of a custom alert action script that uses a bash script?

optimize lookup search

How to find top 20 results and then do a subsequent search?

How to extract a field that returns after a line_breaker

Adding Color as a 4th Dimension to Bubble Chart

Find orphaned transactions in a series

How to create a regex to match URL ending with file extension to detect file downloads?

How to create Splunk Alert based on custom condition?

How to increase elastic search timeout?

How to get an alert if the specific search takes more than 10 min?

How do I export extracted fields for use in another app?

How to create a search that lists all fields? (and data validation question)

How to create a search for Server Uptime for Windows & Linux in Splunk?

How to correlate events from three sources based on time condition

How to create a search based on multi-value fields

How to configure source_type to regex value?

API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone?

How to multiply column values?

Is there a way to add an extra row based on a pre-defined list of stores if the stores don't exist in the search results?

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

How to replace all "confusable" characters in fiel...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...