Splunk Search

Ask a Question

Discussions

Thread Info

help on token strange behaviour

hi I use the search below and I filter the data with 2 token | inputlookup tablet_host.csv | lookup PanaBatter...

by Motivator in

How to display certain stats values command in a search?

Hello I use the stats command below but some process_name have no process_cpu_used_percent value So how to do for ...

by Motivator in

Splunk search issues with timezone of logs from forwarders

Dears, My Splunk Indexer is in CDT time zone and my forwarder logs are in UTC time zone and there is time differe...

by Path Finder in

How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)?

Hello everyone, I am trying to combine the following: - The query 1 looks for recent events (earliest=-10m@m lates...

by Engager in

Take multiple regex in single search string

I have to extract the same features from two sets of logs with very different formats and need to take the additional...

by Explorer in

How to return values from lookup which are not matching the search?

Hi I currently have a search which returns a list of users with employee id from a user lookup eg: user lookup ha...

by Explorer in

Convert Timestamp from one format to UNIX style format

I have a log file that has the timestamp for each line as: Jun 10, 11:07:59.305475 Note that the year is missi...

by Engager in

I am looking on how to filter the unwanted logs getting forward to indexer

In my Application there are logs statements which are repetitive and how to avoid them sending to Indexer so that...

by New Member in

How to table events in columns with time/date related counts

I want to write a search where the events are in one column and the related counts are in each column corresponding t...

by Explorer in

Splunk 6.4 how to achieve @w1 of splunk 7

I am doing weekly statistics and in splunk 7, i can easily specify the first day of a week by @w1 so 1 means Monday. ...

by New Member in

Comparing 2 Windows Event logs together

I am kind of new so I apologize to my ignorance. What I am trying to do is use the Windows Event Logs EventCode 5156 ...

by Engager in

How to chart count by events and name?

I have a search that gets the count of events by users which works well. However, I want to have the chart list all u...

by Path Finder in

Custom index for forwarded data

Hello all, I have a working universal forwarder that happily sends data to my Enterprise indexer. The data shows up u...

by Builder in

How to use rex to match only where the field exactly has 8 characters?

Hello, I need a search to match when a field that has free form text contains exactly 8 characters that are letter...

by Communicator in

Data virtualization with Splunk?

hi, what are your thoughts on data virtualization and how does it apply to Splunk? I ave been researching data virtua...

by Explorer in

Interactive dashboard stats count

Good afternoon I have a stats count query leading to a single number dashboard. I was wondering if it is possible to ...

by Explorer in

Combine / Add rows in the search results using a wildcard

I am beginner to Splunk and could you please help me with the following scenario. I have a search that will display a...

by New Member in

user role to specific index not working with index=*

Hello i have several reports that contains the search index=something__something in my case, '' is the name of the re...

by Communicator in

Transaction command not closed properly

Hi, I need help with transaction command results. I have the following input to transaction command: eventID,"_ti...

by New Member in

Help with using comparison sign in tokens

Hello I use 2 tokens in the XML below, I need to use comparison sign like > and < in this token. I would like also to...

by Motivator in

How to extract different sourcetypes from the same file

I'm wondering if/how I can do the following: I have a JSON structured file that is being parsed perfectly as JSON,...

by Loves-to-Learn Lots in

How to get top 10 data source from Splunk ?

is this command is correct ? ** | chart count by sourcetype | sort count desc*

by New Member in

How to get spath to auto_extract the fields

I have events that will be indexed that will look like the below: 2019-06-06 21:12:40.397 { "response": "NodeJST51...

by Path Finder in

Which is faster, appendcols with second search or replacing values?

I would like to understand which of the following is the fastest and why or if there are any more faster ways to achi...

by Explorer in

How to Match event between two Index and get desired value

Hi, I am trying to match events between two index: Index A & Index B. Index A have 3 column: date-time, User's Cel...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

help on token strange behaviour

How to display certain stats values command in a search?

Splunk search issues with timezone of logs from forwarders

How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)?

Take multiple regex in single search string

How to return values from lookup which are not matching the search?

Convert Timestamp from one format to UNIX style format

I am looking on how to filter the unwanted logs getting forward to indexer

How to table events in columns with time/date related counts

Splunk 6.4 how to achieve @w1 of splunk 7

Comparing 2 Windows Event logs together

How to chart count by events and name?

Custom index for forwarded data

How to use rex to match only where the field exactly has 8 characters?

Data virtualization with Splunk?

Interactive dashboard stats count

Combine / Add rows in the search results using a wildcard

user role to specific index not working with index=*

Transaction command not closed properly

Help with using comparison sign in tokens

How to extract different sourcetypes from the same file

How to get top 10 data source from Splunk ?

How to get spath to auto_extract the fields

Which is faster, appendcols with second search or replacing values?

How to Match event between two Index and get desired value

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions