Splunk Search

Ask a Question

Discussions

Thread Info

How to include a duration that started out of time range of the search into stats/timechart command?

I have a dataset like below: Ticket#| StartDate | EndDate In my search, I am more into EndDate of the tickets as ...

by Contributor in

Get a time range from subsearch to adjust main search time range

Hi I captured an event, I want to do a search which the time range is based on the previous captured event time. For...

by Communicator in

Merge Data from two indexes without using Join

Hello, I know there are many answers on this topic, but I can't seem to find any answer that is working for me. I ...

by Path Finder in

Duplicate values causing conflict

Hi Splunkers, below form (dynamic dropdown) creates "Duplicate values causing conflict" Any ideas? <form> <l...

by Explorer in

Calculate time difference between events for distinct users in transaction log

Hi We are hitting a wall here... we would like to show events where a user does more than x actions within a smal...

by Splunk Employee in

How can I set a 5-minute +/- range for a list of timestamps without doing each search manually?

Hi Guys I have a list of timestamp that some events happened, I want to search in each time is there any related e...

by Communicator in

What is a splunk search in "zombie" state? What does this mean?

Sometimes when I review splunk logs or job inspector I see that I have searches in zombie state. What does this mean?

by Splunk Employee in

How can I combine 2 search strings onto 1 dashboard?

I have 2 search strings that I am trying to combine to put on one dashboard. sourcetype=snmp_ta host=* | eval fuel...

by New Member in

Can I use Eval to correlate two serial logs that have specific fields?

Not sure if that titled made sense but hopefully I can explain it better here: I am receiving sFTP logs from a hos...

by Engager in

Joining two sets of data by common field (numeric userID)

We have two data sets in the same index returned by an AppMon tool that we are looking to stitch together in Splunk a...

by Engager in

How to write a search to exclude the top 10 or 15 error messages, but return the following top 10?

Currently, about 80 to 90 percent of errors logged within a specific index I'm monitoring is made up of the top 10 to...

by Explorer in

Graph out an fields daily activity in relation to average usage and stdev

I've been stuck on this for quite some time and I'm hoping someone here can help me. I'm re-purposing a stdev query f...

by Explorer in

How to write a field aliases using the EVAL command for a firewall device.

Hi All, I need to write a field aliases using EVAL command for the below mentioned fields. Field Name : V...

by Motivator in

Can you search for two strings in chronological order (in different log statements)?

In every log statement, we write the user's session ID delimited by hyphens as follows: -S:ybiSmNiQxF- I wan...

by Path Finder in

Unable to blacklist multiple patterns using "|" in inputs.conf ?

I have used the below configuration as part of my inputs.conf but am unable to blacklist the logs that end with clien...

by Observer in

Java SDK: how do you return lookup fields in search results?

How do I receive lookup values in results from the Java SDK? When I run this query in the GUI, I see my lookup fields...

by Explorer in

Search head not fetching data properly from search peers

Hi Folks, We are facing some issue in our environment is search head(6.2) is not fetching data properly from searc...

by Explorer in

Extracting date from a date string that has many options

Hi, I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month...

by Contributor in

What would you include on a Splunk "daily checklist"?

Hi Team, I am new to Splunk and want to create a Splunk daily checklist which includes, total number of devices r...

by Path Finder in

Match rows based on matching fields (src_port + dest_port)

I'm having a little problem with matching events. Basically, I collect flows from an IPFIX (NetFlow) collector and ea...

by Explorer in

Extract JSON out of an event

I have an event like: 2017-08-22T13:00:56.257197+00:00 10.4.2.13 vcap.cloud_controller_ng [job=api_z1 index=2] {"...

by Builder in

How can I graph percent fails by host over time?

OK - I can't get this simple chart to work. Just need to graph Percent Fails by host over time this is my start ri...

by Explorer in

Remove top from results

I want to remove the top results from my final results. Essentially, removing outliers.

by New Member in

Can I use a where statement to show subsearches that meet two sets of criteria?

I am trying to only show values within a report if both subsearches have a result. I am trying to show reporting on u...

by Contributor in

How to extract multiple values (IP addresses) into one field?

Hi to everyone, If I have this data, a lot of IPs, how can I extract multiple values for a field? (For a config fi...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to include a duration that started out of time range of the search into stats/timechart command?

Get a time range from subsearch to adjust main search time range

Merge Data from two indexes without using Join

Duplicate values causing conflict

Calculate time difference between events for distinct users in transaction log

How can I set a 5-minute +/- range for a list of timestamps without doing each search manually?

What is a splunk search in "zombie" state? What does this mean?

How can I combine 2 search strings onto 1 dashboard?

Can I use Eval to correlate two serial logs that have specific fields?

Joining two sets of data by common field (numeric userID)

How to write a search to exclude the top 10 or 15 error messages, but return the following top 10?

Graph out an fields daily activity in relation to average usage and stdev

How to write a field aliases using the EVAL command for a firewall device.

Can you search for two strings in chronological order (in different log statements)?

Unable to blacklist multiple patterns using "|" in inputs.conf ?

Java SDK: how do you return lookup fields in search results?

Search head not fetching data properly from search peers

Extracting date from a date string that has many options

What would you include on a Splunk "daily checklist"?

Match rows based on matching fields (src_port + dest_port)

Extract JSON out of an event

How can I graph percent fails by host over time?

Remove top from results

Can I use a where statement to show subsearches that meet two sets of criteria?

How to extract multiple values (IP addresses) into one field?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions