Splunk Search

Ask a Question

Discussions

Thread Info

How to troubleshoot eval expressions?

I'm new to Splunk, and I am trying to figure out how the eval command works in searches. Sometimes I don't get any r...

by New Member in

How to add a new column after lookup match?

Hi all, I'm stuck with this i hope somebody can helps me. I have a csv lookup with following data for search matc...

by Path Finder in

Trying to get stats output for 2 fields after the "by"

I have data that looks like this: event,myField,myHost,myCategory yes,a,host1,category1 yes,b,host1,category1 yes,...

by Engager in

How to compare an empty field with epoch time?

Hello, I have two fields: dateTimeA and dateTimeB. When dateTimeA is empty, I add "NULL" string. Then I use strpt...

by Explorer in

renaming fields in search

I have a query like this sourcetype="beta" index="alpha" | table fieldA, fieldB, fieldC how do I rename fields ...

by Builder in

Linux mounting/unmounting

I am attempting to create a search string for a Linux box which involves mounting/unmounting removable media devices ...

by New Member in

Lookup file : add a rule

Hello, Got a lookup file looking like this : USER,GROUP Peter,group1 Parker,group1 John,group2 Kevin,group2 ...

by Path Finder in

Can I divide by zero in splunk?

I was having trouble evaluating a field and I think it was because I was dividing by zero. This is my solution. ...

by Motivator in

How to count with inputlookup?

Hi, I have a search that I have been struggle for a few days. I have an index that contains two fields: type and T...

by New Member in

Help with transforms regex needed

Hello, I need help with the proper hashing of the user IDs and IP addresses using the transforms.conf I have the f...

by Builder in

How to select a time range in a timechart?

Hello Is it possible to use a select time range directly in a timechart? it means that I would like to use the sel...

by Motivator in

Regex for F5 BIG IP ASM logs

There is a field - req_status - for F5 Big IP ASM logs and right now when I view the values, I expect to see three: ...

by Influencer in

dropdown case to populate token

Hi, I have a dropdown with 5 values. But in the following panel query the table and index which i am using has no...

by Communicator in

How to search for a missing word from an indexed log and alert if the word is not found in the last 15 minutes?

I will like to search for a missing word like "main" on an indexed log and alert if that word is not found in the las...

by Loves-to-Learn Lots in

need a graph of total calls per day for 7 days or 30 days

Hi all, need help in getting graph for "total_calls" per day for 7 days or 30 days tried using timechart dosnt work. ...

by Path Finder in

Start external process and retrieve results later

So I don't even know where to start researching on how I would setup what I want to do. I'm looking to query a number...

by Path Finder in

Graph weekly average but only show graph for last 24 hours

I currently have a graph that shows the number of events over the last 24 hours by host. I've also included streamsta...

by Communicator in

Field Aliases and Extractions -- overlap or order of operations causing issue

So I have an event: <164>2019-05-14T22:04:15.161Z hostname Hostd: Rejected password for user myuser from 192.168.1...

by Communicator in

need value by time

hello I have a command which gives the value ex., "172" it is basically change when no. of ldap users added and remov...

by Path Finder in

Splunk replaces zero with null values. Chart Avg(value) omits all those null values, with this avg result is not correct. How to fix this?

Hi Everyone, I am a newbie to splunk. We are using splunk to monitor our custom perfmon counters. see the below searc...

by New Member in

Connection timed out when using Splunk Java SDK to make search query

I am seeing this error: java.lang.RuntimeException: Operation timed out (Connection timed out) when I try to c...

by New Member in

How do I transpose a table grouped by the values in the first column?

I have a search that produces the following sample data: ValueA ValueB A 1 A 2 A 3 B ...

by New Member in

How to use field transformations in a splunk search instead of transforms.conf ?

I have the following stanza on the transforms.conf which actually splits commands separated by characters like |, &, ...

by Builder in

Rex for drive letters

I only want to look at built in shares like A$-Z$, but not ADMIN$ or IPC$. Is there a rex expression that will allow ...

by New Member in

Extract JSON fields in mixed data structure with props

I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to troubleshoot eval expressions?

How to add a new column after lookup match?

Trying to get stats output for 2 fields after the "by"

How to compare an empty field with epoch time?

renaming fields in search

Linux mounting/unmounting

Lookup file : add a rule

Can I divide by zero in splunk?

How to count with inputlookup?

Help with transforms regex needed

How to select a time range in a timechart?

Regex for F5 BIG IP ASM logs

dropdown case to populate token

How to search for a missing word from an indexed log and alert if the word is not found in the last 15 minutes?

need a graph of total calls per day for 7 days or 30 days

Start external process and retrieve results later

Graph weekly average but only show graph for last 24 hours

Field Aliases and Extractions -- overlap or order of operations causing issue

need value by time

Splunk replaces zero with null values. Chart Avg(value) omits all those null values, with this avg result is not correct. How to fix this?

Connection timed out when using Splunk Java SDK to make search query

How do I transpose a table grouped by the values in the first column?

How to use field transformations in a splunk search instead of transforms.conf ?

Rex for drive letters

Extract JSON fields in mixed data structure with props

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!