Splunk Search

Ask a Question

Discussions

Thread Info

Can you help me make a regular expression to extract a field?

Hello, I have these events where I want to extract a filename. Right now, none of the fields capture the Filename...

by Explorer in

How come my rex command doesn't give results as expected?

I have the following log statement and I would like to retrieve the mac address which is a 12 digit string from it. ...

by Explorer in

How do you pull and match data?

Hey, So the data I am pulling from is from two source types. I indexed bigfix and tried to pull the software infor...

by Engager in

Field extraction from source field

I have my Splunk source in the format below : source=/default/folder/20190403/file_PARADOX_7747_txt I am trying...

by Path Finder in

How do you create new fields from the current field values?

Hi, I wonder whether someone can help me please. I'm using the following query to extract data from the raw JSO...

by Motivator in

field extractions on indexer

Is it possible to define field extractions on the indexer and allowing the search head to use the extractions? Or can...

by Splunk Employee in

round fuction usage for avg command output

Hi , I have been using the stats avg(duration) as Avg_Duration in my query.But while displayin the Avg_Duration i ...

by Motivator in

How to control search duration of users

Hello Splunkers, I want to put restrictions on the seach time period , right now one user can search for as long a...

by Explorer in

Can you help me figure out if I should use a condition statement OR an If statement?

Hi all I am new to Splunk please help me on this. I am trying to check a condition that if Coin Acceptor, Rec...

by Explorer in

How to get the non reporting device list??

How to get the non reporting device list?? Any way to compare the lookup and the stored data so i can get the non...

by New Member in

help with timechart / count needed

Hello, I would like to track the license consumption as from time to time it is 4 times higher (per day) than expe...

by Builder in

Checking the events from a transaction for a range of time say +/-5min.

transaction id startswith="sourcetype=1" endswith="sourcetype=2" maxspan= in place of time range we want to have the ...

by Loves-to-Learn in

Can we remove lookup names from dataset page?

Can we remove lookup names from dataset page? I just want to show data model on this page:

by Motivator in

How to get the required text from rex?

Hello, I want to extract only the required text from Logs using rex. for instance, consider in logs there is some ...

by New Member in

Splunk logs dedup/consolidation

Hi Splunkers! Do any of you know if there is a built-in feature or mechanism in Splunk that aggregates similar lo...

by Contributor in

(While) Loop function in search

I'm currently facing an issue where I would solve it with a loop function in any programming language. But I'm no...

by New Member in

query help with chart

Hi, I have a csv file with inputs like this : Time,Device,Interface,Duration,Bits In/sec,Bits Out/sec,BW 3/22/2...

by Communicator in

Join command not matching on username properly

I'm trying to join the two queries together one which queries the total number of accesses by a student and then the ...

by New Member in

Help me to Format date

Hi I want to format the date field with the following format Ex: 20190401 Expected: 01 Apr 2019 Mon ...

by Engager in

How to check the gradual increase of the value of a field which crosses 3 time increment

I have a requirement, where I need to display name of an queue, for which the size of the queue is keep on increasing...

by Communicator in

How do you remove remote data with configure file?

Hi, Splunkers: Recently, I've migrated my indexer to search head, but I'm not very familiar with configure files. ...

by Path Finder in

How do you create a timestamp field?

I'm inputing a txt file into Splunk, and I need assistance with timestamp format and prefix. Example event: 05:...

by New Member in

How can I run the extract command on field extracted by the rex command

Cog in a larger machine, I have asked my Splunk team to improve the parsing on some of our logs, but it hasn't happen...

by Explorer in

Scheduled search in a dashboard

Hello Everyone, I have created a dashboard and wants the result for last 7 days; and want to schedule it and run ...

by Path Finder in

How do you perform a mathematical calculation on the results of two queries?

Hello, I have two queries: 1. index=abc slice_played slicer=Latency externalUserID="$ext$" assetID="806d682119ac46...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me make a regular expression to extract a field?

How come my rex command doesn't give results as expected?

How do you pull and match data?

Field extraction from source field

How do you create new fields from the current field values?

field extractions on indexer

round fuction usage for avg command output

How to control search duration of users

Can you help me figure out if I should use a condition statement OR an If statement?

How to get the non reporting device list??

help with timechart / count needed

Checking the events from a transaction for a range of time say +/-5min.

Can we remove lookup names from dataset page?

How to get the required text from rex?

Splunk logs dedup/consolidation

(While) Loop function in search

query help with chart

Join command not matching on username properly

Help me to Format date

How to check the gradual increase of the value of a field which crosses 3 time increment

How do you remove remote data with configure file?

How do you create a timestamp field?

How can I run the extract command on field extracted by the rex command

Scheduled search in a dashboard

How do you perform a mathematical calculation on the results of two queries?

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions