Splunk Search

Discussions

Thread Info

Can you help me with my custom dynamic field extraction?

Hi, looking for some help on this one. I have multi-line events that I'm trying to create dynamically named fields fr...

by New Member in

How do I remove gaps in charts?

Hi splunkers, I was able to plot a graph that, whilst it shows all the info I need, it also contains massive gaps ...

by Explorer in

How do I search for Chinese characters in Splunk?

Hi, I need to create a report that looks for certain terms in Chinese. Is there anything special that I need to do...

by Champion in

How can i get the first event after match a event?

I want to make a search that match for a event, than get the next event. Example: Event1 _time event_hash statu...

by Explorer in

Can you help me with my join query?

I'm having trouble with a join query. It doesn't work with the inner or left join, although I can see the event from ...

by Explorer in

How to troubleshoot error "Configuration initialization for C:\Program Files\Splunk\etc took longer than expected (1869ms) when dispatching a search"?

Why are we getting this error and how do we fix this?

by Communicator in

Why can't I find logs under _internal Index when I'm able to see in them in actual Index?

Hi friends, I am using the below search query to see the usage of a specific Index. When I pull the search for 30...

by Explorer in

What is the best way to count events and calculate the disk space these events use?

So, the first part of this is really easy. index=active_dir | stats count by EventCode This will give me the a...

by Contributor in

Is it possible to compare equality of two fields at the root search without using | search, | where, or | eval?

I'm trying to work around the limitations of data model root searches not supporting pipes. Is there any way to do...

by Builder in

How to search for specific text in field without additional text?

Sorry for the strange title... couldn't think of anything better. Doing a search on a command field in Splunk with va...

by Path Finder in

Can you help me create a pie chart that would display info from a CSV Lookup file?

I created a .CSV file with error_code and Description. I am trying to compare error_code with the logs and create a p...

by Contributor in

How to use a list of values from a table into foreach fieldstr?

Hi, I already used the following lines with success: | foreach fieldstr=device "device_name1" "device_name2" "devi...

by Explorer in

I want to see Number of hits from an IP address on a particular url in a minute

I am looking for result which will show, number of hits on a URL from a particular IP address in a minute. For exampl...

by Explorer in

How do I pull a stats table where there are blank fields in event data?

This is the event data: ls1=INFO ls1Label=Severity ls2=MS SQL SERVER ls2Label=ServerType ls3=Command List ls3Label= c...

by Engager in

Splunkd service wont start on Windows Server (handler/weak reference error)

Has anyone encountered this error before? Our splunk instance is completely down. 08-10-2018 12:45:50.153 -0700 IN...

by Explorer in

How to search a field for values that are stored in another field?

Hi, Can you please help me with the following case? I'm trying to use the value of a field to search within the va...

by Explorer in

How do you reference a field value as a field to use in a table?

So I have a field day_Today=Friday Now I want to use the value of day_Today as a field in my table | table...

by Path Finder in

How to extract data using regex?

Hi All, I Have data in below mentioned format. I need to extract value CUP_Used and cup_used using regex and store...

by Builder in

Could you help me with my regex expression?

hi I would like to extract the field in bold with a regex: 06/09/2018 - 14:23:01 -- End of installation of ePO ...

by Motivator in

Will you help me with this string to date conversion?

I'm struggling to convert this to a Splunk readable format. Sep 18, 2018 17:25:24.870411000 Can you me figure o...

by Builder in

How do I combine subtotals and totals in a search query?

Is it possible to do this? Should I use appendcol? multisearch? join? Please enlightened me. Scenario: The IP b...

by Communicator in

Ignore empty data point when calculating average

I am trying to calculate the average for a few columns and rows but I have came across the following issue. Some rows...

by Engager in

Transactions and reporting multivalue event types

Hi all. I'm having trouble expanding a multivalued Transaction into separate fields by their corresponding values. I'...

by New Member in

Can you help me convert a field value extracted by a rex command to another date time format?

Hello Community, I have certain field values extracted by using rex command. The timestamp format of the field val...

by Explorer in

How can I make a correlation between events where one is a calculated field and the other field is not in all the events?

A requirement is to get a list of domains (src_host) with the count of their actions (blocked, delivered) associated ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me with my custom dynamic field extraction?

How do I remove gaps in charts?

How do I search for Chinese characters in Splunk?

How can i get the first event after match a event?

Can you help me with my join query?

How to troubleshoot error "Configuration initialization for C:\Program Files\Splunk\etc took longer than expected (1869ms) when dispatching a search"?

Why can't I find logs under _internal Index when I'm able to see in them in actual Index?

What is the best way to count events and calculate the disk space these events use?

Is it possible to compare equality of two fields at the root search without using | search, | where, or | eval?

How to search for specific text in field without additional text?

Can you help me create a pie chart that would display info from a CSV Lookup file?

How to use a list of values from a table into foreach fieldstr?

I want to see Number of hits from an IP address on a particular url in a minute

How do I pull a stats table where there are blank fields in event data?

Splunkd service wont start on Windows Server (handler/weak reference error)

How to search a field for values that are stored in another field?

How do you reference a field value as a field to use in a table?

How to extract data using regex?

Could you help me with my regex expression?

Will you help me with this string to date conversion?

How do I combine subtotals and totals in a search query?

Ignore empty data point when calculating average

Transactions and reporting multivalue event types

Can you help me convert a field value extracted by a rex command to another date time format?

How can I make a correlation between events where one is a calculated field and the other field is not in all the events?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!