Splunk Search

Discussions

Thread Info

How do you combine one REST search with one of the _internal license_usage.log?

The REST search | REST /services/data/indexes | search NOT title=_* NOT title=splunklogger NOT title=firedalerts ...

by Motivator in

Can you help me with my multi-field field extraction query?

I have a field in an event that contains a number of separate individual fields. What would be the most efficient way...

by Communicator in

Which is the best approach to use with an eval+case+wildcard+chart by 2 fields?

I've read as many examples as I can and I still can't figure out how to get this to work. We are using 6.6.2. I am...

by Loves-to-Learn Lots in

Limit for chart with split-by clause ?

Hi, i have this search: index=foo | eval length=length(_raw) | chart eval(sum(length)/1024/1024) as MiB by appl...

by Communicator in

Combining events into one

We're experiencing a problem with having indexed data with the default MAX_EVENTS value of 256. While this can be fix...

by Builder in

How do you route windows event logs based on filters on a heavy forwarder?

Hi, We have had this working in the past, but for some reason, now, i am unable to forward filtered events to one ...

by Path Finder in

How to do regex based on commas

I have data like this: 21,enrollmentgroup,19936,40:G6:7Q:G6:89:FG,,nitro - Circle.one10,Phone,11.1.11313,C,10/25/1...

by Contributor in

Is it possible to list the filters of the initial search with the results of a subsearch?

Here is the scenario. I have two indexes (index=AV and index=Packet_Analysis) I use index=AV to find attack sig...

by Builder in

Collect values from syslog logging

Hello, I am new to splunk and have the following question. Below is snippet from a syslog logging. I would like to...

by New Member in

How do I list unique IPs of infected computers per day and then list new IPs from the previous day?

I have a query that looks at SEP logs. index=SEP Sig_String='Attack: Bad Stuff" Remote_IP=10.* | bin _time span=...

by Builder in

What is the best way to pull out IP Addresses from a multivariate field?

Basically, I have a multi value field where each value is a free form piece of text corresponding to dated text entri...

by Path Finder in

How do I get a subtraction of two fields when they share a common value?

I am having three columns in primary_key, service_name , timestamp. I want to get a subtraction of values present ...

by Path Finder in

How to group by month if we have data from.

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

Eval round gives inconsistent half-rounding results

I tried setting up a Splunk alert to check for inconsistencies between a rounded total and a raw total, but the alert...

by Engager in

Extracting unique Null Pointer Exception from the logs via Splunk

I am looking to extract unique NullPointerException from the Splunk Logs. Unfortunately somehwere my regex is isnt ex...

by New Member in

Can you help me with my stats count?

hello I use the request below, which works: index="windows" sourcetype="wineventlog:Application" "SourceName=*"...

by Motivator in

How do I use the eval command to calculate error rates and show them as percentages?

Hello, I am creating a dashboard in which I am displaying total logins, successful logins, failed logins, error ra...

by Path Finder in

How do I rename the values in the following field?

https://drive.google.com/file/d/13tgNyaelfyPwxIvgAOA1Gn1hI628dGB2/view?usp=sharing[link text]1 I want to rename th...

by Path Finder in

search time data masking

Hi I am trying to mask indexed data using following props.conf comfig for linux_secure. [linux_secure] EXTRACT...

by Motivator in

Error message above search bar

Hi All, When I am executing a search query something like "index=index1", I am getting the below error message abo...

by New Member in

Can you help me with an issue i'm having with the strptime function?

I am trying to implement strptime command on my lookup named test.csv, which has fields _time, hits with data from Au...

by New Member in

How do you convert numeric value from 5000 to 5k for a field?

I am planning to convert the value of a count into 5k, 500k format rather than the whole number. May I know how I can...

by Path Finder in

Make data in a stacked area chart 'float'

Any way to make one series in a stacked area chart invisible? I've got a bunch of data I want to make a floating r...

by Explorer in

How come only one of many fields is not extracting?

I have a weird behavior in my environment. When I get new data, I parse them using my regex (= as delimiter betwee...

by Path Finder in

How do I count occurrences with wildcard in count by field?

Hi, I have the following values from my search result: /api/v2/nodes/107757943/nodes /api/v2/nodes/107758003/n...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you combine one REST search with one of the _internal license_usage.log?

Can you help me with my multi-field field extraction query?

Which is the best approach to use with an eval+case+wildcard+chart by 2 fields?

Limit for chart with split-by clause ?

Combining events into one

How do you route windows event logs based on filters on a heavy forwarder?

How to do regex based on commas

Is it possible to list the filters of the initial search with the results of a subsearch?

Collect values from syslog logging

How do I list unique IPs of infected computers per day and then list new IPs from the previous day?

What is the best way to pull out IP Addresses from a multivariate field?

How do I get a subtraction of two fields when they share a common value?

How to group by month if we have data from.

Eval round gives inconsistent half-rounding results

Extracting unique Null Pointer Exception from the logs via Splunk

Can you help me with my stats count?

How do I use the eval command to calculate error rates and show them as percentages?

How do I rename the values in the following field?

search time data masking

Error message above search bar

Can you help me with an issue i'm having with the strptime function?

How do you convert numeric value from 5000 to 5k for a field?

Make data in a stacked area chart 'float'

How come only one of many fields is not extracting?

How do I count occurrences with wildcard in count by field?

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions