Splunk Search

Discussions

Thread Info

How to TOP based on one of the stats by field ?

Hi I have below query which gives me TOP 20 Requests based on REQUEST_COST regardless of the RequestType | sear...

by Communicator in

Regex help in Splunk

Hi, I have few events in splunk like these - 1. "GET /test/materials/components/fields HTTP/1.1" 2. "GET /test1 HTTP/...

by Explorer in

Extracting date from filename and inserting as title in dashboard

I need to extract the date from my filename "abc_20190401" and put it as a title in my dashboard?

by New Member in

Is it possible to use two base searches in one post-processing search?

I have a dashboard similar to this one: <form> <label>Multiple Base Searches</label> <fieldset submitButton="f...

by Communicator in

Not able to invoke each rows sprint, the element after the "by".

I have been trying to see if (sprints==last_chunk) but my problem is that, if I eval within the stats section, sprint...

by New Member in

How to use conditional tokens to run an append command

I am creating a table by appending the result of many searches together so each result appears in one row of the tabl...

by Engager in

Save results to avoid recalculation for new users per day or total number of distinct users

I am pretty new to Splunk and this is my first posted question so here goes... I have an application and I need to...

by Explorer in

Searching and reporting against custom indexes

I created a new Index for syslogservers to store remote syslog messages coming in on a Data Input UDP:514; The in...

by New Member in

Regex Help

I have this data: cfjbht06,08-Apr-2019,18:01:47,2.9,11.6 Splunk is reading this timestamp as: 4/8/19 6:01:47...

by Engager in

Complex Regex, HELP!

I have a transform that I need help writing a regex for. It has two conditions. It needs to match the value in th...

by Builder in

Differentiate between two fields with the same name in two different jsons

So I have a single log event that captures the request and the response JSONs. As a user I'd like to be able to write...

by Explorer in

formating a text file

i have a file in the format of : productId,product_name,price,sale_price,Code DB-SG-G01,Mediocre Kingdoms,24.99,19...

by New Member in

converting 1.1.1970 to epoch doesn't work, whereas converting epoch 0 to string does work... is it a bug or did I miss something?

Hi, I stumbled on something funny with the time conversion functions. Trying to convert the 1st of January 1970 to ep...

by Communicator in

To extract a string which has numeric value and get the count

I have logs in splunk as mentioned below 3/22/19 2:05:44.000 PM Date = 2019-03-22 13:58:19,827 | Level = INFO | Reque...

by New Member in

How to write a search to not display the last bucket of data in a timechart?

I have a requirement in which I don't want to display the last bucket of data in the timechart. Example: The bucket t...

by Path Finder in

How to modify a part of a search based on two inputs selection?

Hello, I have a dashboard with 2 inputs: A radio input with two buttons, index and role, with the token viewText i...

by Path Finder in

HELP FOR FORMATTING TEXT IN A PANEL SEARCH

Hello I have the panel below in my dashboard <row> <panel> <single> <search> <query...

by Motivator in

Stop kv-store lookup from grouping values per key

I have a kv store that has several fields (ip addresses, time stamps etc) tied to a unique key (the default mode) - w...

by Communicator in

Splunk 6.2.4, TA-tippingpoint 3.3.0 - Failed extractions

I have TA-tippingpoint 3.3.0 app installed on Enterprise Splunk 6.2.4, but there are no field extractions for the IPS...

by Engager in

Can you help me search to return results even if there are none available?

I have 2 source types that run every morning at 8:30am. If 1 or more does not, I need to still see the source type...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to TOP based on one of the stats by field ?

Regex help in Splunk

Extracting date from filename and inserting as title in dashboard

Is it possible to use two base searches in one post-processing search?

Not able to invoke each rows sprint, the element after the "by".

How to use conditional tokens to run an append command

Save results to avoid recalculation for new users per day or total number of distinct users

Searching and reporting against custom indexes

Regex Help

Complex Regex, HELP!

Differentiate between two fields with the same name in two different jsons

formating a text file

converting 1.1.1970 to epoch doesn't work, whereas converting epoch 0 to string does work... is it a bug or did I miss something?

To extract a string which has numeric value and get the count

How to write a search to not display the last bucket of data in a timechart?

How to modify a part of a search based on two inputs selection?

HELP FOR FORMATTING TEXT IN A PANEL SEARCH

Stop kv-store lookup from grouping values per key

Splunk 6.2.4, TA-tippingpoint 3.3.0 - Failed extractions

Can you help me search to return results even if there are none available?

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

How to merge 2 very high volume index into 1

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...