Splunk Search

Discussions

Thread Info

Can you help me build the regex that would extract a filename without filenamenumber and extension?

Hi, i am not familiar with regex and am trying to extract only the filename from the following data without the nu...

by Explorer in

Where is the .conf file for the lookup definition?

I've looked hard, but I can't seem to find the .conf file of Lookup Definition. I know it can be done on the user int...

by Builder in

Can I optimize an mvzip, mvappend, and mvexpand combination for creating additional events?

Hello, I am looking for optimization advice for a use case in which I need to create new event data and then calcu...

by Motivator in

How do you get sklearn algorithm to work in Splunk?

I have added another algorithm SVR in Splunk Enterprise with the way on the website below, and it works. But I'm conf...

by Explorer in

Why do my results appear and then disappear on a map?

Dear All, I have a geostats search that is providing a mapped view of events over a single area. It is like this: ...

by Communicator in

How do you perform a search based on lookup values?

Hello, I'm trying to do an outer join, but without actually using a join, I have a lookup with names and based on...

by Explorer in

Splunk Tableau ODBC connection and date field parsing

We are connecting to Splunk from Tableau via ODBC. It worked fine for most of the time. Recently we are facing [S...

by New Member in

What is the best practice to perform a query using distributed search?

Hello Splunkers, I've a issue with my distributed searches. I've one search head and 2 indexers. Both indexers ...

by Path Finder in

Why is the transaction command not working?

Hello Everyone...I have the below query and I want to evict transactions that starts with Message arrived but not end...

by Explorer in

External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. "

I keep receiving the error "External search command 'ldapfetch' returned error code 1. Script output = "error_message...

by New Member in

Can you help me come up with the regex to get the domain + scheme?

Hi, I tried many things but I still cannot get to the correct result. my field value looks like this http://34...

by Explorer in

How do I show nested field in one box in a table?

How can I get the nested JSON in this field called "Message" (see below) with the nested fields (here currentMessage)...

by Engager in

How do you exclude two matching field values in a search?

Hello, I want to make a very specific exclusion from my search. In my case, there are two different field names I ...

by Explorer in

use streamstats for checking multiple column values

How can I use streamstats for checking multiple column values.(With or without foreach command for multiple columns)

by Path Finder in

Why is an unknown value showing up in my search?

One of my dashboards reflects some data which actually isn't present in the data input. It might have been present be...

by Path Finder in

How can I build a regex to extract xml field value?

I want to extract XML field value ItemType and ItemNo from following XML. How can I build the Regular expression? ...

by Path Finder in

Problem with agent

Hi Splunk Team. I have a problem with the agent as follows: I added a monitor to the directory, then 2 hours I ...

by New Member in

get the list of keyword values which is present in one query and not present in second query

we have two queries . both the queries have same keyword with value.so we would like to list the values of the keywor...

by Engager in

How to average fields together across multiple columns grouped together by the field name containing a specific string ?

I am trying to average fields together across multiple columns based on a specific string (A_Field and B_Field) Fo...

by Engager in

calculate concurrency of transactions

Hi Splunk people. I am trying to map the number of concurrent transactions. This is not exactly the same than the ...

by Splunk Employee in

How do you calculate the time between events with the streamstats command?

Hello guys, I have data like this using Splunk 7.1 and I would like to calculate minutes between start and end of ...

by Motivator in

Joining values from two indexes and returning just specific values

Hello fellow Splunkers I'm trying to figure out how to join values from 2 indexes and return one field (from one o...

by Path Finder in

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

I am using souretype cisco:wsa:squid, however I tried all the cisco:wsa:w3c as well, no luck so far? No sure where am...

by New Member in

What is the difference between format and return in subsearch?

i am new to Splunk. Please let me know when to use format and return in a Splunk subsearch.

by New Member in

How do I pass a single value query output to a field?

I have a requirement to print the source count from how many hosts we are collecting. Expected output: source_coun...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me build the regex that would extract a filename without filenamenumber and extension?

Where is the .conf file for the lookup definition?

Can I optimize an mvzip, mvappend, and mvexpand combination for creating additional events?

How do you get sklearn algorithm to work in Splunk?

Why do my results appear and then disappear on a map?

How do you perform a search based on lookup values?

Splunk Tableau ODBC connection and date field parsing

What is the best practice to perform a query using distributed search?

Why is the transaction command not working?

External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. "

Can you help me come up with the regex to get the domain + scheme?

How do I show nested field in one box in a table?

How do you exclude two matching field values in a search?

use streamstats for checking multiple column values

Why is an unknown value showing up in my search?

How can I build a regex to extract xml field value?

Problem with agent

get the list of keyword values which is present in one query and not present in second query

How to average fields together across multiple columns grouped together by the field name containing a specific string ?

calculate concurrency of transactions

How do you calculate the time between events with the streamstats command?

Joining values from two indexes and returning just specific values

Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields

What is the difference between format and return in subsearch?

How do I pass a single value query output to a field?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6