Splunk Search

Discussions

Thread Info

help regex

hello in a log file i want to extract every tetx which starts with EU\SH but i dont succeed could you help me please?...

by Motivator in

help with a sub search and pie chart

I have a pie chart that works great with a current search. I have been asked to add something to the pie chart that i...

by Path Finder in

Seperate Multivalue Fields with Carriage Return Delimiter

Hi all - I have data that appears like this: Field=Animal Cat Dog Fish Dog Fish Horse Cat Dog Pig .....wh...

by Communicator in

Sum value from distinct hosts over time

I have a bunch of hosts streaming logs that show metrics like cpu count. The problem is that they all send those logs...

by Path Finder in

Lookup stating that it cannot find all specified lookup fields in the lookup table.

I am attempting to find first time logons to new servers. I am trying to use a lookup to list a EventID Description r...

by Explorer in

Two multi-select input boxes, if the user puts a value in one hide the other one

Hi, I have this XML code. What I'd like to do is if the user selects a premise ID input value, then hide (or blank...

by Motivator in

Ignore a value in a multivalue if found in another field

Good day, Suppose I want to compare the data in Column A and Column B. Column B can be a multivalue field or not. If...

by Path Finder in

command to find count of specific errors

I want to find number of 500 , 200 , 300 error present in the logs . I have already fields extracted for error_code s...

by New Member in

Why is the below query not working?

I have to list the Job_Name orderid Start_Time End_Time. i am using the below query but not getting the values for En...

by Path Finder in

Powershell vs WMI

Hi I an SPL command i use the Win32_DesktopMonitor WMI class and SPLUNK is able to use all the fields correspondin...

by Motivator in

Find the missed id in the Query2 compared with Query1

I have 2 queries producing some results Query1: index=foo* sourcetype="abc_uvw" activity="POST*/test1" source="/lo...

by Explorer in

Spliting multiple events in a transaction column , into seperate columns

Hi All, So when im running a transaction based on starts with .... ends with... i'm getting two events of the tran...

by New Member in

How to check if field exists in two indexes

Hello, I am looking at two indexes with the same field, "hostname". I am looking to create a table of the host...

by New Member in

Extract domain part of list of emails addresses.

Hi, My results are a bunch of email address, I want to display them in table grouped by their domains. What's ...

by Explorer in

Maintenance Time query help

Hi, I'm using a lookup which stores maintenance periods and can be used to exclude events of downtime from my main...

by Path Finder in

Combine and use query results contained in 2 other queries.

My data model is like: Key Source Destination 1 a b 1 b c 1 a c 1 a e because the source result table is too larg...

by Path Finder in

Search ID or sid

i have extracted this log as i need to get the search id to get the SPL used. this is a search that triggers an alert...

by Communicator in

Is it possible to put values of multiple fields in a field in a sequence?

Hi, Is this possible to do in spl? For example I have these fields: What I need to do is to arrange...

by Path Finder in

How to create a field of percentiles of a stats field

I have constructed a responsetime field using eval resp=endtime-startime,now I want to get a list of percentiles from...

by New Member in

timechart span value produces different averages for the day

Case 1: earliest=-1d@d latest=-0d@d ... | timechart span=1h count as Samples, avg(duration) as avg vs. Case 2: earlie...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

help regex

help with a sub search and pie chart

Seperate Multivalue Fields with Carriage Return Delimiter

Sum value from distinct hosts over time

Lookup stating that it cannot find all specified lookup fields in the lookup table.

Two multi-select input boxes, if the user puts a value in one hide the other one

Ignore a value in a multivalue if found in another field

command to find count of specific errors

Why is the below query not working?

Powershell vs WMI

Find the missed id in the Query2 compared with Query1

Spliting multiple events in a transaction column , into seperate columns

How to check if field exists in two indexes

Extract domain part of list of emails addresses.

Maintenance Time query help

Combine and use query results contained in 2 other queries.

Search ID or sid

Is it possible to put values of multiple fields in a field in a sequence?

How to create a field of percentiles of a stats field

timechart span value produces different averages for the day

Invalid authorization - Code 3 - Why Splunk Zendes...

How to filter xml logs from wineventlog?

Combining multiple searches on multiple source fil...

How to use dst{} in data model?

How to add Filler gauge cpu/ram to dashboard?