Splunk Search

Ask a Question

Discussions

Thread Info

Why are the columns reordered when implementing reporting command?

Hi forum, I'm trying to implement a custom reporting command. Here is the smallest implementation which does nothi...

by Builder in

How to break a single event into multiple?

Hi team, I have the following as a single event in splunk. )V 2019-03-11 msp raw utility_extract13L hdfs:/data...

by Explorer in

kvstore with custom key fields

Can I define a custom key field in a kvstore? I've created the kvstore with following configuration: _key, targetU...

by Explorer in

How to create a single value timechart after stats?

Hi, I'm doing a device count based on device latest time event registration. I'm getting the correct device regist...

by New Member in

Extract Hostname, Date and time from the log

Hi all I want to extract Hostname, date and time from the log, Kindly help sample log: Mar 12 09:13:46 hostname...

by Explorer in

multiple joins and subsearch question

I have got 3 queries that I need to join together. First query has a subsearch. I used a subsearch because I need ...

by Explorer in

Where to find unmatched regex events?

I know this is a silly question but for some cases I need to know where the unmatched events go because my regex is t...

by Path Finder in

Need to dedup results based on id only if the field is not empty

Hi, I need help deduplicating in a search where only half the data contains an id. Basically, the old data has a f...

by Path Finder in

How to get a field extraction match up till the first time a string is found?

This is the regex I've come up with so far. Unfortunately, it's either matching too much or not enough. I want it to ...

by Path Finder in

How to lookup and match fields across sources?

Hello, I have two sources: 1: Device, SiteName, Long, Lat 2: Device, Clients (Number of current clients) I w...

by New Member in

Show IP address while using Geostats and iplocation

I created a map showing connections outside the US but when I hover over the markers it only shows the lon and lat. I...

by Path Finder in

How to extract date of the latest event after group by?

Hi Team, I am facing issue after using group by clause. (Need date of the grouped event in DD-MM-YYYY ) The sea...

by Explorer in

How to merge rows with a common field?

Hello, I have 1 single table that comes from two different searches/indexes/sourcetypes using append. I need to jo...

by Explorer in

Javascript tooltip showing results of a CSV lookup

Hi all, we do have a table showing (besides other information) HTTP status codes. I'm trying to implement a toolti...

by Explorer in

Regex, and extracting the IP + hostname from _internal

One of my ongoing gripes with splunk is that there is no way to see the IP and the hostname -- either my forwarder se...

by Communicator in

How to use round function in appendpipe?

This search works well and gives me the results I want as shown below: index="index1" sourcetype="source_type1" re...

by Path Finder in

Why is basic eval not returning results?

Hello I dont understand why: index="x" sourcetype="wmi:BatteryFull" OR sourcetype="wmi:BatteryStatic" | dedup host...

by Motivator in

Why are user details missing in the splunk logs?

Hello All, I have an ongoing issue with my Splunk environment. Actually an user "Alex" have added remote desktop u...

by Explorer in

How to find common errors in different log files?

In my environment I got one scenario like have to find common errors in iis log, applog,apache log and db log. How to...

by Path Finder in

Why is the search bringing "-" account results for event 4625?

Hi, This is the search that we are using for the dashboard and it brings all events with value "-". index=winev...

by New Member in

How to create a search for the fields using regex?

Hello, I have the following string pattern (source): /trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213...

by Builder in

How to match search with KV lookup files?

Hello, I have a KV file that is auto generated with username using a script running every hour. I want to match the u...

by New Member in

How to update lookup using macro?

When I want to update lookup using search like below, it updates lookup table even if there is no results, but I want...

by Builder in

Alter the width of single value panel

How to resize the width of single value dashboard panels in case if I have only one column in a row, instead of makin...

by Explorer in

Is there any other way other than the Lookup Editor to edit and manage lookup files?

Hello All, I was wondering if there's a way to manage lookup files in Splunk. What I want to do is to create/up...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are the columns reordered when implementing reporting command?

How to break a single event into multiple?

kvstore with custom key fields

How to create a single value timechart after stats?

Extract Hostname, Date and time from the log

multiple joins and subsearch question

Where to find unmatched regex events?

Need to dedup results based on id only if the field is not empty

How to get a field extraction match up till the first time a string is found?

How to lookup and match fields across sources?

Show IP address while using Geostats and iplocation

How to extract date of the latest event after group by?

How to merge rows with a common field?

Javascript tooltip showing results of a CSV lookup

Regex, and extracting the IP + hostname from _internal

How to use round function in appendpipe?

Why is basic eval not returning results?

Why are user details missing in the splunk logs?

How to find common errors in different log files?

Why is the search bringing "-" account results for event 4625?

How to create a search for the fields using regex?

How to match search with KV lookup files?

How to update lookup using macro?

Alter the width of single value panel

Is there any other way other than the Lookup Editor to edit and manage lookup files?

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions