Splunk Search

Ask a Question

Discussions

Thread Info

comparing multivalue fields

Good day! I need to compare the results of a search query that contains multivalued fields. My search query loo...

by Explorer in

How to join two searches based on two different formatted fields

I have an index which contains field - TXN_ID = "24, 25 " index=index1 TXN_ID ="24,25" I have another event in dif...

by Communicator in

Adding donut chart for a single value

Hi , I need to have a exact full donut chart for a single value . Below is the image https://imgur.com/a/O5tex...

by Path Finder in

COnvert week number to the 1st date in that week

Below is the data. Weeknum is the number of week where 01-05 are week numbers from 2019 and 40-44 are week numbers fr...

by New Member in

I am looking for replacing all the numbers in a field to *. Can anyone help.

Input field value: "this error occured for member123456. While making a payment of 60" Desired input field value:"thi...

by New Member in

How to capture only string and remove optional digits with regex

I have a field which has values like below. there are 100+ values for this field, but i just posted 3 sample values. ...

by Explorer in

Issue with date and time for indexed csv data

I am facing date time issue while indexing csv data . I do have a date field in my CSV file but i want to consider s...

by Explorer in

How to create multiple reports/pdf output from a single search?

hi folks, we got a requirement to create xx number of reports based on a filter. For example the lookup file has fil...

by Super Champion in

Splunk Extraction

I have Splunk events like below & would like to extract the reason for failure. Event 1 : FILE_READER[1]: TT19472...

by Path Finder in

Extracting delimited values from a field with a dynamic length?

I have a field that contains column names delimited by spaces that I need to break out into separate fields for filte...

by Path Finder in

How do I match a regex query in a CSV?

Hello, I have a CSV file full of regex queries. What I am looking at doing is matching those with a regex in the C...

by New Member in

How to ensure the linecount is updated after removing lines in a rex search?

I've got some events with some lines in it that I don't want displayed, so I'm removing those with a rex sed statemen...

by New Member in

nested level dropdown

I have a query to list out all the values of directory. index=main source="*test*" | stats count by directory ...

by Path Finder in

How do I get an Xyseries to display dates in descending order?

sample query: index=foo "string of data"="age needed"age earliest=-5d | stats dedup_splitvals=t , values(_time) A...

by Communicator in

How to list all sourcetypes for an app on a Dashboard?

Hi, I want to build a dashboard and list all the sourcetypes for an app (e.g. search or splunk_TA_nix). In the set...

by Influencer in

File Name Parts Extraction Rex

I need to break down a source file name into it's meaningful parts with a regex, however the convention of the file c...

by Builder in

How do you calculate the time taken during the authentication process?

Hi All, I am trying to achieve the time difference between two logs during the authentication process. During auth...

by Explorer in

DB Connect TimeStamp Format

Has anyone successfully provided TimeStamp.Format in DB Connect for DateTimeOffset type (SqlSever)? The time is in UT...

by Explorer in

How do you concatenate two values within a log into one field within a field transformation?

I have a log source that breaks up a URL into different chunks (ie: domain, uri string, uri query, etc) within the lo...

by Explorer in

Omitting matching fields unless blank

Hello, I'm trying to omit rows that contain matching fields, unless those fields are blank. Example syntax below: ...

by Path Finder in

How can we get host names for given IPs in a search using reverse DNS?

Hi, I have bunch of IPs and I would like to do reverse DNS and get the host names. So, can I include IPs in the se...

by Contributor in

How can I start each week from tuesday?

Below is my code. It starts each week from sunday. How can start each week from tuesday? Do I need to change anything...

by New Member in

Conditional email subject line

Hello, I have search index=* ERROR | eval svc=mvindex(split(index,"-"),4) | stats count(svc) as cnt_svc by svc,source...

by New Member in

field extraction with rex

Field sample: <"Data Name='Description'>Microsoft ® Console Based Script Host"<"/Data"> | rex ""(?[a-zA-Z0-9.: \\]...

by New Member in

dbx date parameters for apache drill in splunk

I am trying to use apache drill to query mapr data via splunk. Using a dbx to use the name |dbxquery connection...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

comparing multivalue fields

How to join two searches based on two different formatted fields

Adding donut chart for a single value

COnvert week number to the 1st date in that week

I am looking for replacing all the numbers in a field to *. Can anyone help.

How to capture only string and remove optional digits with regex

Issue with date and time for indexed csv data

How to create multiple reports/pdf output from a single search?

Splunk Extraction

Extracting delimited values from a field with a dynamic length?

How do I match a regex query in a CSV?

How to ensure the linecount is updated after removing lines in a rex search?

nested level dropdown

How do I get an Xyseries to display dates in descending order?

How to list all sourcetypes for an app on a Dashboard?

File Name Parts Extraction Rex

How do you calculate the time taken during the authentication process?

DB Connect TimeStamp Format

How do you concatenate two values within a log into one field within a field transformation?

Omitting matching fields unless blank

How can we get host names for given IPs in a search using reverse DNS?

How can I start each week from tuesday?

Conditional email subject line

field extraction with rex

dbx date parameters for apache drill in splunk

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Using a timechart click.value as the midpoint of a...

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static