Splunk Search

Ask a Question

Discussions

Thread Info

Linechart with multiple lines of data on one chart?

Dummy question. I have a CSV file that contains three columns (fields) <date>, <value>,<group> 2017-01-01, 10...

by New Member in

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

All, I have a soucetype that is quite complex. So I need to leave autoKV extractions on. In one of the logs there...

by Builder in

Can I use relative time for bin span?

I want to run a query with rolling time span (rolling every minute) and want to count events in last 1 hour relative ...

by Explorer in

set timezone in search

most of my data sets to UTC, and all data sources are properly tagged to convert to UTC if they are not. My user i...

by Path Finder in

How to modify the results in required format?

I have a lookup query as follows | inputlookup hosts.csv | rename hostname as my_hostname | table my_hostname ...

by Builder in

How would I configure my regex to also include Windows data?

I have a query that will identify all the logs in my instance for a certain index, it list everything running except ...

by Path Finder in

Time field always gives nanoseconds without format variable

`xd_index`_alerts SiteName="*" ServerType="Member"| eval _time=_time-(strptime(strftime(_time,"%Y-%m-%dT%H:%M:%S")." ...

by New Member in

How can I search for results that share the same Mac address?

I think I'm close. Just need a little help. here is my current search index=windows sourcetype=dhcpsrvlog | stats dc(...

by Path Finder in

Can I graph data in text over time?

I have data that is in text value that I want to graph over time. index=pcrf sourcetype=rac* ha_state=* | table _...

by New Member in

Transforming Field Value with Rex/Regex?

Hey! So I have this field: "user1 user2 user3 user4 user5 user6 (.....)" and I wanted it to look like "(account="u...

by Path Finder in

check if value is in subsearch table result

Hi, I need a way to check if a value is in a sub search table result. for example I use the code that doesent work...

by Contributor in

Simple way to turn multivalue field into a table?

Is the a function that does this: ... | mvmap data (fname, lname, age, height) | table lname, age (where data ...

by Explorer in

What is the best way to compare emails in two different formats

I have two fields, I need to compare, that contain an email address, but in different format: Format 1) firstname.las...

by Builder in

Results from root search in a subsearch

Here is an overview of what I'm trying to accomplish. I have created a table that uses information in the threat acti...

by New Member in

Convert #B/KB/MB/GB into bytes without a unit?

Hey everyone. Searching around, I see tons of answers related to converting numerical bytes into KB/MB/GB/TB. However...

by Builder in

How can I see the Data in a Metrics Index in Splunk 7?

Hi everyone, I'm looking forward to do some Data Science with Splunk and was very happy to read about the Metrics ...

by Path Finder in

Dispatch folder is only 284KB but I still encounter minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch

I wanted to reduce my storage space. I have already set retirement policy but my used space did not reduce although t...

by Path Finder in

hot_v* file not found but able to see file using locate

Hi, Referencing to http://docs.splunk.com/Documentation/Splunk/6.2.1/Capacity/Estimateyourstoragerequirements, I'...

by Path Finder in

How do I exclude fields with certain values from a table when the event has multiple values for the same fields?

Hi, As the title says. Refer to the screenshot below too; The above is the log for the event. as you can s...

by Communicator in

Field extraction of log file -- Each line has different format, how can I include all format in one regex?

I am doing field extraction for a log file format as below: line 1: field1, field2, field3, field4 line 2: field1, fi...

by Communicator in

How can I compare data between two dates?

I have index data like below, and I want to calculate how many have a stock price higher than yesterday. date, stock,...

by New Member in

How to extract a repeating field from an event

I have data that looks like this: AA=value1,BB=value2,BB=value3,BB=value4 AA=value5,BB=value6,BB=value7 AA=value8,...

by New Member in

ITSI | itsi_service_id to service name mapping?

I want to query the summary index and pull back KPIs with high alert severity. However, in order to do this I have to...

by Path Finder in

How to extract a file name up to a specific character

I have a list of files similar to this list: FileObjMgr_01235_567.log EIM_0080123_45.log EIM_01031234_56.log EIM_0...

by Path Finder in

How to subtract 2 row sum total value

How to get the Total difference amount from DP - RF Search used: index=elm-*** | dedup transactionid | eval amoun...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Linechart with multiple lines of data on one chart?

Is there any benefit to explicit field extraction vs letting splunk do it on it's own?

Can I use relative time for bin span?

set timezone in search

How to modify the results in required format?

How would I configure my regex to also include Windows data?

Time field always gives nanoseconds without format variable

How can I search for results that share the same Mac address?

Can I graph data in text over time?

Transforming Field Value with Rex/Regex?

check if value is in subsearch table result

Simple way to turn multivalue field into a table?

What is the best way to compare emails in two different formats

Results from root search in a subsearch

Convert #B/KB/MB/GB into bytes without a unit?

How can I see the Data in a Metrics Index in Splunk 7?

Dispatch folder is only 284KB but I still encounter minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch

hot_v* file not found but able to see file using locate

How do I exclude fields with certain values from a table when the event has multiple values for the same fields?

Field extraction of log file -- Each line has different format, how can I include all format in one regex?

How can I compare data between two dates?

How to extract a repeating field from an event

ITSI | itsi_service_id to service name mapping?

How to extract a file name up to a specific character

How to subtract 2 row sum total value

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions