Splunk Search

Discussions

Thread Info

Regex or rex LDAP extraction

I keep trying to figure things out myself but my head is getting bruised from hitting it against my desk... I am t...

by Builder in

How to edit timestamp to one day previously?

I have a report running in SPLUNK on a daily basis. The timestamp for this report is the "Report Date" field (i.e. to...

by Explorer in

How to format data in a table column to print one entry on a line?

Is there a way to format data in a table column to print one entry on a line? In my alert the table data shows up som...

by Builder in

How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content?

I have a CSV file with fields mentioned below: Updated Date, SMSMessage,Sender,SMS Date,userID The SMSMessage fiel...

by Path Finder in

Extract wrapped field for auto extraction

Today we have messages from our application like this: 2018-May-1 12:00:00.000 [Thread=4d2ce108-c322-49ff-bcc0-380...

by New Member in

How to convert field date into week values?

Good Day all, I have a query, I am uploading a CSV regularly onto splunk. Since its uploaded in a random time, splunk...

by Communicator in

How to display the time field?

In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q...

by Communicator in

Question regarding brute force query

Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security | search (EventC...

by Loves-to-Learn in

How to search a matching string using lookup?

I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 | rex...

by Explorer in

How to rearrange columns in a timechart result?

Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for ea...

by Path Finder in

Would like timechart (count) to show a legend with overall % next to each item

I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in...

by New Member in

How do you restore the local.meta if it has been corrupted

The local.meta file on our splunk 5.0.4 version on the Search Head/Deployer server has had data removed (assuming acc...

by Path Finder in

How to group by object's keys?

I would like to create stats from the data whose structure looks like mentioned below: { data: { ...

by New Member in

search to find users that worked most events

i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases...

by Explorer in

How to Eval urldecode and then regex?

I have some URL encoded logs. ...| eval decoded_raw = urldecode(_raw) how would I write a rex to find any deco...

by Builder in

subtraction of timestamp from two search

i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S...

by New Member in

How to calculate concurrent operations on a server in a timechart?

Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in ...

by New Member in

How to count the number of alerts with various time ranges and displays, together?

I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu...

by Builder in

Unable to use regex to index logs

Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia...

by Observer in

How to populate a column that generates time difference for the results which are generated from a stats command?

I have this query. index=azure Operation=UserLoggedIn user!=Unknown|sort - _time | iplocation ClientIP | eval T...

by New Member in

TimeChart implemention over two grouping

i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ...

by New Member in

Splunk freezing for other users when doing large base search.

Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search?...

by Influencer in

Process end with load job

I have modified the xml of my dashboard in order to load some data directly form the results of the process related t...

by New Member in

item and time column lookup help

I have several rows of a CSV lookup Name,00:00,00:15,00:30 test1,A,A,A test2,A,N,N I want to matchup _time with th...

by Builder in

How to write a query to show the top performer (Single Value)?

Hello All, I want to write something that shows a single value with the below data Customer M 5 Units Customer N 15 U...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex or rex LDAP extraction

How to edit timestamp to one day previously?

How to format data in a table column to print one entry on a line?

How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content?

Extract wrapped field for auto extraction

How to convert field date into week values?

How to display the time field?

Question regarding brute force query

How to search a matching string using lookup?

How to rearrange columns in a timechart result?

Would like timechart (count) to show a legend with overall % next to each item

How do you restore the local.meta if it has been corrupted

How to group by object's keys?

search to find users that worked most events

How to Eval urldecode and then regex?

subtraction of timestamp from two search

How to calculate concurrent operations on a server in a timechart?

How to count the number of alerts with various time ranges and displays, together?

Unable to use regex to index logs

How to populate a column that generates time difference for the results which are generated from a stats command?

TimeChart implemention over two grouping

Splunk freezing for other users when doing large base search.

Process end with load job

item and time column lookup help

How to write a query to show the top performer (Single Value)?

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions