Splunk Search

Discussions

Thread Info

Why is the field extraction only extracting one value?

Hi all, this is one sample I'm trying to extract in order to visualize them in table. But when I select a sample fiel...

by Communicator in

How to merge several fields from a log to one field?

Hi guys, i am pretty new to Splunk and i have the following Task. I have four Systems with logs. I want to merge...

by New Member in

data validation Lookups

Hi Team, I am new to splunk. and need help in validating data in a lookup I have lookup and the data is like below...

by New Member in

How to mask the bank balance to be shown in splunk logs?

Hi, How can I mask the bank balance in splunk? it is showing something like this: mybal=2426.88,availableBal=2426....

by New Member in

How to match search query results with lookup fields and replace the query result with lookup field value?

I have a query which gives results like COLUMN_1 COLUMN_2 1 a 2 ...

by Path Finder in

How to add colors to the columns based on conditions?

Hi everyone, I wanted to highlight the row values based on condition. I am new to CSS and JS . Can you please guid...

by New Member in

Alert: set trigger condition on 1st search query and show the stats from 2nd query in the alert email

Hello Splunkers, This is my 1st post on this forum, I need some help here. I have to set up a alert which has 2 searc...

by Explorer in

How to match the last occurance of the regex?

I have got a splunk query that searches for the string 'PS1234_IVR_DM' and once found, perform a rex on the field cal...

by Explorer in

How can I display these rows of data in a line chart?

There are 5 rows of data in the table. I want to display these 5 rows of data a line chart. There are 4 fields, field...

by Explorer in

Create a evaluation in each end of month based in one field that is not _time field

Hi. I am indexing data from a ticketing tool. I need to see what tickets were opened at end of each month. I've do...

by Path Finder in

How to extract field value from JSON and add the total of the value?

I have the following JSON format . Content : { "purchaseId":12345, "items":[ { } ], "total":1100.24 }, { "purc...

by New Member in

define constant value

time | a1| a2| a3 | a4 | today | 1 | 4 | 8 | 5 | today-1| 1 | 3 | 6 | 5 | today-2| 1 | 2 | 5 | 5 | today-3| 1 ...

by New Member in

Is there a way to nest the last event inside the eval statement?

I'm attempting to use stats to process some data before further calculations are performed. I have too many events fo...

by Communicator in

How to pass parameters to report ?

Hi, I have made this in Splunk 6.5.2 and now I'm wondering how to pass the two tokens (host and nt_username) to th...

by New Member in

Java SDK send data directly to Splunk (web)

Hi, I'm attempting to implement a direct connection to Splunk in my Java application so I can send data straight to S...

by New Member in

How to query and extract value fra Json array

Having the json data/array below, how do I create a new (single value) field with only the TargetVersion that has IsP...

by New Member in

I have two field values(a,b) in one field name(c). How can i show those two values(a,b) as two fields on Sankey visualization in a sequential way in two different nodes(one after another node)

I have two field values a, b, those are encapsulated in one field name called "c". I would like to show those two val...

by Engager in

Need help in create a search to detect malicious activity from a terminated employee

employee was terminated and we would like to fire an event when we see the user log on to any systems.

by Path Finder in

How to filter out the account name ending with "$"?

I have data looks like below AccountName account1-abc$ account2-abc$ account3-xyz$ account4 ...

by Communicator in

Hello, We are trying to ingest TIBCO logs in to the splunk.

Here is the environment type. One appliction server where the TIBCO application is hosted and the application serv...

by New Member in

Removing empty bins in timechart

Hello, I am unable to eliminate empty buckets using the timechart command since moving to Splunk 7.0. For example ...

by Path Finder in

Extract all the URl's present in the log into a field and count number of times each url is called .

I have couple of URL 's present in the logs . so I wanted to extract them all into a field ,but when I extract them I...

by New Member in

How to edit my search to join two indexes and two sourcetypes together and include data from one sourcetype into another?

Hello Splunkers! I'm scratching my head trying to find out how to join two different indexes and two different sou...

by Engager in

Add/change comments and descriptions into objects' fields in an existing data model

How do you add comments and descriptions into objects' fields in an existing data model WITHOUT manually edit the dat...

by New Member in

How to extract multiple key value pairs from the logs

We have a requirement where we need to extract the multiple key value pairs from the log files Ex: places= multip...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is the field extraction only extracting one value?

How to merge several fields from a log to one field?

data validation Lookups

How to mask the bank balance to be shown in splunk logs?

How to match search query results with lookup fields and replace the query result with lookup field value?

How to add colors to the columns based on conditions?

Alert: set trigger condition on 1st search query and show the stats from 2nd query in the alert email

How to match the last occurance of the regex?

How can I display these rows of data in a line chart?

Create a evaluation in each end of month based in one field that is not _time field

How to extract field value from JSON and add the total of the value?

define constant value

Is there a way to nest the last event inside the eval statement?

How to pass parameters to report ?

Java SDK send data directly to Splunk (web)

How to query and extract value fra Json array

I have two field values(a,b) in one field name(c). How can i show those two values(a,b) as two fields on Sankey visualization in a sequential way in two different nodes(one after another node)

Need help in create a search to detect malicious activity from a terminated employee

How to filter out the account name ending with "$"?

Hello, We are trying to ingest TIBCO logs in to the splunk.

Removing empty bins in timechart

Extract all the URl's present in the log into a field and count number of times each url is called .

How to edit my search to join two indexes and two sourcetypes together and include data from one sourcetype into another?

Add/change comments and descriptions into objects' fields in an existing data model

How to extract multiple key value pairs from the logs

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions