Splunk Search

Discussions

Thread Info

How to map _introspection data.search_props.sid to the SPL of the search?

I have a search that uses index=_introspection, to return to me searches and their memory consumption. For an event o...

by Motivator in

How to extract fields from JSON data automatically (without spath command) with TCP forwarding?

Hello, 1- I was uploading my JSON formatted data to splunk manually up to now. My fields were being created for al...

by Path Finder in

Can you help me with my field extraction weirdness?

Hi, I have a field extraction situaton that I've never come across before, and hoping someone can help me. We h...

by Champion in

Why does my drilldown with the rex command return an "Unbalanced quotes" error?

Hello, I have the following drilldown in my dashboard panel: <link target="_blank"><![CDATA[search?q=...

by Builder in

Generate a choropleth map based on the states using geo_us_states

I am trying to generate a Choropleth map to show the density of requests for each state in the US. I am using the ...

by New Member in

How do I filter events based on LDAP search results?

Hi guys, I would like to Filter Events based on the result of a LDAP search. Especially, I would like to get all P...

by Path Finder in

./splunk: cannot execute

Hi, Im not able to run the splunk on Solaris, please let me know whats the problem. below is the solaris version and ...

by New Member in

Can you help me create the regex that captures a string with a space in it?

Hello I have a field with a space in the string : Model=WDC WD5000LPLX-60ZNTT1 But SPLUNK displays only the...

by Motivator in

Can someone help me extract a string from a raw XML log?

How do I use an eval field in a search command? Hi I have a Raw log with XML content in it. ex: 2018-06-19 15:...

by Engager in

Real time window not working with timechart

| eval _time=_time+28800 |timechart values(Acc_X_G) as Acc_X values(Acc_Y_G) as Acc_Y values(Acc_Z_G) as Acc_Z Abo...

by Explorer in

Can you help me with the following regex?

Hello I want to add a rex field in my search index="ai-wkst-wineventlog-fr" sourcetype="XmlWinEventLog" source=...

by Motivator in

Creating End_Loading_Time

Hi Splunkers, I am faced with another problem where the logs I have contain only 3 fields with Start_Loading_Time,...

by New Member in

Transaction command replies transaction duration for multiple start events and same stop event

Hi All, I'm trying to figure out a query that can give me the transaction time of the earliest occurrence of the s...

by New Member in

How do I correlate a search with an extracted field?

Hello, I'm looking for something simple, but I can't seem to wrap my head around it. I have this log entry for ...

by New Member in

How do I extract a new field from a table?

Hi, I extracted a field and am viewing it in a table. But some data has a comma (,) in between. I want to create a ne...

by New Member in

How do you use lookups to update a quantity (int value)?

I'm trying to use lookups to first populate on a daily basis for my stores inventory by item_id then I run a separate...

by Communicator in

Can you help me with the following query using the coalesce command?

I am trying this transform. Sometime the subjectuser is set and sometimes the targetuser. All works fine, but the dat...

by Path Finder in

How do you extract multi-value fields at ingestion & deduplicate other multi-value fields?

Hey everyone! I'm looking at extracting multi-value fields that contain multiple MAC addresses within a field. I ...

by Path Finder in

How do I hide a panel in my dashboard that is displaying "no results found" and that is being populated by a base search?

I have successfully implemented hiding panels in a dashboard that I'm not using base searches. But, when I apply the ...

by Engager in

Transforms REGEX will not search past first line of multi line event. What gives?

I am trying to match text inside a large multi line Event. I have the index working ok. But in transforms.conf it fai...

by Path Finder in

How do we restrict the users to see only the dashboards but the same time the user should not able to run any searches

We have to restrict the users to access only dashboards that too read only access ? How to achieve this

by Explorer in

Can't get lookup tables to function - Refuse to copy file from unsafe

OK, so I've spent a good bit of time trying to implement lookup tables according to the docs, and I'm getting no luck...

by Explorer in

Could not read event. Results may be incomplete

Hello, I am seeing the following error while running Splunk search. "idx=##INDEX NAME HERE## Could not read event:...

by Explorer in

How do I use lookups where field has two formats?

Owing to the way exchange outputs log files, for some reason we get two versions of the cs_username field username...

by Path Finder in

Why isn't table column formatting working for some rows in the following search?

Can anyone tell me why coloring on these true/false values is not working for all the rows?

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to map _introspection data.search_props.sid to the SPL of the search?

How to extract fields from JSON data automatically (without spath command) with TCP forwarding?

Can you help me with my field extraction weirdness?

Why does my drilldown with the rex command return an "Unbalanced quotes" error?

Generate a choropleth map based on the states using geo_us_states

How do I filter events based on LDAP search results?

./splunk: cannot execute

Can you help me create the regex that captures a string with a space in it?

Can someone help me extract a string from a raw XML log?

Real time window not working with timechart

Can you help me with the following regex?

Creating End_Loading_Time

Transaction command replies transaction duration for multiple start events and same stop event

How do I correlate a search with an extracted field?

How do I extract a new field from a table?

How do you use lookups to update a quantity (int value)?

Can you help me with the following query using the coalesce command?

How do you extract multi-value fields at ingestion & deduplicate other multi-value fields?

How do I hide a panel in my dashboard that is displaying "no results found" and that is being populated by a base search?

Transforms REGEX will not search past first line of multi line event. What gives?

How do we restrict the users to see only the dashboards but the same time the user should not able to run any searches

Can't get lookup tables to function - Refuse to copy file from unsafe

Could not read event. Results may be incomplete

How do I use lookups where field has two formats?

Why isn't table column formatting working for some rows in the following search?

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Automatic Discovery Part 2: Setup and Best Practices

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions