Splunk Search

Discussions

Thread Info

removing more than one field value conditionally

I am working on a query that lists hosts and their corresponding instances. My results look like the example below. ...

by Engager in

How to extract values from field and use it as column header

Hello all, how do I retrieve the values from my search and insert in the same row, extracting the values from the fie...

by Path Finder in

Optimize Regex

I am getting an error when using the following regex(?<=on\s)(.*)(?=\sby Firewall Settings)The error is "Error in 're...

by Explorer in

Calculate the number of events that occur between two other time values in each event.

Really struggling with this one, so looking for a hero to come along with a solution!I have an index of flight data. ...

by Path Finder in

Search help

Hi,In a table, I am looking to get a field value from previous available value in case its null.In below screenshot, ...

by Path Finder in

Add associated domain to values of dest_ip

I have a query that gets a list of destination ips per source ip. I also want to add a column for the associated doma...

by Explorer in

How to get events that have only a starting 'string' with no ending 'string' ?

What I am trying to write is some SPL code that will identify log events that only have a "Starting" event with no "C...

by Contributor in

Extract date and time

Hello Team, I need help in extracting the following date and time from the log,sample log: -0900, 04.25.01 THU 22FE...

by Path Finder in

Graph the difference between the totals of 2 search calculations

Dear SPLUNKos I need to create a time chart as per the belowRun one “grand total” searchRun second search which is...

by New Member in

Not getting results to lookup command

Hi,Need your assistance belowWe have created new csv lookup and we are using the below query but we are getting all ...

by Path Finder in

New install- why doesn't search work?

I have installed my first splunk enterprise on a linux server and installed forwarders on windows workstations using ...

by Loves-to-Learn Lots in

Need to create a pie chart out of a table

Hi All, I have got logs like below: Log1: </tr> <tr> <td >Apple</td> <td >59</td> <td >7</td> Log2: </tr>...

by Contributor in

how to pass the time range to input text fields for search data, when i select the time range through input=time

if select 24 hours in time filter, is there any automatic way to pass the 24hrs time rage to start date and end date?...

by Loves-to-Learn in

How to get sum of all columns into a new column?

Hi I need to do a sum of all columns into new column EVNT COL1 COL2 COL3 SUM 1 22 22 22 66 2 ...

by Explorer in

Passing lookup value to search

I have users.csv as a lookup file with almost 20K users. I'm writing a query for authentication events for a specifi...

by Engager in

Extract and/or add numbers from a string

I have string field: provTimes: a=10; b=15; c=10; it basically has semicolon separated sub-fields in the value. E...

by New Member in

Converting Splunk Curl API to Windows Powershell

I have a working script that allows me to retrieve the job ID of a search in Splunk. This is working in Windows usin...

by Path Finder in

Log alerts - Alert that tell when a log source stops sending logs to Splunk

I'm trying to build an alert that looks at the number of logs from the past three days and then compares it to the nu...

by Explorer in

regroup similar url without using tons of regex

Hi, Is there a way to regroup similar values without defining tons of regex. Let say I do a search that return url...

by New Member in

Get the 10 recent events for each host.

I am trying to write a search that will pull the 10 (or so) most recent events for each host. The tail and head comma...

by Explorer in

complex stats to trigger on count of events

I have this rule, I need it to trigger when results / count of events is greater than 4 but the "Trigger Condition" d...

by Explorer in

How to search all fields from a lookup CSV file in index event log

Hello Splunk members! I have a CSV Lookup file with 2 columns ClientNameHWDetSystem BD-K-027EY VMware I h...

by Explorer in

How to display specific timezone in table results instead of user preference timezone?

I spent a fair amount of time perusing Google and Splunk Answers but couldn't seem to find a solution that made sense...

by Communicator in

Need to convert only MB values to GB leaving GB values as it is.

Hi All, I have logs like below in splunk: Log1: Tue Feb 25 04:00:20 2024 EST 10G 59M 1% /apps Log2: Tue F...

by Contributor in

Issues with event parsing using prop configuration file

Hello, I have some issues with parsing events and a few sample events are given below: {"eventVer":"2.56", "userI...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

removing more than one field value conditionally

How to extract values from field and use it as column header

Optimize Regex

Calculate the number of events that occur between two other time values in each event.

Search help

Add associated domain to values of dest_ip

How to get events that have only a starting 'string' with no ending 'string' ?

Extract date and time

Graph the difference between the totals of 2 search calculations

Not getting results to lookup command

New install- why doesn't search work?

Need to create a pie chart out of a table

how to pass the time range to input text fields for search data, when i select the time range through input=time

How to get sum of all columns into a new column?

Passing lookup value to search

Extract and/or add numbers from a string

Converting Splunk Curl API to Windows Powershell

Log alerts - Alert that tell when a log source stops sending logs to Splunk

regroup similar url without using tons of regex

Get the 10 recent events for each host.

complex stats to trigger on count of events

How to search all fields from a lookup CSV file in index event log

How to display specific timezone in table results instead of user preference timezone?

Need to convert only MB values to GB leaving GB values as it is.

Issues with event parsing using prop configuration file

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!