Splunk Search

Ask a Question

Discussions

Thread Info

Add sum events in separate column

it is my search host="splunk.local"|bucket _time span=1mon | stats count by event my question is : To sum the...

by Explorer in

Regex in query

Hi, Can anyone help with a regex to extract into a new field anything contained within raw data after a #? For ...

by Path Finder in

Need a little help converting seconds to days, hours, minutes

Hi all, Windows reports everything in really long seconds uptime fields. I want to convert that to days, hours, mi...

by Path Finder in

Searching for matches during specific times

My search is something like: index=foo "get /foo/bar"| eval a=_time+1s| eval b=_time+10m | table a,b,ip, field1, fie...

by New Member in

Which command or stanza can be used to decide which fields are extracted at search time to improve performance?

As far as I know, fields- does not improve performance, and I'm looking for a better option.

by Explorer in

How can I fix my double timechart graphs?

I want to see 2 timecharts that each 1 contains different counter my search is: source="perfmon:test" counter="Pri...

by Path Finder in

Streamstats Question

Using this query below could you help me identify servers that were added on a daily basis? example today is friday 1...

by Engager in

My values are not showing on map

Hello, Im very new with Splunk. Can you please tell me what is missing on my search string eventtype=security * us...

by New Member in

Is it possible to use a single rex command to deal with multiple scenarios?

Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basical...

by Motivator in

How can I find values within a specific range/ make sure each value meets the criteria of a particular range?

Hello, We have the following search: index="blah" | stats values(Change), values(Volume), values(Price) by Symb...

by Communicator in

Why is my eval if() not working consistantly

I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm tryin...

by Explorer in

Matching two expressions to one field

I am trying to extract a field from logs that look like this: Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 1...

by Path Finder in

How to use streamstats to calculate device availability

I have some device logs and am trying to determine the outage (downtime) duration. Problem I have here is that event...

by New Member in

How can I run stats sum as command on same search for two different values?

I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Ob...

by Explorer in

Use count from first search in the Where Clause of the subsearch

I want to use the count from the first search "FilesImported" as criteria in the where clause of the subsearch. Files...

by Path Finder in

Re-assigning or deleting the orphaned searches

What is the best way to delete or re-assign the orphaned searches?. I have around more than 100 orphaned searches whi...

by Path Finder in

Drill down to dashboard with hidden table

Hey, I am trying to drill down from one dashboard to another and show a table with the selected category in the t...

by New Member in

compare response time from yesterday to today

Trying to compare response time from yesterday to today. This search seems to be working, but very, very slow. Any su...

by Explorer in

Help writing a search to count by event type?

eventtype=* |stats count by eventtype which works. However, in a dashboard below query doesn't work. Any suggestio...

by Explorer in

Regex to find Account_Name's that end in a $ and \ isn't stopping it's special char nature

I want to find all names in Account_Name that end with a $ and not ones that don't. IE: I want NAME1$ but not NAME2. ...

by Explorer in

Predict by

My search result: _time Location Total 01/01/13 12:00:00.000 AM Location 1 12 02/01/1...

by Path Finder in

How to not evaluate something during a certain time period?

So, I have a search query that calculates a field but I wanted to know if there is a way to check if it is a certain ...

by Communicator in

How to extract the fields from JSON output and display as table

{ "ERROR_CODE" : "XXX-XXX-00000", "ERROR_DESC" : "Success." }, "accountBalances" : { "accountNumber13" : "22222222222...

by New Member in

Help needed in extracting string between two similar strings

I have a log mentioned below: ERROR: Cannot retrieve requested details in 103 ms cause: [50000] ERROR: Building pr...

by New Member in

Count combination of multivalue field

Hi, I wonder whether someone can help me please. I'm using the query below to extract the different actions perfor...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Add sum events in separate column

Regex in query

Need a little help converting seconds to days, hours, minutes

Searching for matches during specific times

Which command or stanza can be used to decide which fields are extracted at search time to improve performance?

How can I fix my double timechart graphs?

Streamstats Question

My values are not showing on map

Is it possible to use a single rex command to deal with multiple scenarios?

How can I find values within a specific range/ make sure each value meets the criteria of a particular range?

Why is my eval if() not working consistantly

Matching two expressions to one field

How to use streamstats to calculate device availability

How can I run stats sum as command on same search for two different values?

Use count from first search in the Where Clause of the subsearch

Re-assigning or deleting the orphaned searches

Drill down to dashboard with hidden table

compare response time from yesterday to today

Help writing a search to count by event type?

Regex to find Account_Name's that end in a $ and \ isn't stopping it's special char nature

Predict by

How to not evaluate something during a certain time period?

How to extract the fields from JSON output and display as table

Help needed in extracting string between two similar strings

Count combination of multivalue field

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!