Splunk Search

Ask a Question

Discussions

Thread Info

Regex quantifier: why is the result of this regex is 'arn' only?

I apologize ahead for this as this is a regex question - one that I have struggled with. | makeresults | eval ARN...

by Contributor in

Why do the stats table columns don't match?

Hi, I have this query that filters the results to a single Premise (8773). It then extracts out the premiseid, mac...

by Motivator in

Assigning User Permissions to Update Forwarders

Is there a way to assign permissions to Splunk users that will allow them access to delete old forwarders from Forwar...

by New Member in

Improve efficiency of search

I want to compare the mailbox size from today to last week but my search is very slow and I am not sure how best to m...

by Communicator in

How to have Field Values represent other field values?

Hello all! I apologize for the oddly worded question. Currently, I have extracted fields from two separate log for...

by Communicator in

Comparing different events timestamp

Hi! I have 2 events to compare, one always comes first and the second is the result of, I want to present the tim...

by New Member in

Search Query Limitation displaying only 800000 records

Hi All, Facing an issue with splunk search query hitting limitation with 800000 records. On this below query, SLR0...

by Path Finder in

How can I convert a text string to a number?

I have a field that contains a text string representing time ("900 ms" for example - all values are in milliseconds) ...

by Path Finder in

How to show table with highest values in a column

Timechart output shows me table with two columns. column one is _time and column two is interger values. example: _ti...

by Path Finder in

Why is my search unable to match csv data against indexed events?

Hi, I am trying to search a list of IP's against the data being sent by the firewall. Since the number of IP's is ...

by Builder in

evaluate mathematical expression in string

Hi, Is there a fast way of evaluating the result a string like "42 + 23" as a new field? Background: a log file...

by Contributor in

In the job inspection report what does the value 'command.search.expand_search' relate to?

Hi, I'm very new to Splunk and I'm looking at a single node instance that's being used in our office to store a l...

by Engager in

charting time - using time within a lookup

I have a lookup file with about 100K events. What I want to do is use timechart (span each day). There is a time fiel...

by Contributor in

Check that all executable binary files have matching source code?

It shows this error when I package my application. I don't understand what source code I should add. I don't have any...

by Explorer in

Pass a variable form subsearch but it should not be used in parent search.

I have two logs. First log contain start date and end date in second log. First log query : index=abc sourcetype=abc_...

by New Member in

How can regex extract multiple values?

Hi, I have the below data and query (with Regex), what I'd like to have the Regex do is extract ALL occurrences of...

by Motivator in

Use lookup and stop matching for each entry in lookup

Hi All, I am trying to use a lookup to check how many domains in a white list are actually being used. The CSV ...

by Path Finder in

Tricky behavior of escaping backslash in regex

Hey folks, I am doing some regex stuff by rex command and find some tricky behavior. Error: I tried to use \ ...

by Splunk Employee in

Rex Field Question

I have a message field in an event id that isn't extracting properly. The part I've having an issue with is when ther...

by Explorer in

Why splunk is not comparing all values from 2 different fileds?

Hi, I want to compare two fields in a certain timerange. I am working on 2 fields, those are process_ip and trans...

by Communicator in

eventcount - spanning over time

I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetyp...

by Contributor in

How to search for firewall data showing source ip, source port, destination ip, and destination port in tabular form?

Hello, I am new to Splunk and I need to get a report showing Firewall transactions with source IP and source port,...

by Explorer in

Splitting a multivalue field on carreige return

good morning, I am in the process of breaking out data from a data source that in one field contains a list of simil...

by Explorer in

eval parsing issue?

index=xyz CurrentAgentSnapshot.Contacts{}.State=ENDED | table CurrentAgentSnapshot.Contacts{}.StartTime There is no i...

by New Member in

Need a help in creating a dashboard to get information on the IP address?

Hi, I got a request to create a dashboard to get the information on the ipaddress, with multiple panels and one input...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex quantifier: why is the result of this regex is 'arn' only?

Why do the stats table columns don't match?

Assigning User Permissions to Update Forwarders

Improve efficiency of search

How to have Field Values represent other field values?

Comparing different events timestamp

Search Query Limitation displaying only 800000 records

How can I convert a text string to a number?

How to show table with highest values in a column

Why is my search unable to match csv data against indexed events?

evaluate mathematical expression in string

In the job inspection report what does the value 'command.search.expand_search' relate to?

charting time - using time within a lookup

Check that all executable binary files have matching source code?

Pass a variable form subsearch but it should not be used in parent search.

How can regex extract multiple values?

Use lookup and stop matching for each entry in lookup

Tricky behavior of escaping backslash in regex

Rex Field Question

Why splunk is not comparing all values from 2 different fileds?

eventcount - spanning over time

How to search for firewall data showing source ip, source port, destination ip, and destination port in tabular form?

Splitting a multivalue field on carreige return

eval parsing issue?

Need a help in creating a dashboard to get information on the IP address?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions