Splunk Search

Ask a Question

Discussions

Thread Info

How can we show all fields, including rare ones?

I'm running - index=<indexname> | fields or index=<indexname> | fieldsummary They don't show the field...

by Motivator in

compare a time in a log file to time now

Hello splunk communitie, i am trying to make a comparison between the time in a event named Account_Expires agains...

by Explorer in

How do I filter Event Log with blacklists in inputs.conf

I'm trying to create a blacklist for several Event IDs to exclude any events with multiple user accounts. For example...

by New Member in

column in search needs to be populated by another search

I have a search that tells me if an index hasn't received data from a log on a server. This allows me to monitor the ...

by Explorer in

Help in writing eval

I have a string like ABC:BOOT3RDSUNMONTH_MAINT2_sadasdczxc1and I want to put the jobs which have boot in their string...

by New Member in

Duration between first occurence of one event and occurence of another event

I want to get the duration between two different events. In a simplified structure my events have a timestamp and a s...

by Engager in

How to drilldown in pie chart based on the selection made

Hi , I have a pie chart with different dataservices and its size percentage. I am trying setup drilldown for each ...

by Communicator in

Same Column Value Difference

C1 C2 A 12 A 120 B 45 B 78 C 98 C 90 D 0 D 86 how to find difference in values of C2 for every same C1 value

by Contributor in

Conditional find and replace

Hello, I have a question on a conditional find and replace. I have a query that calculates a mean for the differen...

by Communicator in

Want to display count as zero in statistics when there is no events for a IP.

index=bc cs_host="collector" NOT 10.xx,xxx.121 c_ip=10.xx.xxx.233 OR c_ip=10.xx.xxx.234 OR c_ip=10.xx.xxx.248 OR c_ip...

by Explorer in

How do I edit my search to compare a list of IPs from a lookup to IPs in firewall logs?

I'm still new to Splunk and trying to figure out the correct syntax for lookups. My goal is to compare a list of k...

by Explorer in

extract multi valued field

HI everyone, the filed containst two values. one in each line. fieldname = value1 value2 How can we exlude t...

by Communicator in

How TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP TABLE

Hi All, I have drafted a splunk query (splunk versin 6.6.2 ) which gives certain fields and i tabulated those fiel...

by New Member in

Count values in multivalue field encoded as a string

I have the following entry in several of my events: puppy_name = "Scout Windixie Spot" If it's not obvious alr...

by Path Finder in

Search failing and not returning all results in Statistics

My search does not complete even after giving it an over hour. The progress bar is all the way at the end, and it tel...

by Path Finder in

Join 2 search results where common field has multivalues in one search to display in single table

Trying to Join 2 search results (where the common field has multivalues in one of the searches) to display in single ...

by New Member in

Basic Query using Dates

We have indexed fields like the following: fname (a-z*) lname (a-z*) pdate (name_month day year) policy ( stron...

by Loves-to-Learn in

How to replace specific field value?

I am trying to replace a specific field. I have a table that is like: Name Street Zip Note John Wall 123 hello . ....

by Communicator in

How to fetch the values from log using regular expression?

Hi Team, Need your help on below search: I'm spitting something like this in the log: My Test Data|My Test I...

by Engager in

makemv not working

I have the following single-value field (that really should be a multi-value field): puppy_name="Spot Dexter Jake"...

by Path Finder in

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

The log entry I have has: Message=DNS query is completed for the name my.big.server.name.com, type 28, query optio...

by Path Finder in

Unable to get PREAMBLE_REGEX to work

Hi, I have a csv file with headers, and a preamble. I already have the fields being discovered, but I'm unable to ...

by Champion in

How do I add fields from a lookup table to my search event?

I have a lookup table geo-lookup.csv which has data in the format: IP, Coordinates, Location. My search has the fi...

by Path Finder in

Search results for sparkline null despite there being event values

I'm trying to create a sparkline following the magnitude example from https://docs.splunk.com/Documentation/Splunk/7....

by New Member in

How to extract string after special character

Hello everyone, I have a simple question about rex, I have not been successful. I have a string: "bllablla_t...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can we show all fields, including rare ones?

compare a time in a log file to time now

How do I filter Event Log with blacklists in inputs.conf

column in search needs to be populated by another search

Help in writing eval

Duration between first occurence of one event and occurence of another event

How to drilldown in pie chart based on the selection made

Same Column Value Difference

Conditional find and replace

Want to display count as zero in statistics when there is no events for a IP.

How do I edit my search to compare a list of IPs from a lookup to IPs in firewall logs?

extract multi valued field

How TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP TABLE

Count values in multivalue field encoded as a string

Search failing and not returning all results in Statistics

Join 2 search results where common field has multivalues in one search to display in single table

Basic Query using Dates

How to replace specific field value?

How to fetch the values from log using regular expression?

makemv not working

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

Unable to get PREAMBLE_REGEX to work

How do I add fields from a lookup table to my search event?

Search results for sparkline null despite there being event values

How to extract string after special character

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!