Splunk Search

Discussions

Thread Info

I want to show the server startup and failure time in two separate columns. How can I do that? Obviously we have two search strings for startup and failure . Please help me on this

I want to show the server startup and failure time in two separate columns. How can I do that? Obviously we have two ...

by Communicator in

How do I calculate a field with another field value from a previous row?

Hello Everyone I have a below query that gives me output with 4 fields. sourcetype=* | fillnull TimesRan value=...

by Path Finder in

Percentages of table totals

Hi I have a table top 10 ( could be top15) So there table has a the top 10 most popular projects by count spli...

by New Member in

Why are the extracted values different in the field?

Hi all, As I'm newbie and trying to figure out an issue with logs coming from a fortigate utm. I have no clue why I s...

by Explorer in

How to extract an unmapped field in the stats table from logs?

I am trying to extract the value of an unmapped field from logs. I have logs where the status could either be ERROR o...

by Path Finder in

How to redirect from a search result to a second search in a dashboard?

How to redirect from a search result to a second search in a dashboard. I have a panel in dashboard which displays ex...

by Communicator in

Can i input a list of ServiceNames from the a file and then get the status of those services from the data in splunk servers ?

I have a list of services. I want to create a kind of a health check report for all the services. The problem is I...

by Path Finder in

Why the renamed values doesn't show on the pie chart?

Hi Guys, I am creating a pie chart with the below query. I renamed and replaced the column and field values. The d...

by Communicator in

How can I get a count of entries where one value is 0 or greater than 0?

I have a Splunk Query that is returning data, similar to: ComputerName NumVulns Computer1 10 Comput...

by Path Finder in

What is the difference between System and Search within indexes?

Name Actions App Current Size ...

by New Member in

Count of users

Hi, We have some events in which two fields appname and UserID are listed. Which shows in each event that which us...

by Contributor in

How to compare results and assign values from Lookup?

Hello everyone, Splunk beginner here!! Just trying to do something simple. I have a list of students being obtaine...

by Explorer in

Timechart minimum values

Hi, I have this data this is retrieved once per hour (more or less on the hour) for the past 7 days. readyArmed...

by Motivator in

Why is the table in dashboard reporting "No results found" when there are in fact results found?

We have a table in a dashboard that shows "No results found." when in fact there are results for the search based on ...

by Contributor in

dbxquery eval _time as column

Hi all, I am trying to set the values in column insertepoch in a mysql database to be the new _time index in splu...

by Path Finder in

How to table a KV output?

Hi Team, I used the below query to extract the log file. index="test" sourcetype="todayline" | kv pairdelim="\r...

by Engager in

How can I eval a new field using only partial values from existing field?

Apologies if my question's title is non-descriptive. I am working through extracting an 'action' field from an existi...

by Explorer in

How can my search query show all duplicated events by field?

I'm trying to search data from our Infoblox switch port capacity source, and there are many interfaces that have an i...

by Engager in

How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users?

Good Morning Out of interest I wondered if anyone had a Splunk Search, which clearly showed machines being mined a...

by New Member in

How can I do field extraction on a security log using regex?

I need a little guidance on rex field extraction on the following "redacted" security log. Unfortunately, I don't hav...

by Builder in

How to subtract two time fields?

How would I go about subtracting EndTime from BeginTime?

by Path Finder in

Creating a custom date field

Hi, Is there a way to create a custom date field in Splunk? Sow lets say I have multiple events, all of these e...

by Path Finder in

How to use subsearch inside a map command search?

I have a query that uses map and subsearch inside map command as below: index=myindex | eval email="email@xyz.com"...

by Path Finder in

How to extract a string with length, based on the value of another field?

These are some sample of my logs : "07PRIVATE" or "06SAMPLE" OR "08EXAMPLES" The first two digits are the length o...

by Path Finder in

How to query where I can display x and y values as the top value?

I have a tag which has four values i.e. a,b,x,y. But I want to display only the x and y values as the top value. I tr...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I want to show the server startup and failure time in two separate columns. How can I do that? Obviously we have two search strings for startup and failure . Please help me on this

How do I calculate a field with another field value from a previous row?

Percentages of table totals

Why are the extracted values different in the field?

How to extract an unmapped field in the stats table from logs?

How to redirect from a search result to a second search in a dashboard?

Can i input a list of ServiceNames from the a file and then get the status of those services from the data in splunk servers ?

Why the renamed values doesn't show on the pie chart?

How can I get a count of entries where one value is 0 or greater than 0?

What is the difference between System and Search within indexes?

Count of users

How to compare results and assign values from Lookup?

Timechart minimum values

Why is the table in dashboard reporting "No results found" when there are in fact results found?

dbxquery eval _time as column

How to table a KV output?

How can I eval a new field using only partial values from existing field?

How can my search query show all duplicated events by field?

How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users?

How can I do field extraction on a security log using regex?

How to subtract two time fields?

Creating a custom date field

How to use subsearch inside a map command search?

How to extract a string with length, based on the value of another field?

How to query where I can display x and y values as the top value?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions