Splunk Search

Ask a Question

Discussions

Thread Info

How can I sort field values depending on the another field values ?

PFB the search query that I am using for my panel. PFA the view of th dashboard as well. index=scampservices OSIT4...

by Path Finder in

How can I build regex to extract data from unstructured Domain Time Logs?

Hi, Log files contain header and summary information in the beginning of the file. The number of header + summary ...

by Path Finder in

How to create two searches combined into one chart, or timechart with calculated percent of total (rate) by fields?

I have transactions logged across different sales "channels" (catering, mobileApp, faceToFace, etc.). I am trying to ...

by New Member in

Why is coalesce working only for one of the two fields I am combining, depending on the sequence the fields are being combined?

I have two existing fields - "narrative" and "alarm_type" that I am trying to combine into a new single field "alert_...

by Communicator in

How can I create a lookup where if the user is not found, the result should be NULL?

When searching a lookup and the user is not found then I need the result to be NULL. Any ideas?

by Explorer in

Why is the conversion of epoch time to human readable time (hetime and hltime) returning all zeros?

Hi, I have this XML code where I'm attempting to convert the clicked time in epoch format into a human readable ti...

by Motivator in

how can I create a top 5 list of multiple values from one source

I have an index from a forwarder that looks something like this: "index=indexname DEBUG Rule="Rule One" OR "Rule Two"...

by Path Finder in

Is there a limit on "Show all lines" in transaction startswith and endswith?

Hi All, I am using transaction with startswith endswith and some files are not showing. So I used keepevicted=t an...

by Contributor in

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe)

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe) I have the f...

by Motivator in

How to group selected blade Id's to Multiselect option?

I have a desired list of blades and I had filtered out only those blade id's and now while creating a multiselect lis...

by New Member in

How do I calculate the Average time usage per day when using Transaction and Bin?

Hello Everyone I have 2 source types ProcessStart and ProcessEnd. The common field with which I need to find out t...

by Path Finder in

Why are older events not shown anymore?

Dear Community! Following situation: I have a couple of indexes which are gathering log events from several heavy ...

by Explorer in

Using values of a field, compare them in another field and pulling relevant data into one

Hi All, I have a field named Issues Reported, whose values go something like this. Question 1. Can I us...

by Communicator in

Split IP Address in network and host part

Hi everyone, I've got a little problem. I want to split up IP addresses in network and host part (to create a char...

by Explorer in

Can I call a macro without using transaction in my search?

The current search I am running calls "transaction" and then a macro to output results into my table. When I remove t...

by New Member in

Splunk Newbie: Using buckets/bins

Hi Splunkers, I can't seem to find a efficient way to bucket my results where anything greater than 174 days gets ...

by New Member in

Why are the stats values not working with append?

I need the field concate_CSV to list all concatenations for each machine but it is not working. (Actual v Desired out...

by Communicator in

Timechart Search using TextBox

I want to include search box to search account and it should display the timechart also. Please help. Presently only ...

by Explorer in

Transaction based alert trigger for EventCode=4740 showing previous 60 minutes events

Good morning. I am looking to generate an alert for when EventCode=4740 (User lockout) is shown in the event logs ...

by Path Finder in

How to force DBconnect to send fields with NULL values to the index?

DBconnect is not sending fields with NULL values to the index Is there a way to force DBconnect to do this ?

by Explorer in

How to filldown by multiple criteria ?

I, My use case : We monitor change state events on projects : { date: 2018-02-06T11:00:07+01:00 id: 473184 <...

by Explorer in

Field reference in search (Not in dashboard) (i.e. Token replacement in search)

Hello, I try with no success since here to do something like : | makeresults | eval super_important_field="supe...

by Path Finder in

compare 2 different search results and list out the missing data from search 1 result

Hi, I have 2 results from 2 different searches. I need to compare it & find out the missing data from search resul...

by Path Finder in

regex pattern

Hi, I am trying to regex only -R from this following results. However rex I used is not working. Please suggest ...

by Explorer in

Regex with conditional statement

Hi there, I need some help to form regex command. My requirement is to first search for code=SEND then stats count...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I sort field values depending on the another field values ?

How can I build regex to extract data from unstructured Domain Time Logs?

How to create two searches combined into one chart, or timechart with calculated percent of total (rate) by fields?

Why is coalesce working only for one of the two fields I am combining, depending on the sequence the fields are being combined?

How can I create a lookup where if the user is not found, the result should be NULL?

Why is the conversion of epoch time to human readable time (hetime and hltime) returning all zeros?

how can I create a top 5 list of multiple values from one source

Is there a limit on "Show all lines" in transaction startswith and endswith?

How do I format a number with commas in a column/field that has numbers and strings(using appendpipe)

How to group selected blade Id's to Multiselect option?

How do I calculate the Average time usage per day when using Transaction and Bin?

Why are older events not shown anymore?

Using values of a field, compare them in another field and pulling relevant data into one

Split IP Address in network and host part

Can I call a macro without using transaction in my search?

Splunk Newbie: Using buckets/bins

Why are the stats values not working with append?

Timechart Search using TextBox

Transaction based alert trigger for EventCode=4740 showing previous 60 minutes events

How to force DBconnect to send fields with NULL values to the index?

How to filldown by multiple criteria ?

Field reference in search (Not in dashboard) (i.e. Token replacement in search)

compare 2 different search results and list out the missing data from search 1 result

regex pattern

Regex with conditional statement

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Deployment Server Does Not Replace Existing Lookup...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions