Splunk Search

Discussions

Thread Info

On what user does splunk start after restarting it from deployment server

Hi, When we restart splunk forwarder from deployment -server does it start 1) based on user defined in boot script O...

by Contributor in

Unable to get count when variable names has a "-"

One of the queries i'm using has a variable with a "-" and splunk is unable to get me the stats count using the varia...

by Path Finder in

How to use regex to extract just the ID inside of the brackets?

So I have this data Aug 22 09:13:46 someservername <118>1 2018-08-22T09:13:46.743+00:00 ip.address LOGSTASH - - ...

by Path Finder in

How do I filter results based on approximately 115 partial values of a field?

I have a list large list of products. I need to search the list but filtering out some results based on the partial v...

by Explorer in

count null timechart spans

Hi, I have the following search that displays a table with time as rows and conferenceID as columns. i only want t...

by Explorer in

How to sum two numeric fields resulting in a concatenation of the two fields?

Hello Splunk Ninjas, First time I've seen this: I have two fields, clearly regognised as numeric fields by Splunk....

by Path Finder in

How can I combine two chart query outputs as 1?

Part A: index=web splunk_server_group=hotel sourcetype=hotellog eventname=hotel-book earliest=-3d| eval dateyearw...

by New Member in

unable to extract all matching values in a single line; the interesting field only captures first matching value.

The string is a single line, i am unable to extract all matching value in this line. The interesting fields that Splu...

by Explorer in

How can I join two searches on a common field?

I'm trying to append a two tables on a common key. I am using |appendcols but the two tables are not internally joine...

by Path Finder in

lookuptable compare with new event

I called all the errors and created to lookup-table. I want to create a job which would compare the last 5 minutes of...

by Engager in

Find Time between events, including current Time.

Hello all, I've seen examples of how to find time between events using streamstats, and also to find the time sinc...

by Explorer in

Searching strings with accented characters

Hello, I'm having an issue when trying to filter events based on accented characters. For instance if I look a...

by Path Finder in

View full source of the log file

I have a need to view/export the source a log file. Requirement is to export all lines of the log file within a date/...

by New Member in

What are some of the best practices for field extractions?

Hi, There is some debate in our group regarding best practices for field extractions. We have a feed that has well...

by Champion in

find max length where field name is firstName_1,firstName_2...

My splunk entry is firstName_1="Tom" firstName_2="Jerry" firstName_3="Tom1" firstName_4="Jerry1" I would like to f...

by Engager in

Does Anyone Have Field Definitions for Cisco IOS Technology Add-On?

We have been asked to provide definitions for the following field names for events produced by parsing Cisco switch l...

by Engager in

One-Table Combining Different Search Results in Real-Time

My end goal is to show events in one table coming from multiple searches in real time. They all have the same fields....

by Path Finder in

How to display comparison between previous week with current week in Single Value with trendline

Hi, I have a query which should ideally give me results for the Last week and the current week Request count. i...

by Communicator in

subsearch or lookup from search results

Morning all, In short I need to be able to run a CSV lookup search against all my Splunk logs to find all Session...

by New Member in

Trouble with UTC time

I have some search results that return values in the format %Y-%m-%d %H:%M:%S. For example: ...some search... | ta...

by Path Finder in

In real-time alert, if I use lookup command, too many alerts triggered.

Splunk ver 7.1.1 I'm using real-time alert that trigger when there is event which has src_ip match black_list.csv ...

by Builder in

how to know the search history by user, but only the searches you type

Sorry for the inconvenience, but I'm looking for a query that only shows the searches typed by users, because when I ...

by Path Finder in

Replace a column with diagonal value in a table

host time timediff a 12:00 END a 11:55 1 a 11:50 1 I want to replace the "END" in timediff with the below value: t...

by Explorer in

Adding a date to a string Message

I am trying to create an error message based on a time frame, the last 15 min. and now. So the error message would sa...

by Path Finder in

count(var) by "a list of values within a field"

First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

On what user does splunk start after restarting it from deployment server

Unable to get count when variable names has a "-"

How to use regex to extract just the ID inside of the brackets?

How do I filter results based on approximately 115 partial values of a field?

count null timechart spans

How to sum two numeric fields resulting in a concatenation of the two fields?

How can I combine two chart query outputs as 1?

unable to extract all matching values in a single line; the interesting field only captures first matching value.

How can I join two searches on a common field?

lookuptable compare with new event

Find Time between events, including current Time.

Searching strings with accented characters

View full source of the log file

What are some of the best practices for field extractions?

find max length where field name is firstName_1,firstName_2...

Does Anyone Have Field Definitions for Cisco IOS Technology Add-On?

One-Table Combining Different Search Results in Real-Time

How to display comparison between previous week with current week in Single Value with trendline

subsearch or lookup from search results

Trouble with UTC time

In real-time alert, if I use lookup command, too many alerts triggered.

how to know the search history by user, but only the searches you type

Replace a column with diagonal value in a table

Adding a date to a string Message

count(var) by "a list of values within a field"

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions