Splunk Search

Discussions

Thread Info

How to transpose or untable and keep only one column?

Hello, I have a search returning some results that look like this: sourcetype="somesourcetype" [ search sourcet...

by Explorer in

Why is searching with NOT or != being ignored in search results?

Anyone else seen this before? I'm building a search, then telling Splunk to NOT or using field!=something and Splunk ...

by Path Finder in

How to edit my timechart search to only return results where the (average) response time is greater than 500?

Hi All, I'm using the search below for getting the avg response time that is greater than 500. index=web <data>...

by Path Finder in

How can I split an event into two or more events according to two multivalue fields?

The raw data is like : FieldA | FieldB | FieldC | FieldD 14-51-P-1216;14-52-P-0258;14-52-P-0053;14-52-P-0054 | 99D...

by Path Finder in

How to select data within selected timerange on particular fields?

Hi Splunkers, I understand we can re-write _time with particular timefield with this formula eval _time=strptime(t...

by Communicator in

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

Is there any way to create fields and assign values to them while my script is being executed for custom search?

by Explorer in

External data fetch w/curl (REST)

I need to fetch some external data from various sources. WIth curl on command line this is relatively simple to do ag...

by Explorer in

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

I have multiple fields with different values (error messages) from the same log. I am trying to get a count per field...

by New Member in

How to list values to fields based on userid selected in a drop-down form?

good morning all So I have a table chart with a drop-down that selects a user and this works fine. When I select a...

by Explorer in

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

I'm getting the above error message ( 'searchmanager' received some positional argument(s) after some keyword argumen...

by Builder in

How to find the daily average of the time difference between the concurrence of one line and a previous line?

Hi, I have a very simple line of trace which indicates the end of a timer that runs at the completion of an import...

by New Member in

How to prevent a space character from delimiting and truncating my filename field?

Hi folks, I have some new logs coming in, and I took a look at the fieldname that has a Windows filename in it, an...

by Communicator in

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

We were using an old version of Splunk (ver 5) and have since updated to the ver 6.2.4 and now our failed login attem...

by New Member in

How to create a custom field with values based on the monitors in inputs.conf

Hi, In my inputs.conf I have a number of monitors. I would like to create a custom field called logtypevalue with ...

by Path Finder in

Why does this join not correctly match the data?

Hi, I'm experiencing some strangeness with the following query: index=main_index | dedup _raw | sort _raw | ren...

by Path Finder in

How Can I View IPs That Have NOT Generated Events?

For example, I want to run the following search and have splunk output IPs that do NOT show up in the results. ind...

by Explorer in

Is it possible to get both rare and top results in the same search result table?

Hi, I want to know if it's possible to get rare and top value on the same table search. index=_internal |top l...

by Contributor in

Is there a way to filter out events from search results based on the logged-in Splunk user running the search and specified field values?

I have a requirement to filter out events based on: the USER running the search and FIELD VALUES contain...

by Engager in

How to create a timechart with overlay lines for Mean, Upper Control Limit, Lower Control Limit, and Targets?

Hi, I have a number of timecharts displaying KPIs over the last 30 days. What would be the most efficient way t...

by Contributor in

Error in 'eval' command: The operator at '{}.Instrument' is invalid.

Do you know why I get the following error message? vols{}.Instrument is a valid field but it doesn't like the {}. ...

by New Member in

Splunk Search

Discussions

How to transpose or untable and keep only one column?

Why is searching with NOT or != being ignored in search results?

How to edit my timechart search to only return results where the (average) response time is greater than 500?

How can I split an event into two or more events according to two multivalue fields?

How to select data within selected timerange on particular fields?

Is there a way to dynamically create fields and assign them values while my script is being executed in Splunk for a custom search?

External data fetch w/curl (REST)

How to display the stats count for multiple field values on a dashboard panel where the count is greater than 2 within 1 minute?

How to list values to fields based on userid selected in a drop-down form?

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

How to find the daily average of the time difference between the concurrence of one line and a previous line?

How to prevent a space character from delimiting and truncating my filename field?

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

How to create a custom field with values based on the monitors in inputs.conf

Why does this join not correctly match the data?

How Can I View IPs That Have NOT Generated Events?

Is it possible to get both rare and top results in the same search result table?

Is there a way to filter out events from search results based on the logged-in Splunk user running the search and specified field values?

How to create a timechart with overlay lines for Mean, Upper Control Limit, Lower Control Limit, and Targets?

Error in 'eval' command: The operator at '{}.Instrument' is invalid.

Getting the timestamp when the status has changed

How to reassign orphaned search in splunk light

Free Trial Fundamentals 1

How to timechart percentage value made by stats or...

Timechart for multiple search total