Splunk Search

Discussions

Thread Info

How to get calling report/alert name/title from called saved-macro?

I'm using a search-macro in alet(s), the search-macro is writing search (alert) results to file, I would like to crea...

by Path Finder in

Splunk eval if with wildcard

Im trying to set a boolean based on a match in a string. I want to set a value to 1 if it does not match ingestion* a...

by Path Finder in

How to use jquery confirms and alerts in splunk.

How to use jquery confirms and alerts in Splunk

by New Member in

How do you make it so an event field name doesn't overlap with Splunk default fields?

Hi there, I have a dataset that writes a logfile that has a field named host in it by default. Is there a way to ...

by Path Finder in

Why would the rex command ignore special characters in a search?

I have my log like params=All Items | ABC | 2019-01-29 | | | | | | | = | | = | | | | | | ,uri=/api/ite...

by New Member in

regex field extraction - match field in double quotes after sting match

I'm attempting to build a regex that will extract a field enclosed in double-quotes, after a string match. Basically ...

by Explorer in

Can you help me build a search that finds scheduled reports that are running?

Hi! I need help with a search to find scheduled reports that are running. I want to know what are exactly running ...

by Explorer in

search to find total amount in a particular index

Im looking to find the total amount of data that was ingested for a particular index. We usually use out deployment s...

by Explorer in

How do you do a conditional Eval?

The scenario is this. I have a two field name name joe and bob. if bob help a job it indicate yes as its field val...

by Explorer in

Percentage not showing on Timechart correctly

Hi Splunk Experts, I'm doing a calculation and adding to timechart like so eval Thread4 = (avg4 * total_events * ...

by Path Finder in

How do you edit props.conf to correctly parse data from a PowerShell script?

I have a powershell script which feeds data into Splunk via a UDP port. The output of the script is as follows: Ab...

by Explorer in

How to match the values from different rows on a table and compare result.

I have 2 tables contains random msisdn which can be repeated in one another as follows: Table1 | Table2 msisdn1 | ms...

by New Member in

Can someone explain concurrent historical searches to me?

I do not understand what is meant by concurrent historical searches. Can someone else explain what it means to me?...

by Path Finder in

In a table output that uses the stats command, how do you convert a row to a header?

How do I convert the output of a table from stats command that looks like this: TIME VALUE METRIC time1 a 100 time...

by Explorer in

How to set height for bar chart Bars?

I have created a few bar charts. In that few of the charts have 10 bars,5 bars, and 1 bar. All of these charts bars s...

by New Member in

How do I extract a field between two strings using a regular expression?

I have logs having string like: 127.0.0.1|> GET /alldata 127.0.0.1|> GET /somedata 127.0.0.1|> GET /nodata 127.0.0...

by Explorer in

Data models slow after restart - tstats

HI Every Saturday we do a full stop of Splunk and we do a full back up + restart. The issues is come Monday mornin...

by Influencer in

Search query required to lookup a csv file

Hi, I need to check if the source address from the firewall logs is in private ip address range. How would i check...

by Explorer in

String compare regex wildcard

(( host="vwp054" AND source="E:\\Apache\\apisit\\*")) | eval site = if(match(source,"E:\A.*"),1,0) | eval aba = if(...

by Explorer in

How can I add a matched lookup field to my stats command output?

Hi all, My apologies if the title was a bit vague, wasn't sure how to word it! I have a search which identifes ...

by Explorer in

Change table representation

I have a table as follows: CN|Lev|ref1|ref2|ref3|ref4|ref5|ref6 cn1|1|1|2|3|4||| cn2|2|||||5|6| The representat...

by New Member in

How do you set date_mday for yesterday?

If I run the following search, adjust the time picker to the last 7 days, AND the 28th falls within the time picker d...

by Path Finder in

Rex to extract text that ends with either one of multiple words

Hello all, I have data like this reason="abc";appName=.... reason="xyz";ERServer=... reason="dfg",ClientBob=... ...

by Path Finder in

How do you build a panel with different source inputs?

I am trying to build a panel where I would like to input the source and present in a radial guaze. The simple quer...

by Explorer in

How do you get a distinct count of one field based on the value of another?

I need to count the total based on status, but also the number of sessions for each status. The number of sessions is...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get calling report/alert name/title from called saved-macro?

Splunk eval if with wildcard

How to use jquery confirms and alerts in splunk.

How do you make it so an event field name doesn't overlap with Splunk default fields?

Why would the rex command ignore special characters in a search?

regex field extraction - match field in double quotes after sting match

Can you help me build a search that finds scheduled reports that are running?

search to find total amount in a particular index

How do you do a conditional Eval?

Percentage not showing on Timechart correctly

How do you edit props.conf to correctly parse data from a PowerShell script?

How to match the values from different rows on a table and compare result.

Can someone explain concurrent historical searches to me?

In a table output that uses the stats command, how do you convert a row to a header?

How to set height for bar chart Bars?

How do I extract a field between two strings using a regular expression?

Data models slow after restart - tstats

Search query required to lookup a csv file

String compare regex wildcard

How can I add a matched lookup field to my stats command output?

Change table representation

How do you set date_mday for yesterday?

Rex to extract text that ends with either one of multiple words

How do you build a panel with different source inputs?

How do you get a distinct count of one field based on the value of another?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions