Splunk Search

Ask a Question

Discussions

Thread Info

How do I extract a field value after a specific string in unstructured data?

Hi, I would like to extract a new field from unstructured data. FX does not help for 100%, so I would like to use ...

by Motivator in

Can you help me with my regex expression?

Hi Team, I'm struggling to get the regex expression for the following values. I want to capture the text before th...

by Explorer in

How to get latest parameter from csv disregarding empty values

Hi splunk comunity! I have dashboard with text input, which starts to execute when i change my parameter in text b...

by Explorer in

How do I search from 2 different indexes?

Hi, How do I search in two indexes? I am looking for the IP address in both the indexes at that same point of time...

by Explorer in

Search for POST params

Hi- I am pretty new to Splunk. Can we search for a specific (form) parameter against a POST REST call ?

by New Member in

Splunk extraction of fields for email texts

I have the infra as shown below: Splunk Log Forwarder-> Splunk Indexer The Log forwarder defines which data goes i...

by Engager in

How to calculate no of opened ticket in past in splunk

Hi , i want to calculate total no . of opened incidents by a user over a time interval in dynamic environment in s...

by New Member in

help on rangemap command with loadjob

Hi I use the search below in order to display GOOD or BAD in a panel When I execute the query i have a result But...

by Motivator in

Can you help me with a subsearch?

Hi, I use the search below in order to display the model of a host for only the host which has a Wear_Rate>0 Bu...

by Motivator in

How to capture 2nd max value of a field and compare with 1st max value of the same field

I have data in json format as following:- {Run=1 , Average=2.1, Max=3, Min=1.4, Transaction=Sample1} {Run=1 , Average...

by New Member in

Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip)

I am using distinct count with time chart for the whole day (yesterday). The result is varying if the span is changed...

by New Member in

Reference Time on Dashboard Load (and adjust to time change)

Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right ...

by Path Finder in

Two searches but only need to return results of the second search that match the first

ok so...I have been banging my head against the wall on this one for a bit. I have tried using join (which I don't an...

by New Member in

Dedup search results not showing for a user

I have a user that is a doing a search that has | dedup in it. While I can see the results when I run the search (I'm...

by New Member in

help on join command please

hi I use the search below index =* sourcetype=* | dedup host | stats count This search returns 87 events I...

by Motivator in

how to display a 0 result instead an empty result

hi I use the search below and I would like to have a 0 results displayed when there is no events corresponding cou...

by Motivator in

After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days?

I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the c...

by Path Finder in

Search to find indexes with events and display index size, total events , earliest and latest events per index

Hi, what would be the best way to find indexes with events and display its size, total events , earliest and lates...

by Builder in

Compare current and last one hour event value in same search.

Hi All, I have to monitor the queues. And for that I have made the basic dashboard where it shows the details. Det...

by New Member in

Can you help me create the regex for an Index time field extraction?

Hi, We are trying to create an index time field extraction. I tried following the docs, but I am making a mistake ...

by Path Finder in

Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error

index=app_core sourcetype=app_log cluster_name=app1_cluster is_scheduled=1 | eval [ search index=app_core sourc...

by Explorer in

Is Splunk 7.x Fundamentals Part 1 (eLearning) free?

I just finished all the modules and the final quiz, my question is Do I have to pay for the certification of "Splunk ...

by New Member in

How do you search logs for a letter at a specific position?

I'm very new to Splunk and need help with a search. I want to perform a search to show me the results where the 5...

by Explorer in

Simple Regex in search

I have a string of data that includes a field named user that has a value made up of domain\userid (eg prod\3245762 o...

by Contributor in

lookup a csv if a field has certain value

Good day, I have a lookup file "Mainlookup.csv" that contains an IP address, Mac address and Host name of Clients ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I extract a field value after a specific string in unstructured data?

Can you help me with my regex expression?

How to get latest parameter from csv disregarding empty values

How do I search from 2 different indexes?

Search for POST params

Splunk extraction of fields for email texts

How to calculate no of opened ticket in past in splunk

help on rangemap command with loadjob

Can you help me with a subsearch?

How to capture 2nd max value of a field and compare with 1st max value of the same field

Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip)

Reference Time on Dashboard Load (and adjust to time change)

Two searches but only need to return results of the second search that match the first

Dedup search results not showing for a user

help on join command please

how to display a 0 result instead an empty result

After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days?

Search to find indexes with events and display index size, total events , earliest and latest events per index

Compare current and last one hour event value in same search.

Can you help me create the regex for an Index time field extraction?

Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error

Is Splunk 7.x Fundamentals Part 1 (eLearning) free?

How do you search logs for a letter at a specific position?

Simple Regex in search

lookup a csv if a field has certain value

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!