Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you search for the nearest file within 7 days ago of another file?

Hello everyone, I'd like to create a bottleneck graph. Basically, I'd like to use two files. One of the files ...

by Path Finder in

How do you extract the value of output quality from the log below?

I want to extract the value of Output Quality from the below log. Critical-Lab checkRcReady for batchId ==>9a508f0...

by Explorer in

Parsing fields inside quoted fields

Hi, at search time I like to pase the key-value pairs inside the message and would like to have the whole message in ...

by Path Finder in

AND Condition to find the keywords in logs

I have log. I want to find all 4 keywords. It should be AND condition and not OR. Critical Lab Lab Critical Process P...

by Explorer in

How to Drilldown stacked column chart to a table?

Hi All, I need to show a drilldown report when user clicks on any of the column bar. Each bar has 3 sentiments (Po...

by Explorer in

how to group by month for yearly data.

Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time)

by New Member in

What rex can I use to extract a value before a string near the end of an event?

I need to extract the value where "SoftFail" from this example log is. In related logs, the value is always after ...

by New Member in

When using the timechart command, how do you show multiple Max Values?

Hi Splunk Community! Quick one for all you experts! I'm trying to timechart the following 4 separate metrics (repr...

by Path Finder in

How do you regex a part of a field name to use in a separate field?

I have a field which is a username, but the results of the username starts with "USR" and the actual username is "USR...

by New Member in

What is wrong with my eval for this token?

Hi, I have this eval for a token but it doesn't ever seem to get set, what am I missing? <eval token="showapppa...

by Motivator in

Need to optimize firewall log search - auto-finalized after disk usage limit reached.

I need to create a table of all unique firewall connections over the last 90 days. Our FortiGate firewall is conf...

by Contributor in

How do you add buttons on table view?

Goodmorning, I have a Simple-XML with following search index=_internal source=*metrics.log group="per_sourcetyp...

by New Member in

How do you use the rex command to obtain values to be put into a table?

I have a query : host=*perf* bf19f0c3-2f10-4db2-b33f-efb946b0ee24 {"StatusCode":204* | table Message Out put of t...

by Path Finder in

Can you help me sum the data in the following field?

Hi Team, I have PATA field which needs to do sum of PATA field, am using below command where should add PATA to ge...

by Explorer in

command.search.kv performance

We have a search that is spending most of its time in command.search.kv. If we give it a search which doesn't need an...

by Path Finder in

Modular Input Custom UI

HI, I creating modular input add-on. Now I try to create custom UI for input parameters as explained in documentation...

by New Member in

Can you help me with my query within a query?

Hi, I am trying to see if this type of query is possible I am creating an alert base on 2 conditions. The fi...

by New Member in

How do you calculate the average for a chart count over table?

How do you add another column that contains averages based on previous columns after "chart count over Level by Month...

by New Member in

Can you help me build a regex to extract fields with different field delimiters?

Hello all, Can someone help me build a regex that may allow me to extract 3 different fields from events where all...

by Path Finder in

How do you rename rows using a CSV file?

Hi there, I need a way to rename rows using a file list (csv file or other file type) from a search job / dashboar...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you search for the nearest file within 7 days ago of another file?

How do you extract the value of output quality from the log below?

Parsing fields inside quoted fields

AND Condition to find the keywords in logs

How to Drilldown stacked column chart to a table?

how to group by month for yearly data.

What rex can I use to extract a value before a string near the end of an event?

When using the timechart command, how do you show multiple Max Values?

How do you regex a part of a field name to use in a separate field?

What is wrong with my eval for this token?

Need to optimize firewall log search - auto-finalized after disk usage limit reached.

How do you add buttons on table view?

How do you use the rex command to obtain values to be put into a table?

Can you help me sum the data in the following field?

command.search.kv performance

Modular Input Custom UI

Can you help me with my query within a query?

How do you calculate the average for a chart count over table?

Can you help me build a regex to extract fields with different field delimiters?

How do you rename rows using a CSV file?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Field EventDescription and Splunk Add-on for Sysmo...

help on could not load lookup message

searching for specific result

How to Add Datamodel Fields in Search and Reportin...

AD servers with indexing delays when evt_resolve_a...