Splunk Search

Discussions

Thread Info

How to create a regex field extraction for the last occurence for a specific text?

Hi, We have attached log file.link text The whole log file contains in one single event in splunk. Now, I need to ...

by Contributor in

Issue with time format calculation

Hi The request below is working but I have an issue on the NbDaysLogon and NbDaysReboot calculation. As you can see, ...

by Motivator in

stats command not working as expected

hello i have this query that calculated gaps between events. im trying to get the source file of the events that was ...

by Communicator in

How to use timepicker from a CSV lookup?

I found the similar post here, but the solution doesn't seem to be working. I have a CSV file with a timestamp field ...

by Communicator in

How to match events from 3 different sources?

I have one index with events from 3 different sources. I want to match one field of 1st source with other 2 source's ...

by New Member in

Table fields as variable

Is there anyway to pass a variable to the table command? Basically, I have field1, field2 and field3 from my search. ...

by New Member in

Question on left join

I'm not sure why is my left join not working. I'm sure that my results will be than 50000 records. kindly assist m...

by Explorer in

Why dont some panels in Splunk give the default zoom in and reset zoom behavior while others can?

I have a dashboard panel with volume(count) along the y axis and application name along the y axis. I try to zoom i n...

by New Member in

How to display a Total Users label within Title of Pie Chart?

I have a Panel on my Dashboard with a Chart showing the users who use the system. The Chart shows the first 11 Use...

by Path Finder in

How to filter a JSON data log when one of the fields in that JSON is empty?

Hi, I am trying to filter the log event based on a json field which is empty. I have 3 million records and out of whi...

by Engager in

Splunk for desktop environment

Can splunk be used to collect and manage win10 event traces / performance data ? Are there any use cases where splunk...

by New Member in

Reduce SPL OR operator redundancy

I have a query with a bunch of ORs and I want to do something similar to the SQL IN operator, using a list instead or...

by New Member in

Generate a dynamic multi-value field based on a specific field in a search

Hi there, I'm fairly new to Splunk searches. I have a search in a log : index=tutti sourcetype=toto status!=4 W...

by Engager in

How to create a search box that when text is entered it appends what is searched into each panel on the dashboard?

So I am trying to create a searchbox that when text is entered it appends what is searched into each panel on the das...

by Path Finder in

How to re-add a clustered bucket as standalone?

I went in to try and rename the db buckets to the longer name for instance db_1560844064_1560747689_41 to db_1560844...

by Path Finder in

How to relocate Splunk bar chart value placement

I have a bar chart and the value in the horizontal bars comes at the top of the bar. What XML changes should be made...

by Explorer in

trigger second search/dbxquery based on the result of the first search

Hello, I would like to trigger the second search/dbxquery based on the results of the first one. I test it with th...

by Builder in

How to exclude a specific value from a column?

Hi I have a table with 2 columns: "_time" and "isOutlier". I want to remove all the fields with the value = 1 fro...

by Communicator in

Use of fillnull displays wrong color in 'single value'

I am using | fillnull totalCount in my search so I get an 0 when there is no result. The color range I use is from mi...

by Path Finder in

Remove extension from filepath in field value dynamically.

I have a field in my Splunk search name filepath which contains the base path of file like below repository/2650/docu...

by Engager in

How to adjust label position in a column chart?

Here is my chart - there is any way to set the position of column labels above the column, not in the middle?

by Path Finder in

Replace command -Ignore case

How can we use case insensitive value in Replace command- | replace "name" with "entity" in description will it re...

by Path Finder in

How to extract filename from fields?

I am trying to extract a filename Nsences_2016_10_10_12_50.csv from below field value. D:\Program Files\X620\ABC\T...

by Contributor in

Why does the search works in Monitoring Console but not in other Apps?

I'm trying to convert the Health Check queries into a dashboard, I already change neccesary permissions in some macro...

by Explorer in

Question on include/exclude events

In the logs I wanted to include events that has the string "uri=https://www.bikerace.com" and if it is not present I ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a regex field extraction for the last occurence for a specific text?

Issue with time format calculation

stats command not working as expected

How to use timepicker from a CSV lookup?

How to match events from 3 different sources?

Table fields as variable

Question on left join

Why dont some panels in Splunk give the default zoom in and reset zoom behavior while others can?

How to display a Total Users label within Title of Pie Chart?

How to filter a JSON data log when one of the fields in that JSON is empty?

Splunk for desktop environment

Reduce SPL OR operator redundancy

Generate a dynamic multi-value field based on a specific field in a search

How to create a search box that when text is entered it appends what is searched into each panel on the dashboard?

How to re-add a clustered bucket as standalone?

How to relocate Splunk bar chart value placement

trigger second search/dbxquery based on the result of the first search

How to exclude a specific value from a column?

Use of fillnull displays wrong color in 'single value'

Remove extension from filepath in field value dynamically.

How to adjust label position in a column chart?

Replace command -Ignore case

How to extract filename from fields?

Why does the search works in Monitoring Console but not in other Apps?

Question on include/exclude events

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions