Splunk Search

Discussions

Thread Info

How to get response time from this search?

How to get response time from my search? APIName is from my inputlookup |inputlookup SolutionCenter.csv | appen...

by Communicator in

Rex extraction question

I'm pretty new to rex extraction using splunk and I can't figure out why my extraction isn't working. I have a raw ev...

by Communicator in

count events in multivalue field

Hi, I want to deal the multivalue field to get the counts whch is satisfied the conditions I set. For example, in the...

by Communicator in

Help with regex

I have the below sample data sample 1 `<TargetCode key="Zip5">78216</TargetCode>` sample 2 <adm:TargetCode...

by Builder in

foreach with mvexpand to iterate over server fields and perform an expansion

I have various fields like "Server 1" "Server 2" ... And I want to perform an expansion of those fields like so: ...

by Communicator in

Field-extraction wizard error: "The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings."

I just started indexing Windows printer logs and noticed I need to add some additional fields to extract. Here is an ...

by Communicator in

How to explicitly count an occurrence of a string when another similar string exists

I am trying to count the occurrence of some specific strings in a field value. The below query works for counting occ...

by Engager in

How do I search for event with null values in fields

I'm trying to find all events in the logs that have no value in a field. What's the simplest query for that?

by Splunk Employee in

Eventtype and Subsearch problem after migration

Hi everybody. After migrating splunk from one node to another I started having problems with eventtypes and subsea...

by New Member in

subsearch not running

Hi at all, I have a very strange question: I have a search with a subsearch that's correctly running on a test enviro...

by Legend in

Use Regex to extract the fields

I have data like- 2017-12-19 09:39:41|INFO|4b483c4b138de23b2f83a208c2313c4a|8de3f071aed6401d9ff5c4289694e852|a|b|c...

by Explorer in

How to split props/transforms from a standalone to an indexer clustering environment?

I've got a multi-character delimited file, which looks something like this: "27-MAY-16 04.25.26.746000 AM"|;|""|;|...

by Contributor in

Column Chart - Sorting months chronologically and not alphabetically

Morning Splunk Gurus Can you tell me what is the simplest way of arranging months into order of date rather than a...

by New Member in

timechart per month even if some months are missing data

I have this search: index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id This gives me a chart...

by Explorer in

how can I set $SPLUNK_HOME remotely?

Hi guys I am trying to deploy an app that contains a scripts that uses the variable $SPLUNK_HOME the issue comes w...

by Builder in

Remove 99% of Data from a file with Transforms.conf

I have data coming into SPLUNK [service] , but i only need the file name not the data in the file. The data is get...

by Motivator in

Converting default table numeric format to Italy ( convert .(dot) values to ,(comma) values in table rows)

Hi, My current requirement is showing the table values in Italy numeric format instead of default American format....

by Engager in

Splunk search join

Hello, I am trying to join two searches so i could get number of declined transactions in time. First i look for i...

by Explorer in

EC2 instance uptime monthly basis

The EC2 instances in my AWS environment are daily shutdown and startup on next day as per requirement. I want to deve...

by New Member in

How to extract time format using rex? "TransactionStartTime=12/19/2017 06:23:35.474"

How to extract time format using rex ? TransactionStartTime=12/19/2017 06:23:35.474;

by Communicator in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

How to get response time from this search?

Rex extraction question

count events in multivalue field

Help with regex

foreach with mvexpand to iterate over server fields and perform an expansion

Field-extraction wizard error: "The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings."

How to explicitly count an occurrence of a string when another similar string exists

How do I search for event with null values in fields

Eventtype and Subsearch problem after migration

subsearch not running

Use Regex to extract the fields

How to split props/transforms from a standalone to an indexer clustering environment?

Column Chart - Sorting months chronologically and not alphabetically

timechart per month even if some months are missing data

how can I set $SPLUNK_HOME remotely?

Remove 99% of Data from a file with Transforms.conf

Converting default table numeric format to Italy ( convert .(dot) values to ,(comma) values in table rows)

Splunk search join

EC2 instance uptime monthly basis

How to extract time format using rex? "TransactionStartTime=12/19/2017 06:23:35.474"

Help with Transforming an ingest of timestamped da...

How to generate alarm for when CPU peaks at100% o...

Difference between per_second and span=1s in timec...

Compare entry date to the selected revisit date to...

How to create two multi value fields to produce a ...