Splunk Search

Discussions

Thread Info

How to get keyvalue pairs listed by clause only when exists?

I have got multiple events in a log file which contains few key-value pairs and i want to look at only the existence ...

by Path Finder in

regex remove events from search

I'm reading in events from a lookup table and I'm trying to remove events using RegEx that meet criteria but can't ge...

by Contributor in

Substract values of two columns and display the difference in third column?

I have a table which have fields Rank, City, Population _2001, Population _2011. Now I want to find the growth in pop...

by New Member in

How to create a Splunk regex to match URI?

Hi everyone, I am trying to come up with a Splunk regex search for detecting URIs of URLs. What I am interested in...

by Engager in

Individual Records are merging in Single event in csv monitoring

I am facing a bizarre problem in csv file monitoring. I am monitoring a csv file from a server path. The records are ...

by Path Finder in

Create a Graph which is visible to all but the drill down data should not be visible to all.

Hi All Experts, I have created a bar graph for incidents and for click on each bar information is displayed on next p...

by Path Finder in

Adding Checkboxes in a dashboard (similar to ES Incident Review)

Hi, has anyone implemented a simple xml dashboard that shows a table with checkboxes? I would like to update a lok...

by Motivator in

Splunk table drill down - access different field value from clicked field value

I have query that returns two or more events based on two input selects input select 1: my_run_1_tag_1 (reference)...

by New Member in

Drilldown to link to search

My sample code looks like this how do I apply/insert drilldown to my code , to link to search results <form> <la...

by New Member in

How can I create a bar chart with positive and negative values?

How can I create a bar chart with positive and negative values? Here is the use case I have. I have events coming ...

by Explorer in

How to have the lookup multivalue field return the 1st match?

hello, I have a lookup table that has host to user correlation... ex; Host, User hosta, user1 hostb, user2 host...

by Contributor in

Is it possible to reference a report and add specific search criteria without having to create a new report with the needed criteria already specified?

Hello, I have a report scheduled to run every night collecting patch information from many different business area...

by New Member in

transaction creates multi value field help to get just the most recent when out of order

I'm trying to create a timeline of events and I'm running into an issue when certain steps are repeated and the data ...

by Motivator in

Search Page Loading - 400 Bad Request common.js 241

I'm using a search server 6.5.1 which is resulting in a 400 Bad request response on the POST request to http:///en-US...

by New Member in

Find the numerical outliers of the count for countries by day

I have the following which gives me the count of events that happen on separate days for each country. Column1: Date,...

by Explorer in

How to connect splunk app to remote webserver that has 2 way ssl enabled.

I need connect to a webserver that has two way ssl enabled. I exported the myCertificate.pem file from splunk server ...

by New Member in

How to remove null field after using "where isnotnull" command?

I am getting a little frustrated with this search... I have a field that just does not want to release the NULL value...

by Path Finder in

using foreach at the beginning of the query fetching less records than expected

index="index1" tdr=tdr1 OR tdr=tdr2 transaction id | foreach * [ rex field=<<FIELD>> mode=sed "s/{|}//g"] | eval _tim...

by Communicator in

Cooked Connection

A Google search indicates that that using the term "cooked" in realation to a network connection is exclusive to Splu...

by Path Finder in

All splunk specific keywords at one place

Hi Guys , I am looking for a cheatsheet kind of hing which has all splunk specific keywords at one place..

by Explorer in

Find a specific kind of event before event result

I'm searching in our IIS logs. I'm looking for a web POST action. The problem is that this POST action happens after ...

by Path Finder in

creating a new field using Regex

how do you create a field using regex with the following example below for example exsamplefield=cpe:/o:microsoft...

by Explorer in

We have an app on a server for which we want to send logs to splunk.

We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our s...

by New Member in

splunk forwarder is starting but not appearing in "Select Forwarder" Page

I am trying to setup a universal splunk forwarder but I think I am missing something. On restart splunk forwarder is ...

by Explorer in

Strange Splunk Ports

All 37 of my Splunk forwarders establish TLS 1.2 connections to Splunk on port 9997 as configured. No problem there. ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get keyvalue pairs listed by clause only when exists?

regex remove events from search

Substract values of two columns and display the difference in third column?

How to create a Splunk regex to match URI?

Individual Records are merging in Single event in csv monitoring

Create a Graph which is visible to all but the drill down data should not be visible to all.

Adding Checkboxes in a dashboard (similar to ES Incident Review)

Splunk table drill down - access different field value from clicked field value

Drilldown to link to search

How can I create a bar chart with positive and negative values?

How to have the lookup multivalue field return the 1st match?

Is it possible to reference a report and add specific search criteria without having to create a new report with the needed criteria already specified?

transaction creates multi value field help to get just the most recent when out of order

Search Page Loading - 400 Bad Request common.js 241

Find the numerical outliers of the count for countries by day

How to connect splunk app to remote webserver that has 2 way ssl enabled.

How to remove null field after using "where isnotnull" command?

using foreach at the beginning of the query fetching less records than expected

Cooked Connection

All splunk specific keywords at one place

Find a specific kind of event before event result

creating a new field using Regex

We have an app on a server for which we want to send logs to splunk.

splunk forwarder is starting but not appearing in "Select Forwarder" Page

Strange Splunk Ports

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions