Splunk Search

Discussions

Thread Info

search comparison to validate all forwarders point to indexers in the idx cluster

GM, through the years we have added several indexers to our cluster. we are no looking to retire a few generation 1 i...

by Contributor in

Overcome truncated result for timeseries chart

Hi guys, I'm currently facing an issue. I have csv logs being ingested every 1 min with the status of some service...

by Explorer in

How to do a lookup between two searches and combine the data in a single line in a table

Can someone give me the basics to do something like find THIS in search number 1, match it to THAT in search numbe...

by Explorer in

How to do Lookup single field comparison?

I apologize for the banal question on the lookup. Not so long ago, I began to learn how to filter events by lists thr...

by New Member in

Scheduled SPL Search Results with it's Scheduled Search Time

Hello Splunkers, Is it possible to accomplish my question in the title ? My SPL DOES NOT contain any date field, b...

by Path Finder in

Performing calculations on multi-valued fields

Hello, I am trying to perform calculations on multiple fields. I am working with data in the format of Key='value...

by New Member in

Add search field based on value of another field

I have a dashboard panel with a radio input. If the user choose Selection A (4624), I need to add a field to the sear...

by New Member in

How do you build a regex to index only specific files?

Hello, i have these 3 stanzas in my transforms.conf file: [set_f270_header] REGEX = (^\$\w+\s\d+|^\-\-\-\-\- h...

by Communicator in

Break events based on a string

hi , Below is my single event indexing into splunk.I want to break the events into single events .It should break ...

by Path Finder in

How to write an eval condition to replace a field ?

I have a query which displays some tabular results and when a certain condition is matched for 2 field values I want ...

by Builder in

Retrieve TransactionId from the following string through regex

Wanted to retrieve the transaction id from the given string Level="ERROR", Date="2019-03-25 23:02:59,600", Messag...

by Path Finder in

How to show threat names in field1 and not in field2?

I have 2 different fields that both contain threat names. I want to show which of the threat name are in field1 and n...

by Loves-to-Learn in

How to list out all users who access a particular IP?

How to search all users who access a particular domain/ip I have a list of source ips and i wish to find users who...

by New Member in

How do you fetch JSON embedded in plain text logs using regex or spath?

I have been running into a problem where I need to fetch the value from JSON data in the log. I am aware of spath but...

by Engager in

How to extract multiple field values for a field from single log event and cross check with the data from a file?

Hi All , Good Day My log will generate 2 types of log events 1)tid and mid in single log event 2)multiple field v...

by Path Finder in

Splunk search for failed count percentage out of total of each event

Hi, I need help in creating one query. There is one field "Operator" having multiple values like airphone,bphone,vsph...

by Path Finder in

search cidr without using "src_ip OR dest_ip"?

Is there a way to search a cidr notation without using "src_ip OR dest_ip"? I have a bunch of ips i want to search f...

by New Member in

stats count not working

Hi, I am trying to get a table type of alerting but I am not getting the output index = ops host = Sr*xxxx* sourc...

by Explorer in

Schema Accelerated Event Search performance

I am super stoked about the potential of Schema Accelerated Event Searches- might be one of the best improvements i'v...

by Path Finder in

Perform a join where the timeframes are different

In my data, events can have children. There is data in those events that I would want to associate with the parent ev...

by Path Finder in

How to get the latest name from the data?

Hi, index=os sourcetype=Service status=* (Group="Data" OR Group="Secur") AND (Section="Local" OR Section="data he...

by Explorer in

Column chart based on field value, without everything being the "count" field

Currently having a hard time figuring out how to create a column chart where the field values show up in the side, so...

by Splunk Employee in

Regex field extraction

I am having trouble with field extraction. I have a regex which works in a pcre regex tester but when I attempt to us...

by Path Finder in

How do you compare two multivalue fields and get the result in one number (the difference)?

I am trying to compare multivalue fields, but I cannot figure out how to do it correctly? Here is the original que...

by New Member in

How to change charting.fieldColors through JS of already rendered chart?

Hi, does anyone know how can I change fieldColors after chart was rendered? Thing is that we have two different vi...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search comparison to validate all forwarders point to indexers in the idx cluster

Overcome truncated result for timeseries chart

How to do a lookup between two searches and combine the data in a single line in a table

How to do Lookup single field comparison?

Scheduled SPL Search Results with it's Scheduled Search Time

Performing calculations on multi-valued fields

Add search field based on value of another field

How do you build a regex to index only specific files?

Break events based on a string

How to write an eval condition to replace a field ?

Retrieve TransactionId from the following string through regex

How to show threat names in field1 and not in field2?

How to list out all users who access a particular IP?

How do you fetch JSON embedded in plain text logs using regex or spath?

How to extract multiple field values for a field from single log event and cross check with the data from a file?

Splunk search for failed count percentage out of total of each event

search cidr without using "src_ip OR dest_ip"?

stats count not working

Schema Accelerated Event Search performance

Perform a join where the timeframes are different

How to get the latest name from the data?

Column chart based on field value, without everything being the "count" field

Regex field extraction

How do you compare two multivalue fields and get the result in one number (the difference)?

How to change charting.fieldColors through JS of already rendered chart?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!