Splunk Search

Discussions

Thread Info

Predict error in time chart

I'm working on a query that predicts GB growth, I keep getting "command="predict", Unknown field after eval". Here is...

by Path Finder in

Populating dashboard panel with data from drilldown or multiselect token

In my dashboard, I have the user select a server and then a line chart displays of application crashes on the selecte...

by Explorer in

Value that may or may not be there in field extraction

I am attempting to setup an exctraction for the following; 2 hrs 2 mins 36 secs 312 ms; extracting it as the time val...

by Contributor in

Extract key-value pairs

I'm trying to extract the key-value pairs from an Untangle firewall log ( syslog ), but the Regex example I found on ...

by New Member in

Timespan single value by day excluding yesterday, but maintaining the entire 24 hour count of yesterday and the previous days

All I want to do is display a single value of yesterdays entire 24 hour count compared to that of the previous day/ye...

by Path Finder in

display count of hostnames in first day of week have last_seen>30 days

for 08.07.19 count number of hostnames that have last_seen > 30 days for 01.07.19 count number of hostnames that have...

by New Member in

How to create a rate on a timechart with two measures?

Works just fine | timechart count by orderLineState | eval cancelRate=round((cancelled/(cancelled+released))*100...

by Engager in

How to indicate different period of search date after eval command ?

I have different case: | eval this_week = case(last_seen < strftime(relative_time(now(), "-mon"), "%Y-%m-%dT%H:%M:...

by New Member in

How can I tally a value that represents usage in 3 letters and get the number of events that have each?

I have a field lets call it usage that can up to 3 of these letters (b, n, e) i.e. all possible logged permutations w...

by New Member in

How to extract the single field with the multiple values?

Hiiii How to extract the single field with multiple values? Like status is active, failed, cancelled, deactivated, fo...

by Explorer in

Rex for cef event and create field alias accordingly

sample CEF: May 20 20:44:51 10.XX.XX.XX May 20 2019 20:44:51 avcm02.com CEF:0|AV|Control Manager|7.0|BM:1000|Beha...

by Observer in

converting an triming field values

I need to to convert this field in to a number and remove the $ capacity_gb = $8,191.75, I've tried eval to num and c...

by Path Finder in

How to use tstats to show unique list of hosts for a specified index?

Hi, I'm using this search: | tstats count by host where index="wineventlog" to attempt to show a unique list of hosts...

by Communicator in

Stuck on Merge splunk.com accounts page

I must have two accounts associated with my e-mail address. I am stuck on the page stating that I should merge them. ...

by Engager in

Top 10 per group

Is there a way to get the top 10 count for a number of groupings eg: Col1 Col2 Count G1 SG1 10 G1...

by Path Finder in

Combining details from two log entries into one table under common ID

Hello Comminity, Here goes the more detailed descrition 2019-07-12 11:19:55.519 [VDI111][Process1][Info] msg=re...

by New Member in

LDAP server warning: Insufficient access

Hello , I have a connexion problem between Splunk and the LDAP. Please find below the log that i have continuousl...

by New Member in

Is there any option in Splunk to run a search in a loop?

Hi All, Good morning, Is there any option in Splunk to run a search in a loop? Basically what I want to say is I h...

by Path Finder in

help on where command which returns wrong results

hello I have an issue with the the tonumber command When I execute the query below and even if I specify that I w...

by Motivator in

I have a seach command but i need to remove the percent column

I have a command that gives me the correct info what i want which is (eventtype="wineventlog_system") source="inEven...

by New Member in

Lookup more than one column in Lookup Table

I want to return descriptions I have in a lookup table. The description corresponds to a code in my Events list. Howe...

by New Member in

How do you use rex's max_match option?

At search time, I want to extract multivalued fields. The docs for rex say to use the max_match option. Example: ...

by Path Finder in

Field Extraction matching not working but works only with wildcard

Strange problem but couldn't find the root cause. Just checking if anyone of you have come across similar? Sample ...

by Super Champion in

modify date of search

how to modify time after a search, for example i search something on thirst day of week (08 date) and after i would l...

by New Member in

AS400/ Iseries DB connectivity issue

When I am connectivity Splunk DB connect with DB2 (AS400) platform, getting below error. The JDBC driver files db2jc...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Predict error in time chart

Populating dashboard panel with data from drilldown or multiselect token

Value that may or may not be there in field extraction

Extract key-value pairs

Timespan single value by day excluding yesterday, but maintaining the entire 24 hour count of yesterday and the previous days

display count of hostnames in first day of week have last_seen>30 days

How to create a rate on a timechart with two measures?

How to indicate different period of search date after eval command ?

How can I tally a value that represents usage in 3 letters and get the number of events that have each?

How to extract the single field with the multiple values?

Rex for cef event and create field alias accordingly

converting an triming field values

How to use tstats to show unique list of hosts for a specified index?

Stuck on Merge splunk.com accounts page

Top 10 per group

Combining details from two log entries into one table under common ID

LDAP server warning: Insufficient access

Is there any option in Splunk to run a search in a loop?

help on where command which returns wrong results

I have a seach command but i need to remove the percent column

Lookup more than one column in Lookup Table

How do you use rex's max_match option?

Field Extraction matching not working but works only with wildcard

modify date of search

AS400/ Iseries DB connectivity issue

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!