Splunk Search

Ask a Question

Discussions

Thread Info

How do you show unique downloads and their location using the geomap command?

I am trying to show unique downloads and their location using the geomap command. Without geomap, my download quer...

by Communicator in

Make my splunk query more performetric or efficient

I have write the below query , Can someone rewrite the query in more efficient way. Basically I am trying to see bre...

by Explorer in

Creating new field on each regex match

Hello Splunk Community! As I am quite new to Splunk/Regex, I've got a silly question that may be simple for you: ...

by Path Finder in

Suitable Sourcetype for uploading a file in json format

Hello, I am parsing a file in JSON format to splunk entrprise but the sourcetype is not selected automatically, when ...

by Path Finder in

How do you make a regex to remove a string from file path in inputs.conf?

I want to change a source by removing a "hostname" from file path (string) using inputs.conf Currently, the source...

by Engager in

Please see the followings outputs. Data is there which is confirmed using outputtext command but it is not getting displayed as shown in 1st picture.

by Explorer in

How do you make a regex to extract the following value?

Hi, I want to extract a value from the following line: systemGuid=9516e36a-e5e9-4ec5-a449-edcaeb5f227f, I n...

by Explorer in

Custom Search Command - Can I emit multiple records for each input record?

I'm have a custom command that parses an input field in each given record and emits 0 to N records as its output. I'm...

by Explorer in

Help on stats and on regex in a same query

hello I use the code below index="windows-wmi" (sourcetype="WMI:LastLogon" OR sourcetype="WMI:LastReboot") | dedup...

by Motivator in

Is there an alternative to the Appendcol command?

Need help!!! I am intending to make a table with the country wise sum(percent90). If i do the below, it will just ...

by Path Finder in

How do I do maths with the results of a search for the results that I'm actually after

I have a search similar to this that gets me stats that are the first step in what I'm after: index=balloons | sta...

by New Member in

Why can't I search in Splunk ? "Splunk cannot authenticate the request CSRF validation failed"

I can no longer search anything on any local splunk instance from my firefox browser. Firefox + plugins Splunk 6....

by Splunk Employee in

How to search events with matching IP addresses from two different indexes?

Is there any way I can match an IP address from two different Indexes & provide a result? For Example: If there is...

by Explorer in

Impossible not to use a join: Prove me wrong

Hi, I have a situation in which I cannot think of any other way to do it besides using a join. This is less than i...

by Path Finder in

How do I skip words in a field extraction?

I am working two extract fields and I have the following two lines: "ActionName processing for AccountName complet...

by Contributor in

How do you write a Regular expression in props.conf for only one field?

Hi All, How do I write a regular expression in props.conf for only one field ? like rex field=ab "regex" tha...

by New Member in

How to provide permissions for kvstore lookups?

I am setting up permissions for kv store collections. I tried to give permission in local.meta in my app for all the ...

by Path Finder in

How do I merge values from two fields into key/value pairs in one field?

We have the following sample event data: Timestamp=2018-11-27_14:32 Hostname=xxxxx Service=xxxxx Domain=xxxx JVM=x...

by Engager in

checkpoint Log R80.10 with log forwarder to Splunk (win) field extraction

Hi - We're on R80.10 and the logs are coming through fine into a separate index. I've installed the Check Point Ap...

by Explorer in

How to get previous field value where other fields are equal?

Im trying to find out how streamstats work, but the documentation is way off compared to the actual results in Splunk...

by Path Finder in

How do I get the second datetime from the following log ?

Hi Expert, I have the below log. In this, I have 2 different time with different formats. I need to set a second ...

by Builder in

How can i use the append command based on an If condition ?

Hi All, i have a base search ,with field A , If field A >0 , I have to append another search query that return...

by Motivator in

Search & timechart: faster and slower when using fields command?

Hello! I have an index with more than 25 million events (and there are going to be more). There is a saved search ...

by New Member in

Is it normal for a rolling restart of 18 indexers to take 12-24 hours?

We are having an issue recently where a rolling restart of our indexer cluster can take 12-24 hours for 18 indexers. ...

by Explorer in

Why is my lookup(.CSV) search not filtering results?

I have a CSV lookup table that has 14,610 rows. I want to filter the lookup, so when I use it in my main query, it is...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you show unique downloads and their location using the geomap command?

Make my splunk query more performetric or efficient

Creating new field on each regex match

Suitable Sourcetype for uploading a file in json format

How do you make a regex to remove a string from file path in inputs.conf?

Please see the followings outputs. Data is there which is confirmed using outputtext command but it is not getting displayed as shown in 1st picture.

How do you make a regex to extract the following value?

Custom Search Command - Can I emit multiple records for each input record?

Help on stats and on regex in a same query

Is there an alternative to the Appendcol command?

How do I do maths with the results of a search for the results that I'm actually after

Why can't I search in Splunk ? "Splunk cannot authenticate the request CSRF validation failed"

How to search events with matching IP addresses from two different indexes?

Impossible not to use a join: Prove me wrong

How do I skip words in a field extraction?

How do you write a Regular expression in props.conf for only one field?

How to provide permissions for kvstore lookups?

How do I merge values from two fields into key/value pairs in one field?

checkpoint Log R80.10 with log forwarder to Splunk (win) field extraction

How to get previous field value where other fields are equal?

How do I get the second datetime from the following log ?

How can i use the append command based on an If condition ?

Search & timechart: faster and slower when using fields command?

Is it normal for a rolling restart of 18 indexers to take 12-24 hours?

Why is my lookup(.CSV) search not filtering results?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions