Splunk Search

Discussions

Thread Info

search use case help with common field

hi all, have some query on search use case. 1) My requirement is to extract a hpotter from a log - ex: log loo...

by New Member in

How to trim a string to a new field

Hello, I cannot figure out the syntax of the rex function. I have a field called data multiple email addresses: eampl...

by Engager in

Is it possible restrict a user search by data values?

Hey! For example, if I have events contain different countries. Is it possible to restrict users by specific value...

by Path Finder in

Remove null values from evaluated field in the search results

Hello, I have this query: index=main | table sourcetype, data, context, local_endpoint, remote_endpoint | eval Ergebn...

by Engager in

How to convert date string to date format in string and extract all the dates which are 60 and 90 days earlier than the current day?

Hi All, I am unable to convert date string to date format using below SPL query. eval "-Last Logon Date" = strp...

by Explorer in

Migrate data from standalone to indexer cluster

Hello splunkers! We have lost indexed data of some days in clustered indexer. However, data exists in standalone s...

by Path Finder in

How can I use a variable as parameter for a custom command?

This is not working: Is there a special syntax to use the content of a variable an not its name? sourcetype="test"...

by New Member in

Sub a string until a specific character

Hello, I Need to know how can I trim a string from the begining until a specific character. For example, I have the t...

by Engager in

Manipulating data in a Values() output

Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field. ...

by New Member in

Trying to use collectd to trend process utilization by name

I've got a test set of hosts using collectd to gather process information, and I'm struggling how to get mstats to gi...

by Contributor in

SPL Can't do conditional statements after dealing with multi value fields

My goals is to grab the computer name from the multi-value field: identities. I then want to take that new attribute ...

by Path Finder in

Limited output for multivalue field

Hi Splunkers, we have JSON logs with multiple values for a single field - list of identities - up to 1000. I need...

by Contributor in

How do you average count values in certain timeslots?

Dear Community, I got a use case I seem to be too inexperienced with to complete on my own. Since I just started d...

by Engager in

help on stats(dc) command

hello I use the search below in order to display cpu using is > to 80% by host and by process-name So a same host ...

by Motivator in

How do I find the difference in time between two fields in the same event?

I am fairly new to Splunk so bear with me. I have extracted two fields and they are ConnectTime and DisconnectTime...

by Engager in

baic question on inputlookup

hi I have diffuclties to understand how inputlookup works I use the search below index="x" sourcetype=y source="z"...

by Motivator in

Is it possible to change an index name?

One of our customers wonders whether it's possible to change an index name. Is it possible?

by Ultra Champion in

How to search an event ID for password expiration enabled

I am trying to search event logs for an event when a user password is set to not expire. But the alert I have setup f...

by New Member in

How to subtract a string from value field

I Need to know to subtract a string from the begining of a value until a specific character in Spl. For example, if I...

by Engager in

Combining Search Results By Passing Subsearch Values

Hi, Essentially, I am trying to join 2 or 3 log entries together linking them by a yet to be determined value (ses...

by Explorer in

Encryption on the port 9997

Hello, I have the following inputs.conf on my indexer: [default] host = mo-7ee963859.zone1.mo.sap.corp [monito...

by Builder in

Need count for fields value

Hi Friends, I have two field component and eventtype, need count of component=root and component=Metrics and ventt...

by Communicator in

Why does the regex work in search but not in props.conf?

I have a file that I am monitoring on a Heavy Forwarder(HF). The file is JSON logs. On the HF I have the following pr...

by Builder in

Is it possible to append/concatenate regexes for one field check?

Currently I have a search as follows: myFieldName="mySearchValue" | where match(path,`startOfPath`) `startOfPath` ...

by Explorer in

Multiple queries scheduled to update in table

Is there a way in splunk to have a table updated only when the query returns results. For Instance if there 50 ind...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search use case help with common field

How to trim a string to a new field

Is it possible restrict a user search by data values?

Remove null values from evaluated field in the search results

How to convert date string to date format in string and extract all the dates which are 60 and 90 days earlier than the current day?

Migrate data from standalone to indexer cluster

How can I use a variable as parameter for a custom command?

Sub a string until a specific character

Manipulating data in a Values() output

Trying to use collectd to trend process utilization by name

SPL Can't do conditional statements after dealing with multi value fields

Limited output for multivalue field

How do you average count values in certain timeslots?

help on stats(dc) command

How do I find the difference in time between two fields in the same event?

baic question on inputlookup

Is it possible to change an index name?

How to search an event ID for password expiration enabled

How to subtract a string from value field

Combining Search Results By Passing Subsearch Values

Encryption on the port 9997

Need count for fields value

Why does the regex work in search but not in props.conf?

Is it possible to append/concatenate regexes for one field check?

Multiple queries scheduled to update in table

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions