Splunk Search

Discussions

Thread Info

Join 2 search results where common field has multivalues in one search to display in single table

Trying to Join 2 search results (where the common field has multivalues in one of the searches) to display in single ...

by New Member in

Basic Query using Dates

We have indexed fields like the following: fname (a-z*) lname (a-z*) pdate (name_month day year) policy ( stron...

by Loves-to-Learn in

How to replace specific field value?

I am trying to replace a specific field. I have a table that is like: Name Street Zip Note John Wall 123 hello . ....

by Communicator in

How to fetch the values from log using regular expression?

Hi Team, Need your help on below search: I'm spitting something like this in the log: My Test Data|My Test I...

by Engager in

makemv not working

I have the following single-value field (that really should be a multi-value field): puppy_name="Spot Dexter Jake"...

by Path Finder in

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

The log entry I have has: Message=DNS query is completed for the name my.big.server.name.com, type 28, query optio...

by Path Finder in

Unable to get PREAMBLE_REGEX to work

Hi, I have a csv file with headers, and a preamble. I already have the fields being discovered, but I'm unable to ...

by Champion in

How do I add fields from a lookup table to my search event?

I have a lookup table geo-lookup.csv which has data in the format: IP, Coordinates, Location. My search has the fi...

by Path Finder in

Search results for sparkline null despite there being event values

I'm trying to create a sparkline following the magnitude example from https://docs.splunk.com/Documentation/Splunk/7....

by New Member in

How to extract string after special character

Hello everyone, I have a simple question about rex, I have not been successful. I have a string: "bllablla_t...

by New Member in

Searchbar Timeline - Change color if certain eventtype is located

Hello Splunk experts: In my organization, we trying to figure out of it's possible to customize the searchbar time...

by New Member in

Compare Two Different Fields in a Multisearch

I am trying to obtain a list of ids for orders that were abandoned/forgotten and never received a submit. I have a mu...

by Explorer in

Unable to draw timechart

I have a query that accumulates the total count for host over a 6 period of month. Now when I am trying to draw time ...

by New Member in

How to calculate the AVG of bytes_in per clientip?

Hi With this SPL, I have the average session time of each clientip in a web page. But I do not know how to put the...

by Communicator in

how to compare a field value with next whole column and fetch the result in next column?

for example, Col A Col B Col C apple apple apple orange apple orange pineapple orange pineapple grapes pineapple g...

by New Member in

How to fetch results to a table whose columns are sorted by date AND a timeframe of that date?

I have a test that I run between 1am and 6am each night. I am able to fetch the results for the last 21 days using th...

by Path Finder in

join between 2 lookups and using a date/time field that is not splunks default

I need to create a trend chart between 2 lookups which shows a difference between total closed and total opened. I ha...

by Communicator in

Why can't I push my data to a lookup table from a button?

Hi, I am trying to push data to a lookup table from a button. <html> <button class="btn" data-token-...

by Influencer in

Howto display search result matching a keyword and few line before and after the keyword matched

Hello, I've this specific requirement for log search when matching a keyword, the result show display the matched ...

by Path Finder in

Want to extract "component","environment" & "componentType" and there corresponding value in table format.

I have the following log output and I want to extract "component", "environment" & "component type" and their corresp...

by Path Finder in

SAP ETD integration with Splunk with hTTP event collector

we receive error 400 when we try to send the logs from SAP ETD over HTTP event collector to splunk. Does any one h...

by Communicator in

Totally Disable Search head Clustering

I have 2 nodes in my Search Head cluster and want to disable the Search head Clustering fully. I have a deployer also...

by Builder in

Why is the JSON index field extraction failing with large events (> 10k bytes)?

I'm using indexed field extraction to ingest JSON data over the HTTP Event Collector. It works great. Except, onc...

by Explorer in

How to append search result with top 100 results?

I will try to explain my issue in the easiest possible way. I have a result of a search that looks like this: n...

by Path Finder in

Subset Search using in original search

Hi Guys, Problem Statement : i would want to search the url events in index=proxy having category as "Malicious So...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Join 2 search results where common field has multivalues in one search to display in single table

Basic Query using Dates

How to replace specific field value?

How to fetch the values from log using regular expression?

makemv not working

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

Unable to get PREAMBLE_REGEX to work

How do I add fields from a lookup table to my search event?

Search results for sparkline null despite there being event values

How to extract string after special character

Searchbar Timeline - Change color if certain eventtype is located

Compare Two Different Fields in a Multisearch

Unable to draw timechart

How to calculate the AVG of bytes_in per clientip?

how to compare a field value with next whole column and fetch the result in next column?

How to fetch results to a table whose columns are sorted by date AND a timeframe of that date?

join between 2 lookups and using a date/time field that is not splunks default

Why can't I push my data to a lookup table from a button?

Howto display search result matching a keyword and few line before and after the keyword matched

Want to extract "component","environment" & "componentType" and there corresponding value in table format.

SAP ETD integration with Splunk with hTTP event collector

Totally Disable Search head Clustering

Why is the JSON index field extraction failing with large events (> 10k bytes)?

How to append search result with top 100 results?

Subset Search using in original search

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions