Splunk Search

Discussions

Thread Info

How to extract multivalue fields in Splunk and the events in tabular format?

Hi, I have one OS index in Splunk where i get the raw data in a tabular format like below. Now I need to extract thes...

by Explorer in

How to find a value from index1/table1 in index2/table2?

I have made two indexes and set the values into a table. How can i find a value from table1 in table2 and present de ...

by Explorer in

How to unite different fields into one field?

I'm about to unite product codes from 2 different sourcetypes with different names, but with the same value. Here'...

by Path Finder in

how to assign an eval statement to matches on a subsearch?

I have a main search and a lookup table I want to assign field called isCorrect to values from the main search that m...

by Engager in

Cisco ASA VPN logs regex?

Hey guys, I am ingesting VPN logs and would like to parse them out. Does anyone have regexes to use?

by Motivator in

Search for limit violations in subsearches of saved searches

Dear fellow Splunkers, I'm running a saved search containing multiple sub searches and writing the results to a s...

by Engager in

How do I sort a timechart legend by count in decreasing order, not alphabetically?

Let's say I've got a timechart of URLs I'm serving. Over an hour, let's say I served this: server.com/MYcats.html ...

by Engager in

Trimmed Average Calculation

host = Mayhem sourcetype="phutans:servo" host=R00878 | eval headers=split(_raw," ") | eval plant_length=mvindex(heade...

by Contributor in

Server Availability query from Incident data

I have a lookup table with fields Application name and host, and i have a realtime Incident data with index, sourcety...

by New Member in

Can you reference a token value inside a token eval tag?

Hello, I have a token called range (assume it has a value of "123-456"), and I am trying to use it inside a token eva...

by Communicator in

Multi Valued Field Help

I have looked at a ton of posts about breaking a multivalued field but having zero luck effecting a solution. I have ...

by Path Finder in

CPU Usage Prediction of later 15 days... of a month

Hi, I am trying to create a dashboard that shows % CPU Processor time avg (Value)..but the query i used to only givin...

by Path Finder in

extract part of path that may or may not contain space

Hello i have source path that looks like : s3://splunk/OTHER/1/OTHER/Star J750/pjserialnumber/2019-05-06T1...

by Communicator in

Replace every 2nd pattern with carriage.

i have a field with dates in single line ( could be many dates ) ex: 2019-04-11 23:15:58.547 2019-05-02 10:11:22.8...

by Builder in

count number of serialnumber with dc takes lots of time

hello i have this query : index = amer_pj | SerialNumber | Region | stats dc(SerialNumber) as SerialNumber by Region...

by Communicator in

クロス集計表でパーセント表記をさせたい

contingencyコマンドを使えばクロス集計表(左図)が得られますが、これをパーセント表記させる(右図)方法はありますでしょうか？

by New Member in

"As" command modifier not working

New to Splunk. Trying to use the "as" command modifier to change the name of a column. However, the modifier is not b...

by New Member in

Line graph incorrectly shows a flat line

Hi I have the following search query which shows the output as shown below,as you can see the issue is the linegra...

by Path Finder in

Why is search command TERM not working in one system but does in another?

We just found out that the search command TERM does NOT work when used on extracted fields in one of our Splunk Enter...

by Contributor in

Search command for different PC's

Hy, i have create a Dashboard with Error Logs. 1 for all pc's: Computername="*", it works, i see all PC's but whic...

by New Member in

Matching log events with dynamic context information (e.g which version of package X was installed?)

Hi everyone, I am using Splunk Enterprise 7.0.8.5 with the Universal Forwarder 6.5.2/6.5.3 on multiple hosts runni...

by Engager in

Display only values found in two searches

index=rap sourcetype="joyner lucas" | dedup albums| table albums |append [search index=country sourcetype="lil Nas" |...

by New Member in

Send logs from Splunk Enterprise to Elastic Search

Hi, i hope someone can help us, please. We have to send our logs that we receive from Firewall's, Sysmon, etc fro...

by Explorer in

Cannot reproduce Predict command confidence interval

Dear Team, I understand we are using Kalman filters in predict command. I am comparing our existing Kalman impleme...

by Explorer in

Does anyone know how query for non alpha numeric characters?

Is there a way to search for non-alphanumeric characters? We have an index that sometimes generates data that contain...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract multivalue fields in Splunk and the events in tabular format?

How to find a value from index1/table1 in index2/table2?

How to unite different fields into one field?

how to assign an eval statement to matches on a subsearch?

Cisco ASA VPN logs regex?

Search for limit violations in subsearches of saved searches

How do I sort a timechart legend by count in decreasing order, not alphabetically?

Trimmed Average Calculation

Server Availability query from Incident data

Can you reference a token value inside a token eval tag?

Multi Valued Field Help

CPU Usage Prediction of later 15 days... of a month

extract part of path that may or may not contain space

Replace every 2nd pattern with carriage.

count number of serialnumber with dc takes lots of time

クロス集計表でパーセント表記をさせたい

"As" command modifier not working

Line graph incorrectly shows a flat line

Why is search command TERM not working in one system but does in another?

Search command for different PC's

Matching log events with dynamic context information (e.g which version of package X was installed?)

Display only values found in two searches

Send logs from Splunk Enterprise to Elastic Search

Cannot reproduce Predict command confidence interval

Does anyone know how query for non alpha numeric characters?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions