Splunk Search

Discussions

Thread Info

Regex Query Help: Need to Write a regex query for my log

Below given is one section of an event. The event has multiple such sections. I want to write a regex search query so...

by Path Finder in

input lookup get values for the lookup only

Hi, I have a very Basic question. I have an index index1 and sourcetype=ST1 with fields fieldA, fieldB and fieldC....

by Communicator in

Need help in splunk regex

{"runDate":"2018-05-26T02:42:42 BRT","dataDate":"20180524","jobName":"autocompleteIndexerCounters","counterList":[{"c...

by Explorer in

How to get only the latest values of a Parameter for each server?

I have multiple Parameters and their values lister for each server. I am using the beloq command at last: chart li...

by Communicator in

How to convert the values of multiple fields to number?

Hi All, Good day! I just want to ask for some help here.  I have multiple fields with the data I'm working ...

by Path Finder in

Subsearch Not Filtering Results

I am trying to pull a list of filtered IPs from one index and then use that list as a reference to see external traff...

by New Member in

Line chart does not display the value zero even after setting the code to use one decimal place

Hello, Seeking for any assistance on the issue I am encountering. Issue: Line chart does not display the value ...

by New Member in

How to separate rows as column?

I have trouble in manipulating the table Date contains (index, name, date). name ..... date ................ co...

by Engager in

Why is my search resulting in "Regex: UTF-8 error: isolated byte with 0x80 bit set error"

| tstats count(host) as count WHERE index=* earliest=-1d@d latest=@d by host|search [|inputlookup mylast|fields host...

by Explorer in

How to get value of a field corresponding to max value of another field

Hi, I have a table with the fields 'loadtime', 'application', and 'user'. First I want to compute the maximum value o...

by Path Finder in

Average on a value over time

Hi, I have this query (yes I know its ugly but it works  ) . What I need to do is present the current RSSI value ...

by Motivator in

Returning Non-Duplicates from a table

My data tells me if counts on a specific server are timing out, and we are trying to set up an alert for when this oc...

by Communicator in

Retrieve the Data from multiple searches

Hi, I have something like this - Search 1 - for media customers - Summary Index A - contains data from 20th May till ...

by Explorer in

SPLUNK_BINDIP, web and daemon don't agree

I've quickly skimmed through the answers already here, and not found a corresponding answer, although there is a ques...

by Motivator in

Need to omit events with specific strings (info or debug) in them.

I am trying to prevent debug and info events from getting logged into splunk. I created an inputs.conf and used black...

by Path Finder in

Eval and match create a new field

I have fields like Uid and Case If the case is authentication then then my new field has to show Uid number. Case....

by Path Finder in

Search String | metadata type=sourcetypes index=_internal

Search String | metadata type=sourcetypes index=_internal , what is its meaning here.

by Explorer in

How do you concatenate strings of two multi-value fields together to make one mv field?

I have two multi-value fields, one contains addresses and the other contains the date and time an event occurred at s...

by Explorer in

regex for TIME_FORMAT in epoch milliseconds time

Hey There ! I have this sort of entry in my event : startedTime: 1528840802983 this is in epoch time I was try...

by Path Finder in

Case condition check issue

Application logs execution time for many apis. I am interested in 2 apis with following urls. /apis/deviceservice/2.0...

by Engager in

query a field with result from another query

Hello all, I have query1 looks like below: <query1> | fields dialog1 | table dialog1 I want to have query2 to ...

by Path Finder in

Increase count by 1 for every 10 Minutes

Hi All, index="XXX" |stats latest(_time) as last_seen,values(ID) as ID, count by IP_Add | eval Filter=if(count%2==...

by New Member in

How do I use rex command here?

sample event: fullFormattedMessage: Device naa.60000970000297500017533030313231 performance has improved. I/O late...

by Engager in

how to convert days,minutes,hours and seconds to just seconds format to obtain the visualization?

I have a simple lookup query as follows :- | inputlookup ABC.csv which gives the result as follows :- ...

by Builder in

Calculate Time Difference between multiple event

I have a use case to calculate time difference between four events. The first event is when the server receives a req...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex Query Help: Need to Write a regex query for my log

input lookup get values for the lookup only

Need help in splunk regex

How to get only the latest values of a Parameter for each server?

How to convert the values of multiple fields to number?

Subsearch Not Filtering Results

Line chart does not display the value zero even after setting the code to use one decimal place

How to separate rows as column?

Why is my search resulting in "Regex: UTF-8 error: isolated byte with 0x80 bit set error"

How to get value of a field corresponding to max value of another field

Average on a value over time

Returning Non-Duplicates from a table

Retrieve the Data from multiple searches

SPLUNK_BINDIP, web and daemon don't agree

Need to omit events with specific strings (info or debug) in them.

Eval and match create a new field

Search String | metadata type=sourcetypes index=_internal

How do you concatenate strings of two multi-value fields together to make one mv field?

regex for TIME_FORMAT in epoch milliseconds time

Case condition check issue

query a field with result from another query

Increase count by 1 for every 10 Minutes

How do I use rex command here?

how to convert days,minutes,hours and seconds to just seconds format to obtain the visualization?

Calculate Time Difference between multiple event

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions