Splunk Search

Discussions

Thread Info

How do you use the rex command to extract a certain error?

I am trying to extract a certain error and then plot in on an are chart using rex. Below is the error I am looking fo...

by Explorer in

How do you find the time difference for fields within transactions?

CorrelationID=1==, CaseID=2 endProcess=SubmitInfo , 2019-02-02 11:02:06,130 CorrelationID=1==, CaseID=2 STartProcess=...

by New Member in

Proofpoint is not loading

I installed the add-on for proofpoint. The add-on link is https://splunkbase.splunk.com/app/3681/. I am using spl...

by Path Finder in

How to use condition search by check on $click.value$ of parameter.

Hello I have 2 chart (1. Top 10 Signature) (2. Source IP Address) My query can show overall event but can't show s...

by New Member in

using map and if/isnull but missing fields in base is causing failure

hi could someone please help me out here. been stuck with a problem. we have multiple existing queries in our environ...

by New Member in

What is the meaning of the following statement?

In the following search: index=_internal source=*metrics.log group="per_host_thruput" | eval GB=kb/1048576 | stats...

by Explorer in

Syslog forwarding and load balancing

Hello, I would like to know if it is possible to have load balancing for the syslog forwarding feature of Splunk. ...

by Explorer in

Concurrent scheduled saved searches

I have about 50 saved scheduled searches that run every minute. And now, there is a situation that every minute those...

by Path Finder in

Can you help me update some field values from a lookup table?

Hi Team, I have the following field values in a look up file BUS_DT+1,11:00 BUS_DT+0,12:00 i want to update...

by Explorer in

How to search for all devices in my environment that are sending logs to Splunk?

Morning Guys I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware f...

by Communicator in

chart stacking

i have a single column with different values. i would like to show them as a stacked bar chart.. but when i chart ...

by Builder in

newline in Splunk query

Hi, Please help me with a newline command in Splunk query

by Explorer in

Combining fields from 2 sourcetypes in a stats block

All, my query below just returns the values from the first sourcetype (first 3 lines in |stats). The fields from the ...

by Explorer in

Extracting text from fields Question

How would you create a new field for example, color, by extracting the text from the value to an existing field, for ...

by New Member in

Is it possible to kill or disable long running searches??

Hi, is it possible to kill or disable long running searches automatically. For example whenever we hit performance is...

by Explorer in

Excluding a list of IP's from the results

I have a list of IP's in a CSV that I need to exclude from the results of a query. Below is a my query. How can I app...

by Path Finder in

Splunk aggregation

due to the splunk couldn't aggregate logs I want to use arcsight smart connector, I think I should use splunk app for...

by Path Finder in

How to get calling report/alert name/title from called saved-macro?

I'm using a search-macro in alet(s), the search-macro is writing search (alert) results to file, I would like to crea...

by Path Finder in

Splunk eval if with wildcard

Im trying to set a boolean based on a match in a string. I want to set a value to 1 if it does not match ingestion* a...

by Path Finder in

How to use jquery confirms and alerts in splunk.

How to use jquery confirms and alerts in Splunk

by New Member in

How do you make it so an event field name doesn't overlap with Splunk default fields?

Hi there, I have a dataset that writes a logfile that has a field named host in it by default. Is there a way to ...

by Path Finder in

Why would the rex command ignore special characters in a search?

I have my log like params=All Items | ABC | 2019-01-29 | | | | | | | = | | = | | | | | | ,uri=/api/ite...

by New Member in

regex field extraction - match field in double quotes after sting match

I'm attempting to build a regex that will extract a field enclosed in double-quotes, after a string match. Basically ...

by Explorer in

Can you help me build a search that finds scheduled reports that are running?

Hi! I need help with a search to find scheduled reports that are running. I want to know what are exactly running ...

by Explorer in

search to find total amount in a particular index

Im looking to find the total amount of data that was ingested for a particular index. We usually use out deployment s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you use the rex command to extract a certain error?

How do you find the time difference for fields within transactions?

Proofpoint is not loading

How to use condition search by check on $click.value$ of parameter.

using map and if/isnull but missing fields in base is causing failure

What is the meaning of the following statement?

Syslog forwarding and load balancing

Concurrent scheduled saved searches

Can you help me update some field values from a lookup table?

How to search for all devices in my environment that are sending logs to Splunk?

chart stacking

newline in Splunk query

Combining fields from 2 sourcetypes in a stats block

Extracting text from fields Question

Is it possible to kill or disable long running searches??

Excluding a list of IP's from the results

Splunk aggregation

How to get calling report/alert name/title from called saved-macro?

Splunk eval if with wildcard

How to use jquery confirms and alerts in splunk.

How do you make it so an event field name doesn't overlap with Splunk default fields?

Why would the rex command ignore special characters in a search?

regex field extraction - match field in double quotes after sting match

Can you help me build a search that finds scheduled reports that are running?

search to find total amount in a particular index

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions