Highest Voted 'splunk-query' Questions

-2

votes

1 answer

To find New error in server logs that was not present in logs in the past one week

I am looking to trigger an alert in splunk if a new error is there in server logs. New error is an error/s that was not present in server logs in the past one week. I have index for logs index=Serverlogs1. Please help!

asked Aug 30 '20 at 16:04

user14191992

1
1

-2

votes

1 answer

Need help in Splunk Pie chart search expression

I am new to splunk dashboard development, so far I am creating KPI's using just 'single value'. I have three KPI's resulted 600, 250, 150 KPI 1 search expression - Result is 600 (example) index=indexname kubernetes.container_name=tpt MESSAGE = "Code…

splunk splunk-query splunk-calculation splunk-formula

asked Mar 11 '20 at 10:12

Raju

175
1
2
11

-2

votes

2 answers

I am trying to use regular expression for extracting the Filename filed in Splunk,I have attached the same text

ID=6913&Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf&Download=65536&DownloadSize=79243 HTTP/1.1" 200 3 "-" "Java/1.8.0_192" I need to extract and after extract i need Thanse04 from…

regex splunk splunk-query

asked Feb 17 '20 at 16:44

Anshuman

3
1

-2

votes

2 answers

How to put conditional output like arthmemetic , value o/p should be greater than = 30k and less that = 30 k

enter image description heresourcetype=xxxxx "connection from 17.129.249.164" OR "connection from 17.208.230.209" OR "connection from 10.41.84.33" OR "connection from 10.41.158.214" OR "connection from 10.41.88.162" OR "connection from 10.41.157.80"…

splunk splunk-query

asked Jan 31 '20 at 07:15

Misrty vib

9
6

-2

votes

1 answer

How to subtract a string from value field

I Need to know to subtract a string from the begining of a value until a specific character in Spl. For example, if I have a field who contains emails or another data: MAIL FROM: YYYY@XXXXX.com BODY=7BIT How to get just the email address…

splunk splunk-query

asked Apr 17 '19 at 12:54

Anas Salem

177
1
2
13

-3

votes

1 answer

SPLUNK Query : need to split a string in a list using delimiter

eg: list = { abc::12345, xyz::345} . requirement is I have to get {abc, xyz} as query result. needs stats count of the values in the list after removing the part after delimiter ::

string split delimiter splunk splunk-query

asked Jan 18 '23 at 14:50

Aswathy

1
1

-3

votes

1 answer

Fetch Nth field from end of a string

I want to write a regex to pull the nth field from the end of a string in splunk. Please let me know how to proceed.

regex splunk-query

asked Jan 09 '18 at 14:31

Sarnath Jegadeesan

202
4
17

Questions tagged [splunk-query]

To find New error in server logs that was not present in logs in the past one week

Need help in Splunk Pie chart search expression

I am trying to use regular expression for extracting the Filename filed in Splunk,I have attached the same text

How to put conditional output like arthmemetic , value o/p should be greater than = 30k and less that = 30 k

How to subtract a string from value field

SPLUNK Query : need to split a string in a list using delimiter

Fetch Nth field from end of a string