Splunk Search

Discussions

Thread Info

Any way to combine these records?

SO I understand WHY I get the results I get but I am having a difficult time, most likely due to me, getting the resu...

by Communicator in

How do you use SED on a heavy forwarder to drop log data after the specified character count?

We are going to be pushing our logs through a heavy forwarder, so we have the ability to truncate a certain part of o...

by Explorer in

| metadata with powershell Search-Splunk command

I am trying to run the following search, which works fine from the regular Splunk search UI, but not in the Powershel...

by New Member in

How can I do different searches based on the inputfield value?

Hello everybody, In my dashboard i have two input fields Primary_field =* Secondary field=* my current search l...

by Explorer in

How do you assign a value to a field if it is missing the event?

I have the sample data which has all the fields like below [11/07/2018 09:59:00] CAUAJM_I_40245 EVENT: ALARM...

by Builder in

Can you help me with my python regex expression?

I'm new in Python, so i have this string: info1= "Jose Maria Almeida;00351 962341234;1997-12-19" I'm trying t...

by New Member in

When there are duplicate host names, how do you build a search that gets hosts' last activity?

We have a bunch of hosts. Some of them are kind of like duplicates in that they are just the host name, and some are ...

by Path Finder in

How to compute _indextime-_time difference average with tstats?

Hi, I'd like to calculate the average latency (_indextime-_time) with the tstats command, but I can not make it wo...

by Contributor in

How can I take date Values as Column Names?

Hello , I am writing one query in Splunk to retrieve the events from a JSON log file. I am getting one value of a ...

by New Member in

How can I extract multiple fields and values from the following raw information?

I have raw information as follows: Two times Kaspersky output within one 'section' -------------------------------...

by Path Finder in

Can you help me extract field and value pairs from a JSON log?

Hi at all, I searched through past answers, but I couldn't reach to adapt some of them to my data: I have JSON ...

by SplunkTrust in

How do I use the join command to detect if an item is in one list and not another?

Hi I need your help for the following: I have 2 lists: I want to detect when an item is in the list B and NOT...

by Explorer in

Can you help me with a query I have for an alert?

Hello experts, I am new to Splunk. I have a file with below values. I have Indexed time as well. I need to write a...

by Explorer in

How to change table header after using transpose command?

Hi I am using transpose command (transpose 23), to turn 23 rows to column but I am getting table header as row 1, row...

by Communicator in

Can you help me figure out why one of my table columns contains no values?

index=monthly_budget | chart sum(TOTAL_BUDGET) over sports_category by department limit=0 | transpose 0 header_field...

by Communicator in

How do you convert a month number to a month string?

Some timestamps use month numbers like "11" rather than strings like "Nov". I'm using this eval to make the conver...

by Engager in

Preserve host field under a new name while doing custom host extractions

Hi, we are receiving log data from various network devices on a syslog server. This log data is then forwarded to ...

by Path Finder in

Distinct values from XML array in timechart

I am looking at an XML response from an API that contains an array of messages. I want to timechart the messages for ...

by New Member in

How do you extract multiple key value pairs within a raw field?

Hello, I want to extract key value pairs from logs that contain a particular search string. Here is the example...

by Explorer in

I need to alert when one value from last 24 hours multiplied by 2 differs from dedup of 2 fields from the past 60 minutes

I have 36 servers that forward event sources with 2 distinct values. I need to compare the number of system names (fr...

by Path Finder in

To Rex or not to rex?

Hi All, Hope your having a great Day.. I have a dilemma ! I have the following log extract where i want to time...

by Path Finder in

Lookup + Summary Index: how to keep all the fields from the original event?

Hello there! I am using Splunk Enterprise 7.2.0. I am trying to set up the following flow: I have an index called ...

by New Member in

Tstat search taking a long time - "IO" "CPU" and "Disk Access" all very low - What can i do?

HI I am running a BIG TSTAT search off a Datamodel - The bottle neck is dispatch.stream.local + dispatch.fetch (I ...

by Influencer in

List of unused lookup definitions

Hi there, How can I get a list of unused lookup defs in my environment - so ones that I have lying around, but not...

by Builder in

Can you help us with the following Lookup table error: "ERROR LookupOperator - Error in 'lookup' command"

Can anyone help me with error below? ... 11-06-2018 16:34:19.371 WARN LookupOperator - Failed to find static look...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Any way to combine these records?

How do you use SED on a heavy forwarder to drop log data after the specified character count?

| metadata with powershell Search-Splunk command

How can I do different searches based on the inputfield value?

How do you assign a value to a field if it is missing the event?

Can you help me with my python regex expression?

When there are duplicate host names, how do you build a search that gets hosts' last activity?

How to compute _indextime-_time difference average with tstats?

How can I take date Values as Column Names?

How can I extract multiple fields and values from the following raw information?

Can you help me extract field and value pairs from a JSON log?

How do I use the join command to detect if an item is in one list and not another?

Can you help me with a query I have for an alert?

How to change table header after using transpose command?

Can you help me figure out why one of my table columns contains no values?

How do you convert a month number to a month string?

Preserve host field under a new name while doing custom host extractions

Distinct values from XML array in timechart

How do you extract multiple key value pairs within a raw field?

I need to alert when one value from last 24 hours multiplied by 2 differs from dedup of 2 fields from the past 60 minutes

To Rex or not to rex?

Lookup + Summary Index: how to keep all the fields from the original event?

Tstat search taking a long time - "IO" "CPU" and "Disk Access" all very low - What can i do?

List of unused lookup definitions

Can you help us with the following Lookup table error: "ERROR LookupOperator - Error in 'lookup' command"

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!