Splunk Search

Discussions

Thread Info

Event breaking help with props.conf

I have a sourcetype that I'm working with and trying to break up the events by any line that says "Job start time: yy...

by Communicator in

Any way to break this row into two columns?

I am setting up a dashboard that monitors count of events on a daily basis and a previous 30 day average by customer....

by Path Finder in

iam receiving a message unbalanced quotes , i tried using back slash

| eval e="$time_token.earliest$", l=$time_token.latest$"| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true...

by Explorer in

Creating a custom SourceType with multiple delimiters (35 fields)

Hi all, I've searched around a bit and I can't seem to find the answer after failing to figure it out myself. T...

by Explorer in

query running using KV store is taking logn time

Hi , I have a scenario where i am using KV store to get the events generated. But my query is taking 5hr to run w...

by Path Finder in

Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"?

In my query before, I was using the outputcsv search command, and then I had a monitoring input stanza to upload it t...

by Builder in

Is it Possible to create the Scatter_Line Chart in Splunk?

We have the Actual Generation Data from the Machine and also having the Set Points of the Particular Parameter. we...

by Path Finder in

Splunk platform release notes

I was going through the Release note which was updated into Splunk Docs recently. https://docs.splunk.com/Documentati...

by Communicator in

how to extract all values separately suing rex command

hi, i have a string like: AAA TEST BBB 1000 CCC DDD EEE FFF GG 11111 i need to extract all the values separately a...

by New Member in

Problem to indexer a multivalue field too longer

Hi everybody Trying to index a multivalue field with more than 6000 characters approx. With the same sourcetype we ha...

by New Member in

crud in lookup

Hi all, I am trying to do crud of a lookup. I ahve been following this link:- https://www.hurricanelabs.com/splunk-tu...

by Path Finder in

Why is multiline regex blacklisting all events for specifically 4656 only?

Hi All, I cant seem to get this right. I am trying to use regex to blacklist 4656 events where: The account name ...

by Path Finder in

Regex by ID removing duplicates

Hello everyone. I have a code below where each event is determined by the line break. I am wanting to take the val...

by Path Finder in

How to search syntax to exclude dhost or URL

New to Splunk here. Trying to run a search for user BLAHBLAH that does NOT contain dhost of api.drift.com Would someo...

by Path Finder in

How to adjust search to include names that are also hyphenated

We ingest patient records into Splunk and some compliance users need to search to see if an employee accessed records...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Event breaking help with props.conf

Any way to break this row into two columns?

iam receiving a message unbalanced quotes , i tried using back slash

Creating a custom SourceType with multiple delimiters (35 fields)

query running using KV store is taking logn time

Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"?

Is it Possible to create the Scatter_Line Chart in Splunk?

Splunk platform release notes

how to extract all values separately suing rex command

Problem to indexer a multivalue field too longer

crud in lookup

Why is multiline regex blacklisting all events for specifically 4656 only?

Regex by ID removing duplicates

How to search syntax to exclude dhost or URL

How to adjust search to include names that are also hyphenated

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...

Better PDF report visualization