Splunk Search

Discussions

Thread Info

Eventstats not attaching a stat to every event

My data is structured with a series of events for any given user, that need to be summed up to get the complete respo...

by Communicator in

Dividing a field with time into 2 hour slots to find matching events in each slot

Hi splunkers, I am trying to solve an use case where I have to monitor some events occurance for every two hours. ...

by New Member in

Splunk Query help ??

Hi all we have list of 10 Solaris servers and they are us servers we installed ufs on those servers and are pointing ...

by Communicator in

can i get the one particular host information from the metadata command?

I am using the below command and it is giving me the whole host lists in the environment, but i need for the particul...

by Engager in

Can i define the time to search logs in colddb, db, datamodel or frozen

It is posible change the time to specify the time of the storage in coldb or db. I have some index configurated in sp...

by Explorer in

How to create a regex to display all the hostnames?

I have source as : /log/web/output/sat1svmdb1210_0511_kernel.log /log/web/output/sat2svmdb0100_7689_kernel.log I w...

by Communicator in

Why does the _time value keeps coming up blank?

Hello, I have the following search string, but "_time" keeps coming up blank. It appears that something is "clearing"...

by Path Finder in

How to use a lookup table in a Splunk query?

I have a lookup excel sheet with the application name, hostname, and IP address. I want to use it in a Splunk query a...

by Communicator in

Search help ?

When Iam trying to run this search its giving me wrong results .Please correct my search. In my csv is having to coum...

by Communicator in

Pass the earliest and latest value as arguments for main and sub search.

Here is my requirements. On last 7 days logs need to search to get unique users per day basis and those users aga...

by New Member in

Table Creation: Evaluating the sum of fields and displaying them grouped by another field

I have a bit of a data that looks like base search term | eval varA = fieldA/3 | eval varB = fieldB/36 | eval varC...

by Explorer in

Can I combine eval & latest?

Hi, I have scenario were i have the record sets and the number & name will keep changing based on the status Table...

by New Member in

Remove Wildcard from Field Name

I have some ticketing data being imported into Splunk for analysis. There are a couple of field names with an asterix...

by New Member in

How to compare field values in time?

We are gathering data on information tags on servers. We want to know when a specific tag value changes so that we ca...

by Path Finder in

Multiple eval of the same field

Hi all, I got some problems categorizing a custom field according to its content; to do so I am using multiple eval ...

by Path Finder in

How to find all values after a certain label in a field with regex?

Hi All, I have a big text field with sample value as: Random text Location:AL432 1)ART: New order ANYTHING Loc...

by Communicator in

How do I look for the existence of one field within another field?

For example, if I have a proxy log, and it shows User=A, then In the URL field we have "http://somesite.com/parameter...

by Explorer in

disable mouse hover on line chart

I want to disable hover on line chart, so it should not respond to hover, just a line. I was able to remove tooltip a...

by Communicator in

Splunk maintenance

Is there maintenance procedure that Splunk Enterprise/deployment/instance requires periodically to ensure high perfor...

by Communicator in

How to create a timechart with multiple values?

Hello! I'm trying to make a timechart like this one below, but I have some hosts that I need to show their medium cpu...

by Path Finder in

can't extract the field, below error shows up,

Argument 'value' contains invalid character : ^[\d+;\d+\w+\s+\d+-\d+-\d+\s+\d+:\d+:\d+,\d+\s+[\w+::\w+.\w+.\w+.\w+.\w...

by New Member in

Stats Question passing one field common to two sourcetypes where location is in one sourcetype to use field in second sourcetype

Where am i going wrong here: I'm trying to get a list of user ID's by location and pass them up to a search which ...

by Path Finder in

Error in 'eval' command: The expression is malformed. An unexpected character is reached

I was getting when I run the below query, can someone give me the solution pls, below is my query: | convert nu...

by New Member in

How do I search for multiple errors found in /var/log/messages?

I want to search for the following 3 error combinations and send alert if any, some or all are found: Error #1 - p...

by Path Finder in

How to filter and append a value from a subsearch into the primary search?

My data is in JSON format split into two different sourcetypes. Between the two sourcetypes exists a linking logID th...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Eventstats not attaching a stat to every event

Dividing a field with time into 2 hour slots to find matching events in each slot

Splunk Query help ??

can i get the one particular host information from the metadata command?

Can i define the time to search logs in colddb, db, datamodel or frozen

How to create a regex to display all the hostnames?

Why does the _time value keeps coming up blank?

How to use a lookup table in a Splunk query?

Search help ?

Pass the earliest and latest value as arguments for main and sub search.

Table Creation: Evaluating the sum of fields and displaying them grouped by another field

Can I combine eval & latest?

Remove Wildcard from Field Name

How to compare field values in time?

Multiple eval of the same field

How to find all values after a certain label in a field with regex?

How do I look for the existence of one field within another field?

disable mouse hover on line chart

Splunk maintenance

How to create a timechart with multiple values?

can't extract the field, below error shows up,

Stats Question passing one field common to two sourcetypes where location is in one sourcetype to use field in second sourcetype

Error in 'eval' command: The expression is malformed. An unexpected character is reached

How do I search for multiple errors found in /var/log/messages?

How to filter and append a value from a subsearch into the primary search?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions