Splunk Search

Discussions

Thread Info

Field Aliases and Extractions -- overlap or order of operations causing issue

So I have an event: <164>2019-05-14T22:04:15.161Z hostname Hostd: Rejected password for user myuser from 192.168.1...

by Communicator in

need value by time

hello I have a command which gives the value ex., "172" it is basically change when no. of ldap users added and remov...

by Path Finder in

Splunk replaces zero with null values. Chart Avg(value) omits all those null values, with this avg result is not correct. How to fix this?

Hi Everyone, I am a newbie to splunk. We are using splunk to monitor our custom perfmon counters. see the below searc...

by New Member in

Connection timed out when using Splunk Java SDK to make search query

I am seeing this error: java.lang.RuntimeException: Operation timed out (Connection timed out) when I try to c...

by New Member in

How do I transpose a table grouped by the values in the first column?

I have a search that produces the following sample data: ValueA ValueB A 1 A 2 A 3 B ...

by New Member in

How to use field transformations in a splunk search instead of transforms.conf ?

I have the following stanza on the transforms.conf which actually splits commands separated by characters like |, &, ...

by Builder in

Rex for drive letters

I only want to look at built in shares like A$-Z$, but not ADMIN$ or IPC$. Is there a rex expression that will allow ...

by New Member in

Extract JSON fields in mixed data structure with props

I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose ...

by Builder in

Can you help me with an issue with dashboard rows?

Hi guys, Is there any way we can display more than 100 rows in a table format dashboard? We tried to modify the b...

by Path Finder in

How to display a table that shows all rows without pagination?

I need to display a table that will show all the rows without pagination. I have already tried using "showPager" opti...

by Path Finder in

how to break a field into two fields based on the prefix in splunk by using regex?

I have the regex query as below sourcetype=syslog | rex field=_raw "(?rshd[^:]: .+) as (?[^\s:]+)" | rex field=_...

by Builder in

Why does regex to extract host from path work in regex101, while it's not working in Splunk?

I need to extract "hostname" from the path in data input on directory monitoring. Path: /export/var/path/host1.log...

by Builder in

How to extract value under double quotes using the rex command?

Has been busy for "639" seconds using rex command i need to extract value 639 and store it in one field. Pleas...

by Explorer in

Duration between Logoff and Logon

Hi team, Please help me to figure out the issue. I would like to create a dashboard using my Audit logs to capture...

by Path Finder in

Winsorized Average Calculation

host = Mayhem sourcetype="phutans:servo" host=R00878 | eval headers=split(_raw," ") | eval plant_length=mvindex(he...

by Contributor in

How to create a new field from the content of another field by condition and rex?

Hi, I am trying to create a new field "foo" whose content is generated from field "bar", depending on the content ...

by Path Finder in

How to search Splunk from external web application?

Hi, we've a simple web application in PHP that queries user's status from different sources (e.g. LDAP, Oracle DB, et...

by Communicator in

Why is Splunk gathering latest data even with Null values?

How can i get latest value of all ID (1-1,1-2,2-1,2-2). considering there are no latest data on ID(2-1,2-2) Data: ...

by Builder in

Integrating dbxquery in a search

I have an sql database containing a list of ip addresses and a bunch of other fields that I can query from Splunk usi...

by Contributor in

Prediction on disk transfer / sec

Hi , I have used following query for predicting disk transfer of particular host, here we are using LLP algorithm ...

by Path Finder in

String Comparison with Foreach

I have a lookup table from a csv that looks like this name exam1 exam2 exam3 john good bad bad peter bad bad best ...

by Contributor in

How to monitor the lasting of an event with a percentage condition with a CPU charge > 80%?

Hello I use the search below in order to monitore process with a CPU charge > 80% BUT What I exactly need is to mo...

by Motivator in

Custom Splunk search command only returns 100 results

Hello, I'm writing a custom Splunk search command that runs a query on another Splunk host, then returns those result...

by New Member in

Date input textbox format

I want to add 2 text boxes where I can key in 2 dates. Later I want to use these 2 dates at 4 locations of my query. ...

by Contributor in

query help inner query

| mstats max(_value) as Bits_in_sec where index=ehealth (host="SC2CLK-CLOUD-CFD-VDC2" OR host="SC2BJV-CLOUD-CFD-VDC2"...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field Aliases and Extractions -- overlap or order of operations causing issue

need value by time

Splunk replaces zero with null values. Chart Avg(value) omits all those null values, with this avg result is not correct. How to fix this?

Connection timed out when using Splunk Java SDK to make search query

How do I transpose a table grouped by the values in the first column?

How to use field transformations in a splunk search instead of transforms.conf ?

Rex for drive letters

Extract JSON fields in mixed data structure with props

Can you help me with an issue with dashboard rows?

How to display a table that shows all rows without pagination?

how to break a field into two fields based on the prefix in splunk by using regex?

Why does regex to extract host from path work in regex101, while it's not working in Splunk?

How to extract value under double quotes using the rex command?

Duration between Logoff and Logon

Winsorized Average Calculation

How to create a new field from the content of another field by condition and rex?

How to search Splunk from external web application?

Why is Splunk gathering latest data even with Null values?

Integrating dbxquery in a search

Prediction on disk transfer / sec

String Comparison with Foreach

How to monitor the lasting of an event with a percentage condition with a CPU charge > 80%?

Custom Splunk search command only returns 100 results

Date input textbox format

query help inner query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!