Splunk Search

Discussions

Thread Info

export the search results directly into Amazon S3

I have a requirement where I need to export the search results directly into Amazon S3. I need to export a daily repo...

by Explorer in

Indexing updatable data from a relational database

Dear all, I am wondering what is the best strategy regarding indexing data coming from a relational database which...

by Explorer in

Is there a way to customize delimiter based field extractions via the UI?

Is there a way to customize delimiter based field extractions via the UI? Looks like you can do it for regular expres...

by Splunk Employee in

JOIN how to save as an eventtype ?

Hello Splunkers, I'm using JOIN expression to classify a type of errors. I want to have all errors classified lik...

by Engager in

Splunk Search content for a particular string

Hi Team, I have search in search head which gives output like in snapshot. Now i want to assign a new field to cli...

by New Member in

How to extract many fields with a single regular expression ?

Hi, I have a sample log file as shown in the attached screenshot. I have many such tags in the log file. I want t...

by Path Finder in

How to create a rex string with "#" sign?

I have data 2018-07-23 21:00:54##7049015762##358479078622895##2##4000######N##ABS##|##USER_NUMBER##QUERY##1##9086...

by New Member in

need line breaking for the following data generated as CSV

Good day All, My skill in regex is very limited. Can anyone help me with the props.conf for the following data? ITs b...

by Communicator in

best practices vs my code

hello all i use this code but he has not good performances following splunk best practices, is it possible to give...

by Motivator in

Modular Input - interval

Hi, i've noticed that when the time required to execute a modular input's streamEvents method is greater than the con...

by New Member in

Accessing results from search after timecharting

Hi all, I'm trying to write a query that pulls up some data, time charts it, then calculates a percentage based on...

by Path Finder in

How to convert time to epoch time?

How to convert time to epoch time? What the best approach for this one? Mon 07/23/2018 17:19:01.89

by Path Finder in

Why is the append query not working?

hi, index="idx_a" sourcetype IN ("logs") component=* logpoint=request-in | table transaction-id,timestamp-in| app...

by Path Finder in

Unable to sinl logs from oracle user on webui

Unable to sink logs from user Oracle on webui, but can able to sink logs from tmp. can you please suggest. Than...

by Explorer in

eval duration/latency

My timestamp-in and timestamp-out fields are in this format 2018-07-23T15:53:11.588Z how do i calculate duration ? i ...

by Path Finder in

How to execute a script and display results on a search page?

I need to execute a python script from Splunk search and display the return value on the same page. How can this be d...

by Path Finder in

How to take the time from the field I am interested in and compare that to the current time to mark as an alert?

I am exporting data out of AD and trying to look for devices that are older than a certain time frame. From my data e...

by Contributor in

NOT Inputlookup not working

I am trying to perform a search and trying to add an inputlookup to filter information I don't need to know about. Fo...

by Contributor in

Can Splunk find similar strings in a log?

Hi Does Splunk can do similar string search? For example the given string is mystring, and I want to return any log...

by Communicator in

How do YOU use splunk! (Search/Query Examples)

Hello everyone, Our company just started using Splunk, and after experimenting with some basic commands it certain...

by Path Finder in

calculate percentage from the results of two reports

I'm having a difficult time calculating a percentage based on two reports (searches). Search 1 | inputlookup myda...

by Observer in

How to get other field on x-axis other than _time?

I'm fetching data by hitting an API, and the data I get will be a single event which consists of cpu_used and corresp...

by Path Finder in

Transaction very slow

I have to calculate the response time from an application that depends on the response of another application. For th...

by Engager in

Creating a join when first search contains multiple values for a single field

Hey all, this one has be stumped. I'm trying to join two searches where the first search includes a single field with...

by Contributor in

Help with "set diff" (need to keep the time of the events in the results)?

I'm trying to get a result table of all he hosts in our OSSEC environment that have changed status over the past 24 h...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

export the search results directly into Amazon S3

Indexing updatable data from a relational database

Is there a way to customize delimiter based field extractions via the UI?

JOIN how to save as an eventtype ?

Splunk Search content for a particular string

How to extract many fields with a single regular expression ?

How to create a rex string with "#" sign?

need line breaking for the following data generated as CSV

best practices vs my code

Modular Input - interval

Accessing results from search after timecharting

How to convert time to epoch time?

Why is the append query not working?

Unable to sinl logs from oracle user on webui

eval duration/latency

How to execute a script and display results on a search page?

How to take the time from the field I am interested in and compare that to the current time to mark as an alert?

NOT Inputlookup not working

Can Splunk find similar strings in a log?

How do YOU use splunk! (Search/Query Examples)

calculate percentage from the results of two reports

How to get other field on x-axis other than _time?

Transaction very slow

Creating a join when first search contains multiple values for a single field

Help with "set diff" (need to keep the time of the events in the results)?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Detection: Kerberos User Enumeration

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!