Splunk Search

Ask a Question

Discussions

Thread Info

How to calculate with multiple values in a table?

I have few results which look like below in a table: ID Ask Bid 1 | 4 | 3 2 | ...

by Path Finder in

How do I edit my rex field=UEI mode=sed syntax to 'district' my sample URIs?

As of now I am using: rex field=URI mode=sed "s/=[^?]+/=xxx/g" But its not working /v1/mb/members/15d628b4-0...

by Builder in

How can I run a search if a field contains the "|" character?

Hello, I need to count the event log line contains AAA|Y|42 but "|" is the pipeline command so that I got error as...

by Explorer in

Why is my stats by command so slow and how can I speed it up for longer time intervals?

I'm working on some statistics related queries. I'm trying to get the security id, date and count of hosts connected ...

by Path Finder in

Contingency Total Rows

Hi I wonder whether someone may be able to help me please. Using an adapted solution from @woodcock I'm using the ...

by Motivator in

How can I index the subjects of posts on a forum that is updated constantly without indexing duplicates?

Hello! Here is what I'm trying to do: Index a particular section of a web page. This particular section is a foru...

by Communicator in

Can you help me clean up my search syntax so my results populate faster?

The below query is used to return the Error distribution in 3 layers - Application, Dataservice & Queue for a time ra...

by Communicator in

Mask SSN on forwarder/Indexer?

Tried this on both the Forwarder & indexer without success, what am i missing ? Log output SignUpState='3.30' SSN=...

by New Member in

Does Splunk have end of life support dates for Splunk 5.x and 6.x?

Does Splunk have end of life support dates for Splunk 5.x and 6.x? Thank you,

by Path Finder in

How can I see the difference in a count for two different types of events by day?

Hi, I would like to see the difference in a count for two different type of events per day. Currently I have it in...

by Explorer in

Display percentage on pie charts in Splunk 6?

how can I by default display % and label values on a pie chart in splunk 6? The only that I can get displayed are the...

by Path Finder in

Search to compare deposits versus withdrawals in a specific time period

I am trying to create a query that calculates the amount of money a person deposits within an hour and then compares ...

by Path Finder in

Is there a timechart legend limit?

I have the following in a search | timechart span=1h max(CPU%) AS "CPU", max(Memory%) as "MEM" by host If the n...

by Contributor in

How can I put results of Windows updates results per host on a map by location?

I have a query for Windows updates per host. But I NEED to put those on a map. Is it via ''geostats''???? index=* ...

by New Member in

Why isn't my where clause working in this similar search?

I want to run a search but can't figure out what's the difference when I make changes to it using the 'where' clause ...

by Path Finder in

timechart - show every week, even if there is no value

Hi, I am creating a timechart and in some of my weeks I have no value for a field ("Number Of Lines"). I need the ...

by Contributor in

Group time duration by minute

I have a set of data where I run this query: base search| convert timeformat="%Y-%m-%d %H:%M:%S" mktime(time*)| e...

by Path Finder in

Search Heads in cluster are not able to replicate properly

Hi! There are 2 search heads in our production cluster. We have implemented Alert Manager app in our SH and it inc...

by Contributor in

"Event Action" button not displayed for some users

I use Splunk as an admin and most of my users are power users. Following a syntactically valid search, a list of matc...

by Path Finder in

Regex for multiline

Hi, I have the following event: 017/09/25 10:58:57 Client logging in as robertE on DB1... Connect to Oracle fai...

by Explorer in

filter events on indexer

I want to filter some types of events at my indexer, that are received from several universal forwarders. I try so...

by Communicator in

How to extract the field with regex

I would like to extract the field of "/home/y/conf/video_dir.conf" with regex when the event contains "critical" keyw...

by Explorer in

Displaying a marker for each event

I'm trying to display markers on a map using Splunk. I'm currently trying out geostats but i don't seem to get it wor...

by Explorer in

How can I count failures in the neighborhood events matching a rex

I have a question similar to: https://answers.splunk.com/answers/2602 and https://answers.splunk.com/answers/448796 ...

by Explorer in

How to normalize field value from two different sourcetypes?

Suppose I have two sourcetypes: proxy1_source in sourcetype=proxy1_source, the field url starts with: "http://"...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate with multiple values in a table?

How do I edit my rex field=UEI mode=sed syntax to 'district' my sample URIs?

How can I run a search if a field contains the "|" character?

Why is my stats by command so slow and how can I speed it up for longer time intervals?

Contingency Total Rows

How can I index the subjects of posts on a forum that is updated constantly without indexing duplicates?

Can you help me clean up my search syntax so my results populate faster?

Mask SSN on forwarder/Indexer?

Does Splunk have end of life support dates for Splunk 5.x and 6.x?

How can I see the difference in a count for two different types of events by day?

Display percentage on pie charts in Splunk 6?

Search to compare deposits versus withdrawals in a specific time period

Is there a timechart legend limit?

How can I put results of Windows updates results per host on a map by location?

Why isn't my where clause working in this similar search?

timechart - show every week, even if there is no value

Group time duration by minute

Search Heads in cluster are not able to replicate properly

"Event Action" button not displayed for some users

Regex for multiline

filter events on indexer

How to extract the field with regex

Displaying a marker for each event

How can I count failures in the neighborhood events matching a rex

How to normalize field value from two different sourcetypes?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions