Splunk Search

Ask a Question

Discussions

Thread Info

How to repeat a regex to match more than one instances

Hi, We are using following regex to capture "caused by" exceptions within java stack trace. Caused by: (?P<Ex...

by Builder in

Rex query for two different type event

Need help on getting rex query. I am getting below two events. I am able to rex for event 1 with NULL field. But ...

by Explorer in

Writing Regex with Lookaheads to Capture Group

Hello, I am attempting to write some regex with a lookahead. My event is pluginText: <plugin_output>Here is the...

by Explorer in

Unable to do simple calculation of aggregate durations between 2 states by host

Given that per host there are 2 events logged, one indicating transition to active and one indicating transition to i...

by Path Finder in

Adding a column

Hi Splunk experts, I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' ...

by Path Finder in

Set time using data in token

I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about...

by Path Finder in

Use the '| from datamodel' command when the datamodel is configured as grandparent/parent/child.

I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command. ...

by Loves-to-Learn in

Nested inputlookup with join or eval

My current search that is working is - | from datamodel:Remote_Access_Authentication | rex field=dest_nt_domai...

by Explorer in

tstats stopped returning data with summariesonly=true after adding _time field

Hi, We have a datamodel built against application data. All the tstats searches against the DM were running fine, i...

by Builder in

Streamlining with tstats

Hi all, im looking to create a dashboard to capture various info on or proxy data. I have a few simple queries ...

by Path Finder in

How to subtract filed values in a column

I have AWS Cloudtrail data and want to find out how long an EC2 instance was stopped. Is it possible to subtract the ...

by Explorer in

how to break down a record in multiple rows

I have a records that comes with multiple items in a single row. Is there a way i can break it down in a single row. ...

by Explorer in

Inputs Conf on Deployment Apps and HFs

Hi Splunkers, Have the following situation, and interested in another opinion:We have a distributed environment wi...

by Communicator in

How to calculate time difference?

I'm looking to get a difference between both times and create a 3rd field for the results (Properties.actionedDate - ...

by Path Finder in

In a search combine two-three field values(columns) into one field

Hi, I have an output like this - LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFai...

by Communicator in

Splunk health check monitoring using command line ?

Hi, is it possible to extract informations about Splunk System health check using command line ? For example ...

by New Member in

Is using index=proxy really bad?

Hello I have a question. We have lots of indexes, and rather than specify each one, I use index=*proxy* to search a...

by Path Finder in

Filtering

Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis ...

by Contributor in

splunk

lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu...

by Contributor in

How to display top 5 and replace the rest with others?

How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did...

by Motivator in

How can I search events based on another lookup file subsearch using like.

Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch...

by Explorer in

Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working

My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances...

by Explorer in

How to find all Dashboards, Reports and Alerts related to a specific index ?

Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some ind...

by Path Finder in

Tracking Field Changes in Events

Hello, I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, ...

by Motivator in

How do I do a search on an inputlookup from data loaded from datamodel

My current serach is - | from datamodel:Remote_Access_Authentication.local | append [| inputlookup Domain ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to repeat a regex to match more than one instances

Rex query for two different type event

Writing Regex with Lookaheads to Capture Group

Unable to do simple calculation of aggregate durations between 2 states by host

Adding a column

Set time using data in token

Use the '| from datamodel' command when the datamodel is configured as grandparent/parent/child.

Nested inputlookup with join or eval

tstats stopped returning data with summariesonly=true after adding _time field

Streamlining with tstats

How to subtract filed values in a column

how to break down a record in multiple rows

Inputs Conf on Deployment Apps and HFs

How to calculate time difference?

In a search combine two-three field values(columns) into one field

Splunk health check monitoring using command line ?

Is using index=proxy really bad?

Filtering

splunk

How to display top 5 and replace the rest with others?

How can I search events based on another lookup file subsearch using like.

Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working

How to find all Dashboards, Reports and Alerts related to a specific index ?

Tracking Field Changes in Events

How do I do a search on an inputlookup from data loaded from datamodel

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions