Splunk Search

Discussions

Thread Info

How can I use a variable as parameter for a custom command?

This is not working: Is there a special syntax to use the content of a variable an not its name? sourcetype="test"...

by New Member in

Sub a string until a specific character

Hello, I Need to know how can I trim a string from the begining until a specific character. For example, I have the t...

by Engager in

Manipulating data in a Values() output

Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field. ...

by New Member in

Trying to use collectd to trend process utilization by name

I've got a test set of hosts using collectd to gather process information, and I'm struggling how to get mstats to gi...

by Contributor in

SPL Can't do conditional statements after dealing with multi value fields

My goals is to grab the computer name from the multi-value field: identities. I then want to take that new attribute ...

by Path Finder in

Limited output for multivalue field

Hi Splunkers, we have JSON logs with multiple values for a single field - list of identities - up to 1000. I need...

by Contributor in

How do you average count values in certain timeslots?

Dear Community, I got a use case I seem to be too inexperienced with to complete on my own. Since I just started d...

by Engager in

help on stats(dc) command

hello I use the search below in order to display cpu using is > to 80% by host and by process-name So a same host ...

by Motivator in

How do I find the difference in time between two fields in the same event?

I am fairly new to Splunk so bear with me. I have extracted two fields and they are ConnectTime and DisconnectTime...

by Engager in

baic question on inputlookup

hi I have diffuclties to understand how inputlookup works I use the search below index="x" sourcetype=y source="z"...

by Motivator in

Is it possible to change an index name?

One of our customers wonders whether it's possible to change an index name. Is it possible?

by Ultra Champion in

How to search an event ID for password expiration enabled

I am trying to search event logs for an event when a user password is set to not expire. But the alert I have setup f...

by New Member in

How to subtract a string from value field

I Need to know to subtract a string from the begining of a value until a specific character in Spl. For example, if I...

by Engager in

Combining Search Results By Passing Subsearch Values

Hi, Essentially, I am trying to join 2 or 3 log entries together linking them by a yet to be determined value (ses...

by Explorer in

Encryption on the port 9997

Hello, I have the following inputs.conf on my indexer: [default] host = mo-7ee963859.zone1.mo.sap.corp [monito...

by Builder in

Need count for fields value

Hi Friends, I have two field component and eventtype, need count of component=root and component=Metrics and ventt...

by Communicator in

Why does the regex work in search but not in props.conf?

I have a file that I am monitoring on a Heavy Forwarder(HF). The file is JSON logs. On the HF I have the following pr...

by Builder in

Is it possible to append/concatenate regexes for one field check?

Currently I have a search as follows: myFieldName="mySearchValue" | where match(path,`startOfPath`) `startOfPath` ...

by Explorer in

Multiple queries scheduled to update in table

Is there a way in splunk to have a table updated only when the query returns results. For Instance if there 50 ind...

by Path Finder in

error regex (PCRE2_DUPNAMES not set)

when I start splunk it shows me his " Checking conf files for problems... Bad regex value: '(?:[[sep_file_preifx]])\s...

by New Member in

How to calculate percentage from 2 different searches?

hello I try to calculate a percentage from 2 searches results I know how to count results from my first search : ...

by Motivator in

mvexpand multiple fields

Is there a way to use mvexpand on multitple values? This is the result of my current search and I want it to l...

by Path Finder in

How to preserve leading whitespace in a statistcs table?

Hello! Take for example the following query: | makeresults | eval somevalue=" Hello World!" | table som...

by Path Finder in

xyseries in full mesh: How to have it fill values A to Z with Z to A or vice versa?

I have a search that calculates latency in a full-mesh network, where each router has a direct connection to all of t...

by Communicator in

What is a good query to monitor for someone sending too many alerts?

I received an email from ES techs that someone had sent over 128k alerts to the same address in a 24 hour period. I t...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I use a variable as parameter for a custom command?

Sub a string until a specific character

Manipulating data in a Values() output

Trying to use collectd to trend process utilization by name

SPL Can't do conditional statements after dealing with multi value fields

Limited output for multivalue field

How do you average count values in certain timeslots?

help on stats(dc) command

How do I find the difference in time between two fields in the same event?

baic question on inputlookup

Is it possible to change an index name?

How to search an event ID for password expiration enabled

How to subtract a string from value field

Combining Search Results By Passing Subsearch Values

Encryption on the port 9997

Need count for fields value

Why does the regex work in search but not in props.conf?

Is it possible to append/concatenate regexes for one field check?

Multiple queries scheduled to update in table

error regex (PCRE2_DUPNAMES not set)

How to calculate percentage from 2 different searches?

mvexpand multiple fields

How to preserve leading whitespace in a statistcs table?

xyseries in full mesh: How to have it fill values A to Z with Z to A or vice versa?

What is a good query to monitor for someone sending too many alerts?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!