Splunk Search

Discussions

Thread Info

Aggregate/subtotal the output by locations (not currently an index field) so I can produce a graph by location

I have a query below that produces the sum of bandwidth used by remote intermediate forwarders. The output give me a ...

by Contributor in

Streamstat reset_after resets for all users

I found this search from woodcock user and it basically searches for successful logins after several failed attempts:...

by Explorer in

Absolute paths

I know this question has probably been asked before but I've tried it a LOT of ways. Splunk 5.0.4 build 172409 on ...

by New Member in

Doing math on results of sum(duration) of transaction?

I have a search that results in showing the time a phone was in a call in seconds by using sum(duration) of the event...

by Explorer in

How can I find the difference between table rows?

I have results in following table format: half app_name dataconsumed ----------------------------------- fir...

by Explorer in

Conditional transaction

Hello, I have two types of events: clicks and searches. I want to group two searches into a transaction if they...

by Engager in

How to display calculated fields as part of same graph

Hello, I'm attempting to display three calculated fields (total_meeting_hours, total_use_no_meeting_hours, and hours_...

by Explorer in

Merging two sets of multivalue data in an order without regex

I have base search that was able to get me to this form in Splunk: Name Value A 1 B 2 C 3 I need to create a ne...

by Communicator in

chain 2 search queries and get the earliest and latest of different fields

search string1 - [ field1 ] search string2 [ field1 field2] search string3 [ field1 field2] I want the results of ...

by Engager in

How do I use the username in events returned in a search of Index "A" to look up the user in index "B" and only return the events where the user in event from index "A" exists in index "B"

This part of my query gets me on the street I want to be on for this report index="A" | rex mode=sed field=User_F...

by New Member in

How to query _TCP_ROUTING key value?

Hello all Is there a way you can query event's _TCP_ROUTING key value in a search? I would assume you should be ab...

by Path Finder in

Using variable "total_dataconsumed" how do I find biggest gainer/loser (per 24-hour period)

I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 ...

by Explorer in

How can I turn this JSON event into a table with various fields?

Hello, a beginner question. I've a search query that produces a single JSON event such as this: { Error/type/0 : type...

by Explorer in

Splunk - join two search queries having common field

Hi, I need to join two splunk search queries based on a common field (JoinId). All I would like to have at the...

by Explorer in

Why does subsearch throw an exception?

I'm trying to produce a subsearch based off of a rex field. The goal of this search is to find every Deserialization ...

by Engager in

How can I use a combination of an IF statement along with AND?

Hi, How can I use a combination of an IF statement along with AND. I'm looking to run a count whereby IF the _h...

by Path Finder in

How to dynamically create a custom x-axis label in a search?

how can we give a custom dynamic value for x-axis in the search? i know we can change it manually in the format ta...

by New Member in

Setting up a search head and indexer on existing machine

Hi All, Currently I have a single instance which acts as indexers as well as search head. But i am planning to inc...

by Path Finder in

Why does my drop-down say "Duplicate values causing conflict" when there are no duplicate values?

I am trying to output the CUSTOMER_NAME via a csv lookup. my lookup file (lookup_test.csv) looks like that: CUSTOM...

by Path Finder in

How to extract a string in a CSV where the field position can have multiple different values?

Hello - I'm trying to extract a field from a CSV. The problem is the 9th position can have several different value...

by New Member in

How to edit my chart to show weekly baseline of average and compare it to the daily average?

Hi all. I'm creating a dashboard for one of our systems, and am trying to create a chart that will show the previous ...

by New Member in

Get metadata results as search events to associate an alert to hosts with older recentTime

I need to obtain | metadata generated results as search events because I need to associate an alert to hosts with a t...

by New Member in

How can I create a column that counts how many Field Bs there are per Field A?

Have this: search... | stats values(interfaces) AS Interfaces by circuit Thank you in advance!

by Communicator in

Help with inputlookup and table

I have a lookup table that has several columns as follows, with no data in the "Manager" column: I have an...

by Contributor in

Trouble getting syslog_ng to work on a standalone Splunk instance

Ive install syslog-ng on a standalone splunk instance but cannot get it running - ive looked at the following guide :...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Aggregate/subtotal the output by locations (not currently an index field) so I can produce a graph by location

Streamstat reset_after resets for all users

Absolute paths

Doing math on results of sum(duration) of transaction?

How can I find the difference between table rows?

Conditional transaction

How to display calculated fields as part of same graph

Merging two sets of multivalue data in an order without regex

chain 2 search queries and get the earliest and latest of different fields

How do I use the username in events returned in a search of Index "A" to look up the user in index "B" and only return the events where the user in event from index "A" exists in index "B"

How to query _TCP_ROUTING key value?

Using variable "total_dataconsumed" how do I find biggest gainer/loser (per 24-hour period)

How can I turn this JSON event into a table with various fields?

Splunk - join two search queries having common field

Why does subsearch throw an exception?

How can I use a combination of an IF statement along with AND?

How to dynamically create a custom x-axis label in a search?

Setting up a search head and indexer on existing machine

Why does my drop-down say "Duplicate values causing conflict" when there are no duplicate values?

How to extract a string in a CSV where the field position can have multiple different values?

How to edit my chart to show weekly baseline of average and compare it to the daily average?

Get metadata results as search events to associate an alert to hosts with older recentTime

How can I create a column that counts how many Field Bs there are per Field A?

Help with inputlookup and table

Trouble getting syslog_ng to work on a standalone Splunk instance

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions