Splunk Search

Discussions

Thread Info

How can I extract a field using rex that fulfils more than one condition?

So I want to extract the last word as a field on each search result but want to grab those that only fulfils the foll...

by Observer in

How to combine values from stats into single row?

Hi All, I am looking into using some proxy logs to determine download volume for particular streaming sites and was...

by Explorer in

EventCode Subsearch

I have an application that I am trying to monitor. There is a specific event code for when the tool is opened to mod...

by Explorer in

need for each Receiver_ID how much invoice total for 1 months span

i have log like this :2024-02-22 12:49:38:344 EST| INFO |InterfaceName=USCUSTOMERINV INVCanonicalProcess Sender_ID=Th...

by Path Finder in

Running queries not working at all

I created a standalone splunk container on openshift container platform with the help of "splunk operator for kuberne...

by Explorer in

Is there a way to keep row data together when using the stats command?

Hello, Is there a way to keep row data together when using the stats command? ID Loc FirstName LastName ...

by Builder in

How to change font size of texts inside table using dashboard xml source

Hi, I have a splunk dashboard with different panels i.e. pie chart, table etc. I need to increase the font size of te...

by Path Finder in

change the color of a column based on other column

Hi i have stats table with following

by Path Finder in

How to filter search results from query

Hi, I am looking to grab all windows events of successful NTLM logins without using Kerberos. Here is my query so far...

by Engager in

how to get the event time and _time difference in alert triggering time delay

how to show the how long alert took triggered from the time the event occurred. To calculate the "diff" in times, to ...

by Explorer in

How to use timechart span=30m to start with the exact time

Hi, My requirement is to find 30 mins result using timechart span=30m from the start time that I have mentioned. ...

by Engager in

how group a field values with the maxevents of 4, without using transaction command

Hi everyone,i need an alternative for the transaction command, bcoz its taking to much time to load the dashboard,thi...

by Communicator in

"Sort 0 desc" vs "sort 0 -" for data over 10,000

Hello,I don't know how to simulate this using makeresults, but I have data over 10,000 (let say 50,000)If I sort desc...

by Motivator in

compare two result

Hi I have a query that need to compare count of PF field for two log file: on splunk I have two query that create...

by Motivator in

how to keep sender name with space in search result

I am using Splunk Enterprise Version: 9.1.0.1. my search query is :index="webmethods_prd" source="/apps/webmethods/...

by Path Finder in

Search event

Can an event be searched using the transaction without any index or source values? Yes or No breif answer on sele...

by Loves-to-Learn in

Rex not stopping capture after match

I'm not sure why rex is properly matching the beginning of the value I am looking for (NameofTeam), but it also match...

by Path Finder in

How can I count events by location with a list of SERVERNAME's?

Our splunk implementation has SERVERNAME as a preset field, and there are servers in different locations, but there i...

by Explorer in

Search to check if request duration search has recovered

index=my_index source="/var/log/nginx/access.log" | stats avg(request_time) as Average_Request_Time | where A...

by Path Finder in

case-sensitive on subsearch

hi I have this situation index="idx" [| inputlookup name.csv | table id name ] idx= idname1a2aaa1A2aaa12abbb ...

by Path Finder in

Regex Help to extract fields

Can some one please help with the regex that can be used to view the below event in tabular format. Event INFO > ...

by Explorer in

Splint date/time filed in multiple fields for calculations

Hi.I have a single filed for date and time of event - 2024-02-19T11:16:58.930104ZI would like to have to fields Date ...

by Path Finder in

How to populate a single column with dynamic field values?

Hello I have a working dashboard where I have various fields that can be defined (field1 and field2 in the example)...

by Path Finder in

How to manage multiple regex using same field name

We have application data coming from Apache Tomcat's and have a regex in place to extract exception name. But there a...

by Builder in

query returned field passed to another query

I need help to write a search query where the result from the one query is passed onto the second query 1 we import...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I extract a field using rex that fulfils more than one condition?

How to combine values from stats into single row?

EventCode Subsearch

need for each Receiver_ID how much invoice total for 1 months span

Running queries not working at all

Is there a way to keep row data together when using the stats command?

How to change font size of texts inside table using dashboard xml source

change the color of a column based on other column

How to filter search results from query

how to get the event time and _time difference in alert triggering time delay

How to use timechart span=30m to start with the exact time

how group a field values with the maxevents of 4, without using transaction command

"Sort 0 desc" vs "sort 0 -" for data over 10,000

compare two result

how to keep sender name with space in search result

Search event

Rex not stopping capture after match

How can I count events by location with a list of SERVERNAME's?

Search to check if request duration search has recovered

case-sensitive on subsearch

Regex Help to extract fields

Splint date/time filed in multiple fields for calculations

How to populate a single column with dynamic field values?

How to manage multiple regex using same field name

query returned field passed to another query

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions