Splunk Search

Discussions

Thread Info

How to use regex on field names?

For example. Is there any way to convert this: into this? Don't care about the numbers but the value...

by Path Finder in

Is there an easy way to pair two events with the same sourcetype that have the same values in different fields?

I am looking for an elegant solution to the following problem: I want to summarize data from two different events whi...

by Engager in

How do you search all fields in a sourcetype with regex?

The context: I'm looking for sensitive information patterns showing up in the IIS sourcetype that we have. What I ...

by Path Finder in

How to create a scheduled job time to find the run time of each of the searches?

I'm working w/ a similar issue as: https://answers.splunk.com/answers/512103/how-to-get-a-list-of-schedules-searches-...

by Path Finder in

How do I use a sparkline within tstats to visualize data feed over the last 24 hours?

I want to use a tstats command to get a count of various indexes over the last 24 hours. I also want to include the l...

by Builder in

Simple XML drilldown link search won't recognize regex or rex

I have a dashboard panel with a table. I am able to change the drilldown search when selecting a row in the panel tab...

by Explorer in

How do I search for exact sequence of events?

Hi All Wondering if anybody can assist. We're logging privilege user activity (GUI interactions etc) and looking t...

by Engager in

How to show values and percentages on hover over columns in 100% stacked column chart?

Hello, I have a graph that I'm displaying as a 100% stacked column chart. Even though the Y-Axis is set to 0-100 I...

by Communicator in

Can you help me with my filtering search?

Hi, I am trying to create a list of customers based on one event type but then show stats from all the events by t...

by New Member in

Problem Sourcetype - Extraction

Hello, I receive logs from my server and I want to extract manually some field but I get this error : The events a...

by Engager in

invalid search or missing required fields for thresholding

Hi, I'm using ad hoc search for a glass table. By search, when run i'm able to get the value that i want. But in t...

by Explorer in

How to graph the rate from firewall logs with only start and end session messages ?

Hi, I have a network rate graph i build from my firewall logs with the timechart command: host=firewall_IP type...

by New Member in

Why when using "map" command, if I use the string argument with "map", results are not displayed?

Splunk ver : 7.1.2 When I use the map command, if argument that pass to map is string, results are never displayed...

by Builder in

Is it possible to clear unwanted stanzas out of transforms.conf?

I am trying to filter unwanted events from a text file and am experimenting with the REGEX expression. I think I have...

by Engager in

TIME_FORMAT AUTO works, but strptime defined does not for props.conf

Why is TIME_FORMAT failing for importing data? I get the error: Could not use strptime to parse timestamp from ...

by Path Finder in

rex giving unrecognized character

Regular expression "ParNew:" | rex "(?i)\\), (?P[^ ]+)" | rex "(?i).*?\\((?P\\d+\\w+)(?=\\))" | rex "(?i)\\[ParNe...

by New Member in

How to calculate total disk size when using freediskspace collection?

I am searching for a 'search' that will give me the following information: Disk usage (C:) in % Total Disk size (C:) ...

by Path Finder in

How do I combine mv fields into a new field?

I have events that have two multivalue fields, field1 and field2. They look like this: Field1 Field2 1234...

by Communicator in

How to compare between individual values from two fields having multiple values ?

I have 2 fields from my search, something like this - Errorcode, ErrorDescription Err1, "abcd password is missing xyz...

by Path Finder in

How to modify rows and columns in the Splunk table?

Hello, I have written a splunk search which produces the following table: from to parameter value A ...

by Path Finder in

How do you search an inputlookup for the results of your query?

I'm a little stumped with what I am trying to achieve with the lookup of values from a CSV, which are based on the se...

by New Member in

How do you display response time results sorted in descending order ?

I am trying to display response times in a chart for my services. But, how do I display the response times results in...

by New Member in

Why is my time token changing in a comparison timechart?

I successfully put together a graph that compares bandwidth consumption over a period of time (currently hardcoded to...

by Explorer in

How do I join multiple sourcetypes by different fields (ids)?

I'm trying to join the result of three different sourcetypes into one result. These three sourcetypes are connected b...

by Path Finder in

How do you get tabular event with field value pair?

I have an event in the below format. INCIDENT_ID PROBLEM_KEY ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use regex on field names?

Is there an easy way to pair two events with the same sourcetype that have the same values in different fields?

How do you search all fields in a sourcetype with regex?

How to create a scheduled job time to find the run time of each of the searches?

How do I use a sparkline within tstats to visualize data feed over the last 24 hours?

Simple XML drilldown link search won't recognize regex or rex

How do I search for exact sequence of events?

How to show values and percentages on hover over columns in 100% stacked column chart?

Can you help me with my filtering search?

Problem Sourcetype - Extraction

invalid search or missing required fields for thresholding

How to graph the rate from firewall logs with only start and end session messages ?

Why when using "map" command, if I use the string argument with "map", results are not displayed?

Is it possible to clear unwanted stanzas out of transforms.conf?

TIME_FORMAT AUTO works, but strptime defined does not for props.conf

rex giving unrecognized character

How to calculate total disk size when using freediskspace collection?

How do I combine mv fields into a new field?

How to compare between individual values from two fields having multiple values ?

How to modify rows and columns in the Splunk table?

How do you search an inputlookup for the results of your query?

How do you display response time results sorted in descending order ?

Why is my time token changing in a comparison timechart?

How do I join multiple sourcetypes by different fields (ids)?

How do you get tabular event with field value pair?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions