Splunk Search

Discussions

Thread Info

Why am I receiving an error in 'rex' command?

Hi team, I want to ask: I cannot do extract new field and its show this error. Error in 'rex' command: The regex '...

by Explorer in

how to find out the data available for a sourcetype

Hi, Can i please know about how to find out a old data available for a sourcetype. For example, if i have a sourcetyp...

by Explorer in

Can you help me extract some data with regex?

Hi, I have this data {"method":"GET","url":"/rest/icontrol/logout","params":{},"requestStartTime":1548363789220...

by Motivator in

values Shared by Search output and Lookup

TIA. This has probably been asked and answered dozens of times but my brain is now mush. The following search give...

by New Member in

How do I round only certain columns/fields ?

How do I round only certain columns/fields ? below this | foreach * [eval <<FIELD>>=round('<<FIELD>>',2)] will round ...

by Motivator in

Can you help me with a problem with an AND operator in a CASE and IF statement?

I have one lookup in which there is a field which consist Team Member A1 A2 A3 A4 A5 A6 A7 Now,If TeamMember=...

by New Member in

How do you rename chart columns and add a dynamic count in brackets?

I've got an average session duration (gotten via | Transaction) broken down by EndStatus. EndStatus is the cause of t...

by Path Finder in

How to display "0" instead of "No Results Found"

Hi guys! I have the below query for a Single Value Dashboard Panel. It is counting the daily total error duration ...

by Communicator in

How to Extract Values from a KV within a event log

I have the below log event. [INFO ] 2019-01-24T04:09:20,513 [thread=framework1234] className=DummyConsumer - {} -...

by Explorer in

Is there a way to set a field alias at search time?

Is there a way to set a Field Alias as search time, I am building a report looking at Windows Event IDs, In this case...

by Path Finder in

Get time difference between events based on the following event

My data looks like this: 1. System CheckpointName ProcessTimestamp ConnectionId 2. SAP Check...

by Path Finder in

Speeding Up a Search Query Matching Subquery Results

Hello, I have a search I'm trying to speed up. I have a list of field values stored in a KV store. I use an inputl...

by Path Finder in

Multiple time logs in one timestamp

Hello Multiple time logs in one timestamp example 19/01/24 10:28:51 [2019-01-24 10:28:51] DEBUG [SyslogReceiver...

by Engager in

Why can't I see data in the Search App's "Data Summary", but the data is searchable?

Hi all, I monitor files on a heavy forwarder and use different sourcetypes and hosts for each file, but one common...

by Explorer in

Big static report

I had to have yearly report on my main dashboard. Creating it every day would be really hard, so I am wondering can I...

by Explorer in

Can you help us set a field value based on a field in another event?

I'm looking to set a field value in an event based on field values in another event. Given the data: ev=1 req =...

by New Member in

How to extract JSON array into a table when there is an optional key/value field in the array?

I have a JSONArray with embedded array and an optional field. I'd like to print the data into a table, with each fiel...

by Engager in

Which regex is the correct extraction for Splunk EPOCH timestamp with decimal microseconds configuration in props.conf ?

I have timestamps in my data sources that are EPOCH with fractional microseconds for example: 1547528398.991103 15...

by Explorer in

Python SDK splunklib slow search compared to search app on search head.

Via Python REST API SDK jobs.create(search) search starts and runs, but takes like 20 minutes compared to search app ...

by Explorer in

Can you help me using dedup and count?

I have the following search based on F5 logs that count the HTTP POSTs by src in a five-minute bucket: index=f5 ac...

by Influencer in

Could you introduce and use dynamic statistics in eval commands?

I'm trying to calculate an average column in a chart by renaming the Total column (created with the addtotals command...

by Engager in

maping a client name resolution search result to an IP address at the time of name resolution

Good day, I am trying to create a search that can first search DNS for a certain domain name and after if finds a mat...

by Path Finder in

Why isn't this field transform working?

Hi everyone, I'm having trouble applying the following fields transformation — it's not "parsing" during search time....

by Communicator in

Lookup matching field and bring in new field from lookup

Hello, I've been banging my head against the wall over the last like two hours over this and figured I should just po...

by New Member in

How do you calculate the difference between two date/time fields and get results in milliseconds?

I am trying to calculate difference in my two custom date time/fields and get output results in milliseconds. I tr...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I receiving an error in 'rex' command?

how to find out the data available for a sourcetype

Can you help me extract some data with regex?

values Shared by Search output and Lookup

How do I round only certain columns/fields ?

Can you help me with a problem with an AND operator in a CASE and IF statement?

How do you rename chart columns and add a dynamic count in brackets?

How to display "0" instead of "No Results Found"

How to Extract Values from a KV within a event log

Is there a way to set a field alias at search time?

Get time difference between events based on the following event

Speeding Up a Search Query Matching Subquery Results

Multiple time logs in one timestamp

Why can't I see data in the Search App's "Data Summary", but the data is searchable?

Big static report

Can you help us set a field value based on a field in another event?

How to extract JSON array into a table when there is an optional key/value field in the array?

Which regex is the correct extraction for Splunk EPOCH timestamp with decimal microseconds configuration in props.conf ?

Python SDK splunklib slow search compared to search app on search head.

Can you help me using dedup and count?

Could you introduce and use dynamic statistics in eval commands?

maping a client name resolution search result to an IP address at the time of name resolution

Why isn't this field transform working?

Lookup matching field and bring in new field from lookup

How do you calculate the difference between two date/time fields and get results in milliseconds?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions