Splunk Search

Ask a Question

Discussions

Thread Info

How to find min and max per hour during day by host ?

If I use such SPL index=_internal | timechart span=1h count by host | stats max(*) AS *."max", min(*) as *."min...

by Explorer in

MultiValue Table from Json array

Hello everyone, I search a very longtime on internet and splunk doc and i didn't get what i want well i have this ...

by Engager in

How can I extract this pattern from my raw data using rex command? \"ProductAccountNumber\":\"5342534253425342\"

Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and ...

by New Member in

Splunk Hunkのジョブ調査結果取得無効方法について

Splunk Hunk(splunk analytics for hadoop)を使用しています。バージョンは6.6.1です。「ジョブの調査」をクリックすると表示される実行コストなどの情報取得を無効にする方法を教えてください。

by Explorer in

How to match values within a multi-value column

I'm putting together a search that lists all of the IP addresses associated with scanning my firewall. Due to the fac...

by Path Finder in

Chart question

i have a table like date. prduct, price 171015, abc, 10 171015, CDE, 15 171014, abc, 8 171014 CDE, 9 how can i put...

by New Member in

Fill into multiselect input by clicking a table element (drill down)

Hi folks, I have tried to create a table drill down to insert elements into a multiselect input, that are already ...

by Path Finder in

Function startSearch() is not a function.

Facing issues to run a search using SearchManager. The error says that function startSearch() is not a function. I am...

by Communicator in

Return a custom table with empty results when no results on base search

Hi, I have the following search, and sometimes it doesn't get any results. When there are no values to return, I want...

by Contributor in

Add sum events in separate column

it is my search host="splunk.local"|bucket _time span=1mon | stats count by event my question is : To sum the...

by Explorer in

Regex in query

Hi, Can anyone help with a regex to extract into a new field anything contained within raw data after a #? For ...

by Path Finder in

Need a little help converting seconds to days, hours, minutes

Hi all, Windows reports everything in really long seconds uptime fields. I want to convert that to days, hours, mi...

by Path Finder in

Searching for matches during specific times

My search is something like: index=foo "get /foo/bar"| eval a=_time+1s| eval b=_time+10m | table a,b,ip, field1, fie...

by New Member in

Which command or stanza can be used to decide which fields are extracted at search time to improve performance?

As far as I know, fields- does not improve performance, and I'm looking for a better option.

by Explorer in

How can I fix my double timechart graphs?

I want to see 2 timecharts that each 1 contains different counter my search is: source="perfmon:test" counter="Pri...

by Path Finder in

Streamstats Question

Using this query below could you help me identify servers that were added on a daily basis? example today is friday 1...

by Engager in

My values are not showing on map

Hello, Im very new with Splunk. Can you please tell me what is missing on my search string eventtype=security * us...

by New Member in

Is it possible to use a single rex command to deal with multiple scenarios?

Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basical...

by Motivator in

How can I find values within a specific range/ make sure each value meets the criteria of a particular range?

Hello, We have the following search: index="blah" | stats values(Change), values(Volume), values(Price) by Symb...

by Communicator in

Why is my eval if() not working consistantly

I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm tryin...

by Explorer in

Matching two expressions to one field

I am trying to extract a field from logs that look like this: Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 1...

by Path Finder in

How to use streamstats to calculate device availability

I have some device logs and am trying to determine the outage (downtime) duration. Problem I have here is that event...

by New Member in

How can I run stats sum as command on same search for two different values?

I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Ob...

by Explorer in

Use count from first search in the Where Clause of the subsearch

I want to use the count from the first search "FilesImported" as criteria in the where clause of the subsearch. Files...

by Path Finder in

Re-assigning or deleting the orphaned searches

What is the best way to delete or re-assign the orphaned searches?. I have around more than 100 orphaned searches whi...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to find min and max per hour during day by host ?

MultiValue Table from Json array

How can I extract this pattern from my raw data using rex command? \"ProductAccountNumber\":\"5342534253425342\"

Splunk Hunkのジョブ調査結果取得無効方法について

How to match values within a multi-value column

Chart question

Fill into multiselect input by clicking a table element (drill down)

Function startSearch() is not a function.

Return a custom table with empty results when no results on base search

Add sum events in separate column

Regex in query

Need a little help converting seconds to days, hours, minutes

Searching for matches during specific times

Which command or stanza can be used to decide which fields are extracted at search time to improve performance?

How can I fix my double timechart graphs?

Streamstats Question

My values are not showing on map

Is it possible to use a single rex command to deal with multiple scenarios?

How can I find values within a specific range/ make sure each value meets the criteria of a particular range?

Why is my eval if() not working consistantly

Matching two expressions to one field

How to use streamstats to calculate device availability

How can I run stats sum as command on same search for two different values?

Use count from first search in the Where Clause of the subsearch

Re-assigning or deleting the orphaned searches

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions