Splunk Search

Discussions

Thread Info

What is the best way to pull out IP Addresses from a multivariate field?

Basically, I have a multi value field where each value is a free form piece of text corresponding to dated text entri...

by Path Finder in

How do I get a subtraction of two fields when they share a common value?

I am having three columns in primary_key, service_name , timestamp. I want to get a subtraction of values present ...

by Path Finder in

How to group by month if we have data from.

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

Eval round gives inconsistent half-rounding results

I tried setting up a Splunk alert to check for inconsistencies between a rounded total and a raw total, but the alert...

by Engager in

Extracting unique Null Pointer Exception from the logs via Splunk

I am looking to extract unique NullPointerException from the Splunk Logs. Unfortunately somehwere my regex is isnt ex...

by New Member in

Can you help me with my stats count?

hello I use the request below, which works: index="windows" sourcetype="wineventlog:Application" "SourceName=*"...

by Motivator in

How do I use the eval command to calculate error rates and show them as percentages?

Hello, I am creating a dashboard in which I am displaying total logins, successful logins, failed logins, error ra...

by Path Finder in

How do I rename the values in the following field?

https://drive.google.com/file/d/13tgNyaelfyPwxIvgAOA1Gn1hI628dGB2/view?usp=sharing[link text]1 I want to rename th...

by Path Finder in

search time data masking

Hi I am trying to mask indexed data using following props.conf comfig for linux_secure. [linux_secure] EXTRACT...

by Motivator in

Error message above search bar

Hi All, When I am executing a search query something like "index=index1", I am getting the below error message abo...

by New Member in

Can you help me with an issue i'm having with the strptime function?

I am trying to implement strptime command on my lookup named test.csv, which has fields _time, hits with data from Au...

by New Member in

How do you convert numeric value from 5000 to 5k for a field?

I am planning to convert the value of a count into 5k, 500k format rather than the whole number. May I know how I can...

by Path Finder in

Make data in a stacked area chart 'float'

Any way to make one series in a stacked area chart invisible? I've got a bunch of data I want to make a floating r...

by Explorer in

How come only one of many fields is not extracting?

I have a weird behavior in my environment. When I get new data, I parse them using my regex (= as delimiter betwee...

by Path Finder in

How do I count occurrences with wildcard in count by field?

Hi, I have the following values from my search result: /api/v2/nodes/107757943/nodes /api/v2/nodes/107758003/n...

by Path Finder in

Can you help me break my search up into two smaller ones?

I have a query that is taking up too many resources I am told. I decided to break it up into two smaller reports (one...

by New Member in

Splunk dbxquery to call stored procedure with subsearch to populate parameter not working

I have two working Splunk queries as follows. The first one takes in an IP Address and datetime and returns a Mac ...

by Engager in

Why is HTTP is working while HTTPS is not?

Hi, I tried to enable SSL on my Splunk instances. A few of them were successful. Some of them(specifically none of...

by Path Finder in

In a statistics table, how do I make it so a row hides when clicked upon?

Hello guys I want to hide the row of a table after clicking on a cell on this table. I guess I should look for JS ...

by Explorer in

Feature Suggestion: Panel-local variables for prebuilt panels

Prebuilt panels would be more useful if they allowed local variables. This would parallel the way macros allow argume...

by New Member in

Merge tables by aligning fields with same value

Hello, I have two tables listed below. The small table is a subset of the large table. Large_table Small_table...

by Explorer in

Use a lookup file to show IP name

Hello,I have a csv file ,and I use it as a lookup table, it has two fields : IP,IP Name; | inputlookup ip_name.csv...

by Path Finder in

How to increase the maximum number of conditions in a splunk search?

Hi there, I have a search below: host = xxx.xxx.xxx.xxx AND duration | rex field=_raw (something) | rex field=_raw...

by New Member in

Field extraction for IP ADFS Logs

Hello, I found one post but the REGEX search didn't work. How would I extract the IP into a new field that comes a...

by New Member in

Can eventstats or streamstats be used with accelerated data model searches?

We are looking to convert most if not all of our existing searches and correlation rules to search against accelerate...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the best way to pull out IP Addresses from a multivariate field?

How do I get a subtraction of two fields when they share a common value?

How to group by month if we have data from.

Eval round gives inconsistent half-rounding results

Extracting unique Null Pointer Exception from the logs via Splunk

Can you help me with my stats count?

How do I use the eval command to calculate error rates and show them as percentages?

How do I rename the values in the following field?

search time data masking

Error message above search bar

Can you help me with an issue i'm having with the strptime function?

How do you convert numeric value from 5000 to 5k for a field?

Make data in a stacked area chart 'float'

How come only one of many fields is not extracting?

How do I count occurrences with wildcard in count by field?

Can you help me break my search up into two smaller ones?

Splunk dbxquery to call stored procedure with subsearch to populate parameter not working

Why is HTTP is working while HTTPS is not?

In a statistics table, how do I make it so a row hides when clicked upon?

Feature Suggestion: Panel-local variables for prebuilt panels

Merge tables by aligning fields with same value

Use a lookup file to show IP name

How to increase the maximum number of conditions in a splunk search?

Field extraction for IP ADFS Logs

Can eventstats or streamstats be used with accelerated data model searches?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions