Splunk Search

Ask a Question

Discussions

Thread Info

How do you use rex to extract a specific field in Splunk?

Hello, Can anybody help me extracting from this table with 3 regular expression: I got a column in Splunk like ...

by New Member in

Bro/Zeek search for peaks/dips over time

Looking for assistance to search Bro/Zeek for peaks/dips in traffic (what is the best sourcetype to go by). Also ...

by Loves-to-Learn Everything in

How come strptime does not work for some days?

There seems to be some issue with the strptime function. I'm not sure why it works for few days and does not work for...

by Path Finder in

Chart with multiple Row Fields that Share Values Over One Column Field

Hello, I was wondering if you can have a chart that compares the average of one field depending on the value of sever...

by Engager in

Extract id from string using rex

Hi all How to extract id from String using rex? sample: sample-3456-777-text result: id 3456-777

by Engager in

Vlookup between 2 queries

Hello folks, i have a list of hardware for an account X and i want to know if all the hawrdware list is present in...

by New Member in

EventViewer No Display

User has the "admin" RBAC role User uses dark theme User uses several workstations with Chrome and IE A simple sea...

by Path Finder in

AWS windows logs parsing

Hi, How we can distinguish windows/linux logs from the AWS logs. Is there any TA/App is available which support by...

by Path Finder in

2 timestamp, the rest identical, how calculate duration ?

tim:2019-01-18 10:27:54,id:bee236 tim:2019-01-18 10:38:07,id:bee236 tim:2019-01-21 09:27:09,id:thierry403 tim:2019-01...

by Path Finder in

Join two datasets (main search and subsearch), keep all keys in both, and update non-key fields with data from the subsearch

If I have two searches, one generates fields "key A" and "Column A" and the second search generates fields "key B" "C...

by Path Finder in

Timechart - Running Total By Product

Hi, I would like to create a timechart that shows the running total revenues for each product. First I've created ...

by Motivator in

SPL command to copy paste rows in lookup with increment values

i have lookup like following : ID jobname start_time end_time frequency 1 abc 0:00 21:00 60 2 def 3:00 4:00 10 ......

by Path Finder in

Eventstats not getting the latest event based on the field

Hi Team, I am trying to get the latest event from the list of events , id field is common across all the events based...

by Engager in

Splunk problem with fast and smart mode

Hello community, I am facing a problem ,I have an instance of splunk installed on linux server , And I am trying t...

by Explorer in

Optimize my search

This is my search: Function="- Parts::GetPartSection =>" | rex "maingroupNo\>(?.+)\\(?.+)\\(?.+)\" | convert timef...

by Path Finder in

how to add field values of a table to another field values in a different table in a dashboard belonging to same Index

hello all, I want to add field values of a table with field values of another table in a dashboard both belonging to ...

by Explorer in

Duration Timer

hi!I have a prototype here that has three switches for each light, Green, Yellow and Red Light respective. Each time ...

by Communicator in

query to get top 10 users

Hello everybody, I am getting data in "index=test", I am trying to get top 10 Calling userid's with there call cou...

by Path Finder in

How to search what field values are missing using a lookup table per period of time? - follow up

I am using a search that was provided as an answer to a previously posted question - How to search what values are mi...

by Communicator in

Duration between events

Given transit data like: 2019-03-19 19:00:32 GMT vehicle_id="58" stop_direction=Inbound 2019-03-19 19:05:45 GMT ve...

by Splunk Employee in

how to carry calculations down the pipe for further calculations?

Goal: Count the percentage of users that scroll to through each section of a page. Problem: I know the number of u...

by Communicator in

How to find the first saturday of every month?

Hello, I am currently stuck with finding the first Saturday of every month. Below is a screenshot of what i curren...

by Explorer in

Optimize Search

I have to create an alert where as soon as the number of events at time X has changed. There are two following scenar...

by Engager in

how to search by too deferent champs

Hello , how to search by two different champs ? I try "OR" but not result Thanks

by Path Finder in

Colors inversed in my piechart ! why ?

Hi ! I have a piechart and I assigned red color for a x value and green color for a y value on it. But sometimes i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you use rex to extract a specific field in Splunk?

Bro/Zeek search for peaks/dips over time

How come strptime does not work for some days?

Chart with multiple Row Fields that Share Values Over One Column Field

Extract id from string using rex

Vlookup between 2 queries

EventViewer No Display

AWS windows logs parsing

2 timestamp, the rest identical, how calculate duration ?

Join two datasets (main search and subsearch), keep all keys in both, and update non-key fields with data from the subsearch

Timechart - Running Total By Product

SPL command to copy paste rows in lookup with increment values

Eventstats not getting the latest event based on the field

Splunk problem with fast and smart mode

Optimize my search

how to add field values of a table to another field values in a different table in a dashboard belonging to same Index

Duration Timer

query to get top 10 users

How to search what field values are missing using a lookup table per period of time? - follow up

Duration between events

how to carry calculations down the pipe for further calculations?

How to find the first saturday of every month?

Optimize Search

how to search by too deferent champs

Colors inversed in my piechart ! why ?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!