Splunk Search

Discussions

Thread Info

Can you help me with my sum of counts query?

I'm trying to get the sum of spam folders and where they are quarantined by user. Is there a better way to do this, e...

by Path Finder in

How do you store field names as values in a new field based on presence of that field?

Say I have 100 rows of logs. Some have only field "abcXYZ1" and not the other two. Some have field "abcKLM" and not t...

by Explorer in

How do you customize the drilldown of a search?

I've got a search viewed as a table and one of the values of the table cell is a URL. I want to be able to click on t...

by Engager in

transforms.conf regex extract strange fields with value $2

my transforms.conf has such lines [api-param] REGEX=^(\w+)=(.+?)\n FORMAT=$1::$2 props.conf [api] TZ = Eur...

by Explorer in

How do I combine data from CSV with data from index

Now ,I have a lookup named exchange.csv , and index="exchange_data" The data in the exchange.csv is extracted from in...

by Path Finder in

Can you help me make a Splunk Search for all Splunk Clients using TLS1.2?

Is there any way we can frame a Splunk query which we can run on a search head to get the list of all the Splunk clie...

by Path Finder in

How do I run forecast time series multiple times using one search?

I want to run a forecast time series multiple times using one search on the remaining freespace of a number of our da...

by Explorer in

Can you help me use the "sort" and "top" commands in a search?

Hi , I have a rsult set like this below status URL value status-500 identifiers 539 status-500 customer ...

by Path Finder in

How do I change the value of a search to MB?

I have this search which shows the total of bytes coming in for a particular time period. Can someone tell me how to ...

by Path Finder in

How do I add a new field in the output?

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

How to list datamodel name in a Table

I am trying to list certain datamodels in a table along with their log count but I can't seem to find how to list the...

by Builder in

extarct specific field with regex

i want to extract the field with the name of http_agent from my logs the raw field is : "http_host=""nts.mapnanyp....

by Explorer in

Datamodel search with Datamodel Subsearch Circular Dependancy Error

How do I fix this search to avoid- 'Error in 'SearchParser': Found circular dependency when expanding datamodel=Intru...

by Contributor in

how to pass the output of one query as search key to a subsearch?

I have raw events that look as below: 2018:08:22:22:39:51.731 myhostname 3:INFO MY_IDENTIFIER_TEST 548026790130303...

by Contributor in

How to use a variable to limit a sort list length?

I want to find the highest ten results of a search and group the others up. I'm using the following search: index=...

by New Member in

How to set python script to run automatically on a custom app.

Hello guys, I am new to Splunk. I need help in letting the python script i have created to run automatically every mo...

by New Member in

When trying to return different error messages with one saved search/alert, how do I combine 2 searches where one uses regex(OR is not allowed)?

I am trying to return several different error messages with one saved search / alert. I can get all of them indiv...

by Path Finder in

Can you help me with a problem I'm having parsing fields?

I'm new to parsing fields in splunk. And, in truth, I'm not great at regex yet. I'm trying to parse an event in Splun...

by New Member in

search the result returned from "search 1" and append the second search and then pass the value of search 1 to overall search the appended search

Good Day Folks, I have facing trouble in dealing with multisearches. For e.g. index="a" sourcetype="ab" field1...

by Path Finder in

Could you help me make a query which returns results on devices that fail and succeed?

Hi, I have this query that counts the type of failure for a given device, which works just fine. index=wholesal...

by Motivator in

Can you help me make a regex for URL having different types of parameters?

I have below 2 log sets which have different activities. i want two different regex for Set1 and Set2 separately in 2...

by Explorer in

How do I use the stats command on a field value that has duplicate entries?

I'm trying to table sales data and would like to have my quantity field values to calculate the total number that the...

by Communicator in

Days in Alphabetical Order but need to be in day order..Tried using documentation advice but still won't work

I have the following search that creates a bar chart with the days of the week on the vertical axis. THe days are in ...

by Communicator in

Can you help me with an XML field extraction?

I have a log file, that outputs different formats depending on the portion of the application doing the logging. Some...

by Builder in

How to turn string value into a time value to calculate the difference between two fields?

Hello, I have a log that when uploaded to SPLUNK this appears as a string even though it should be in time format....

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me with my sum of counts query?

How do you store field names as values in a new field based on presence of that field?

How do you customize the drilldown of a search?

transforms.conf regex extract strange fields with value $2

How do I combine data from CSV with data from index

Can you help me make a Splunk Search for all Splunk Clients using TLS1.2?

How do I run forecast time series multiple times using one search?

Can you help me use the "sort" and "top" commands in a search?

How do I change the value of a search to MB?

How do I add a new field in the output?

How to list datamodel name in a Table

extarct specific field with regex

Datamodel search with Datamodel Subsearch Circular Dependancy Error

how to pass the output of one query as search key to a subsearch?

How to use a variable to limit a sort list length?

How to set python script to run automatically on a custom app.

When trying to return different error messages with one saved search/alert, how do I combine 2 searches where one uses regex(OR is not allowed)?

Can you help me with a problem I'm having parsing fields?

search the result returned from "search 1" and append the second search and then pass the value of search 1 to overall search the appended search

Could you help me make a query which returns results on devices that fail and succeed?

Can you help me make a regex for URL having different types of parameters?

How do I use the stats command on a field value that has duplicate entries?

Days in Alphabetical Order but need to be in day order..Tried using documentation advice but still won't work

Can you help me with an XML field extraction?

How to turn string value into a time value to calculate the difference between two fields?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions