Splunk Search

Discussions

Thread Info

Why does Splunk recognize the timestamp only for specific dates?

Hello, I have a csv file with data from 2010 until 2017. Splunk seems to parse the timestamp correctly for most...

by Engager in

How to get a string from the INFO statement with an error response in Splunk

Hello, I need to get a string which is available in the INFO statement whenever there is an Warning statement in the ...

by New Member in

Calculate the percentage of a given date_hour

I have the following data set with says 1000+ data: Time, Duration in hours, eg. 13:23 2018-2-3, 0.234 15:13 2018-3-1...

by New Member in

How to transaction on two different fields within the same sourcetype?

I want to join events within the same sourcetype into a single event based on a logID field. However, this logID fiel...

by Communicator in

what is apiStartTime='ZERO_TIME'

I have been investigating excessively expensive searches by querying the audit log, and I came across one that has th...

by Contributor in

How can I get a usage count of all the user sessions that are NOT sticking to one host without providing "session id" in search box?

index="inx_prod" host="pweb*" "session_id=4w344fbrz5th1pzfatvb0u3u" | table host, session_id | stats count by host, s...

by New Member in

Is there a way to chain searches?

All, A user just asked me this, any ideas on how to do this? Splunkj Q: is the following supported? I create a...

by Builder in

How to determine the number of "BAD" transactions

Hi, I have this query earliest =-30m index=relay_json host=betamax* relayPairId!="null" | transaction relayPairId ...

by Motivator in

Adding a column from a subsearch

I have this query that i've lightly changed from the winfra app, but i want to add a PID into it, that would be in th...

by Explorer in

Display table issue

Currently I have a table generate by my query as below query: index=a | stats count by name code signature name ...

by Communicator in

Splunk conditional count/aggregation

I have some CSV data about files imported in to Splunk. The data looks like this: "\\domain\path\to\file\","<filen...

by Explorer in

search against a lookup table

Need help. How to I obtain the following output? I tried the following SPL but doesn't work. index=car_record | se...

by New Member in

Can I use regex to assign a sourcetype?

Hello. I new to regex and have been trying to understand how it works. Let say i have a log containing strings of...

by New Member in

Calculating Source type info indexing rate and EPS

Hello Splunkers, I would like to calculate below EPS values for 30 days time period for each source type on one c...

by Path Finder in

How to do eval and percentage based calculations?

I want to calculate the amount of change in between today's score and yesterdays. This is a file with a few days data...

by Path Finder in

I want to find the difference in count of processes from last 2 months

My 1st search: earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN|dedup host,PID|stat...

by Communicator in

How do I merge events on the basis of time and fields?

I want to merge events that are in between state=" STARTED" and state="COMPLETED" i.e. All the following events of st...

by Explorer in

Search Query Help

Hi Team, I got a scenario as below: index=* host=A or host=B Type=Info "Service down" In this i want the follow...

by Path Finder in

How to build a multi-level piechart?

Hello, I am searching for a possibility to build a multi-level piechart in Splunk. Does anyone knew if the is an b...

by Path Finder in

How to extract a field from a GET request?

Hi All - I am having trouble extracting the following fields from a GET request . GET **/TSGene/**images/literatu...

by Path Finder in

how can you run one search and share that data with multiple panels

How can or is there a way of running one search and sharing the resulting data amongst multiple panels in a Dashboard...

by Explorer in

Nested JSON and SPATHING

Hi, I have another question similar to the question I asked at https://answers.splunk.com/answers/624148/expanding...

by Path Finder in

Pivot search

hello , someone can help me to translate this pivot command in search command | pivot proofpoint proofpoint_search...

by New Member in

Creating new fields using already set data

I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly ...

by New Member in

How to create a real-time map of attacks

I want to create a real-time map similar to https://cybermap.kaspersky.com/ that tracks and displays the exact locati...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does Splunk recognize the timestamp only for specific dates?

How to get a string from the INFO statement with an error response in Splunk

Calculate the percentage of a given date_hour

How to transaction on two different fields within the same sourcetype?

what is apiStartTime='ZERO_TIME'

How can I get a usage count of all the user sessions that are NOT sticking to one host without providing "session id" in search box?

Is there a way to chain searches?

How to determine the number of "BAD" transactions

Adding a column from a subsearch

Display table issue

Splunk conditional count/aggregation

search against a lookup table

Can I use regex to assign a sourcetype?

Calculating Source type info indexing rate and EPS

How to do eval and percentage based calculations?

I want to find the difference in count of processes from last 2 months

How do I merge events on the basis of time and fields?

Search Query Help

How to build a multi-level piechart?

How to extract a field from a GET request?

how can you run one search and share that data with multiple panels

Nested JSON and SPATHING

Pivot search

Creating new fields using already set data

How to create a real-time map of attacks

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions