Splunk Search

Discussions

Thread Info

Rename field by using one of multiple wildcards

I have a query that counts by source and leaves me with fields that are named like /logs/containers/3198058471-5mdkn_...

by Explorer in

Is it possible using rex to create field names that contain a period (.)?

Hello! I'm parsing strings using rex and I'd like to define a set of field names that contain the period (.) chara...

by Motivator in

how to remove spaces in xml data after field extraction

I am trying to make a field extraction from xml data and but I am having a problem with special ascii characters bein...

by Path Finder in

Running a prediction and anomaly detection in parallel

I want to build a query that can do the following. a. Monitor about 10-15 metrics from the different kinds of syst...

by New Member in

Decouple a process in windows

So, I want to detach a process in windows using python code. What I want to do is, I am spawning a process from Splun...

by Engager in

Display a time chart for the distinct count of values in a field

I am beginner to Splunk and could you help me with the following scenario. Lets take I have a table with the field...

by New Member in

How do I combine and filter searches on a common field

Hello, my data look like this: { correlationId: "1", field1: "something **flagged**", field2: "alkjsd"...

by Explorer in

Default _time

I have an example log file with the following format: Nov 05 10:33:37 servername applicationserver: instance,ipadd...

by New Member in

Appending a static lookup

Hi all, I'm looking for a way to append the contents of a CSV table to any search I make as an additional column. ...

by Explorer in

Transaction

how can i define a transaction end based an extracted value? the value of terminal during the transaction start shoul...

by New Member in

How to setup dynamic resize with SVG

Hi, I made very good looking (well, to me ...) svg panels. The svg items were created with inkscape. Everything wo...

by New Member in

Search multiple fields from one lookup field

I'm trying to format a search in which I have a lookup with one column, this column includes malicious email addresse...

by Engager in

Can't we use a Custom Search Command with stats in fast or smart mode ?

Hi everyone! I had to write a script that solves the IP address from a field to the corresponding BGP AS Number. A...

by Explorer in

How to calculate Total Bandwidth Usage using bytes,bytes_in and bytes_out

my proxy is capturing three fields such as bytes,bytes_in and bytes_out out of which in need to calculate total bandw...

by New Member in

How create line chart using Time and Date

Hi Guys, I need your help. I have this structured log: SERVICE,END_TIME,DATA,TIME Job_Name,10/12/2018 07:14,10/...

by Engager in

Compare value in each row from column B with all values in column A

Hi, it probably very simple problem but looks like I am using wrong queries on Google and can't find a solution. I ne...

by Path Finder in

Map command to append value

Hello all, I have a lookup table with saved searches names, search strings, time range and some other values. I am t...

by Contributor in

How to fetch next row value to a separate field

Hi, I am new to Splunk and I want to perform some calculation here. I have a data like: WeeK RFS1 RFS2 RFS3 decisi...

by Path Finder in

Subsearch filter

In an index for a specific host I have log lines like this: 2019-05-15T06:09:56+00:00|6eb44e3c-d93e-4a43-b3f0-560a...

by Explorer in

Why does specifying indexed fields with "field"::"value" results in faster and more efficient searches?

Write better searches Splunk manual contains the following recommendation: Specify indexed fields with "field"::"v...

by Path Finder in

Python upgrade

Hi All, I am very new to Splunk and I have a below query regarding Python upgrade. Please advise. We wanted to ...

by New Member in

Issues configuring search peer

I have recently configured a new Splunk Enterprise environment and I need to configure a search peer on my head insta...

by Explorer in

Evaluating User dropdown options for Splunk Dashboard and dynamically changing title field

I have a Splunk dashboard which allows users to select two different fields. My goal is I want a way for Splunk d...

by New Member in

join two queries depends on common fields

Hello i have this query : (index=ssys_*_pj OR index=other) NOT source=*Bio_Mimics* (Head Optimization Wizard ((st...

by Communicator in

How create line chart using Time (Hour) in Y-axis and Date (Days) in X-axis

Hi Guys, Well, I have this structured log: MEMBER, JOBNAME, JOBID, DATE_START, HOUR_START, DATE_END, HOUR_END, DUR...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Rename field by using one of multiple wildcards

Is it possible using rex to create field names that contain a period (.)?

how to remove spaces in xml data after field extraction

Running a prediction and anomaly detection in parallel

Decouple a process in windows

Display a time chart for the distinct count of values in a field

How do I combine and filter searches on a common field

Default _time

Appending a static lookup

Transaction

How to setup dynamic resize with SVG

Search multiple fields from one lookup field

Can't we use a Custom Search Command with stats in fast or smart mode ?

How to calculate Total Bandwidth Usage using bytes,bytes_in and bytes_out

How create line chart using Time and Date

Compare value in each row from column B with all values in column A

Map command to append value

How to fetch next row value to a separate field

Subsearch filter

Why does specifying indexed fields with "field"::"value" results in faster and more efficient searches?

Python upgrade

Issues configuring search peer

Evaluating User dropdown options for Splunk Dashboard and dynamically changing title field

join two queries depends on common fields

How create line chart using Time (Hour) in Y-axis and Date (Days) in X-axis

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...