Splunk Search

Discussions

Thread Info

How do you use the rangemap and metadata commands in Splunk?

I'm trying to understand the usage of rangemap and metadata commands in splunk. I have gone through some documentatio...

by Builder in

How to disable an alert on an event within "x" time of another event?

Hello, We have 2 searches, one gets us a result that says something along the lines of "this product was removed"....

by New Member in

Append a column based on conditions

I have a log file as below: ** Time Event_Type Event_Name** --------------------------------------------...

by Explorer in

Comparing values of fields without specifying field names

Hi, I have three fields, lets call them: x = 6 y = 6 z = 0 What I want to be able to do is compare each of t...

by Path Finder in

Why am I getting jms_ta errors?

Unable to initialize modular input "jms" defined inside the app "jms_ta": Introspecting scheme=jms: script running fa...

by Contributor in

Event by Event Math

I have a data stream that produces a series of values at a series of times. I need to do running calculations based o...

by New Member in

Compare standard deviation results for two sets of results

I have a query that uses stdev on the field value "queue_length" by field "queue_name". I need a query that gives me ...

by Engager in

Duration of two events by status!

hi, my raw data look like this: 12:01:11:000 ip: "123.456.789" = "1" 12:01:12:000 ip: "123.456.789" = "1" 12:01:13...

by Explorer in

How can i search for a host wich must have 3 letters at the begin of the dns name ?

Hi, i want to search for hosts which always have 3 letters at the begin of the dns name. search: index="myin...

by Explorer in

Troubleshooting timebased lookup table

HI Everyone Is there a way you can see how lookup table examed each value and make the call whether it is match or no...

by Communicator in

Need to compare fields in a csv

I want to create a search that will use a csv to ignore results if the result of the search has fields equal to a row...

by Engager in

declaring a variable in splunk dasboard and make available to all searches

I have a splunk dashboard with multiple panels/searches. My sample dashboard below. I want to be able to declare a...

by Motivator in

search event base on given time

I have two information door swipe card record and user logon record door swipe card record user swipetime result user...

by Communicator in

Combine events based on shared session field value efficently in verbose log source

I have an index with an excessive amount of logs from an application. The application divides these by event types co...

by Communicator in

How to search for a event then check ocurrence during a period of time using another SPL

Ok, so here is my question These 3 lines denote possible values for scheduled downtime MSG WHEN DOWNTIME START...

by New Member in

Need help with rex extraction including double quotes and slashes

Hi, I am currently trying to extract the numbers from this field example: message.data ... {\"MyID\":\"...

by New Member in

How to combine continuous values within 5 minutes?

Hi Experts, I'd like to filter the record when the "delta_value" has the same value within 15 seconds (or repeats 3 t...

by Splunk Employee in

How to remove zeros from appearing on my stacked column chart?

I am trying to get a stacked column chart with items sold by agent at each location. I have the below search: s...

by Path Finder in

Parse a string into multiple fields for my App - Custom Parser

I have a custom log as below: 1 2017-11-27T09:42:05.449123+00:00 generus0002 Sonahock - - [timeQuality tzKnown="1"...

by Path Finder in

Find call duration

I am trying to find the amount of time people are on the phone to the help desk but are not getting any results back ...

by Explorer in

Search and Alert produce different results

When I type this search in the normal Splunk search app, I get normal expected results: "usb" | transaction host s...

by Explorer in

Got this error "Unable to initialize modular input" from indexer after deploy a Splunk_TA_paloalto to indexer

The error message that I got is this one. But I found that it is a general error and would like to know the root caus...

by Splunk Employee in

Using non timestamp field to produce search for yesterday

I have a date field called "Closed date" in following format "%Y/%m/%d" that IS NOT my timestamp field & want to crea...

by Explorer in

Splunk refuses to ingest particular variable

I am attempting to retrieve the SNMP metrics ifHCInOctet and ifHCOutOctet. I have a Python script that does this. Whe...

by Builder in

How to calculate time between events within a session

I have events like session_id = 1 device_time = 2017-11-26T12:13:32 session_id = 1 device_time = 2017-11-26T12:13:...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you use the rangemap and metadata commands in Splunk?

How to disable an alert on an event within "x" time of another event?

Append a column based on conditions

Comparing values of fields without specifying field names

Why am I getting jms_ta errors?

Event by Event Math

Compare standard deviation results for two sets of results

Duration of two events by status!

How can i search for a host wich must have 3 letters at the begin of the dns name ?

Troubleshooting timebased lookup table

Need to compare fields in a csv

declaring a variable in splunk dasboard and make available to all searches

search event base on given time

Combine events based on shared session field value efficently in verbose log source

How to search for a event then check ocurrence during a period of time using another SPL

Need help with rex extraction including double quotes and slashes

How to combine continuous values within 5 minutes?

How to remove zeros from appearing on my stacked column chart?

Parse a string into multiple fields for my App - Custom Parser

Find call duration

Search and Alert produce different results

Got this error "Unable to initialize modular input" from indexer after deploy a Splunk_TA_paloalto to indexer

Using non timestamp field to produce search for yesterday

Splunk refuses to ingest particular variable

How to calculate time between events within a session

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions