Splunk Search

Discussions

Thread Info

How to join a search query and a lookup file without any common columns and display the output

I have a below search query which gives me the count of the error(the corresponding events have only the description ...

by Communicator in

How can I troubleshoot high CPU utilization on my heavy forwarder?

We have 3 heavy forwarders and universal forwarders are sending data to these 3 HF. But the CPU usage on one of the h...

by Path Finder in

Comparing Multivalue Fields

I have numerous events, each of which has a multivalue field that has a list of X (where X is a number) hashes in it....

by New Member in

where operation with multiple search criteria + regex

This is my search index=X ....| search column!="T*" column!="I*" column!="m*" column!="l*" column!="d*" ...

by Motivator in

Splunk search - chart the number of hits from each IP over a fixed range

We have the below data: IP Count A 50 B 100 C 20 D 60 E ...

by Explorer in

Using curl command from TA-Webtools

So I've been trying to use TA-Webtools app to get data from a Sharepoint site after some googling. As a test, I’ve...

by Path Finder in

Timechart/bin - "flatten" values

What would be the best way to run a week to date search (timechart/bin) that "flattens" the individual days so I can ...

by Path Finder in

How can I generate a report of users and machine usage by machine name?

I am looking at a log of users logging into machines. The two fields I am interested in are: Username and Machine nam...

by New Member in

Splunk on Raspberry Pi

I am attempting a project and the use of Rasberry Pi's seems like the most effective solution right now. However, cri...

by New Member in

Sum of Unique Values in One Field of a Stats Table

Greetings, I'm creating a stats table which shows Logon attempts to different workstations. I have a column that s...

by Path Finder in

Can I combine two searches and group by _time using a regex filter?

Hello, I'm relatively new to Splunk, so please bear with me. What I am trying to accomplish is a time chart using ...

by Engager in

How can I display these fields from my unstructured data?

There is an unstructured log-file and so the field extraction is not working to extract the exceptions that occur in ...

by New Member in

Show a timechart of all hosts even if 0 values exist

I'm attempting to write a query to show a timechart of the number of results for each host per minute, which is easy ...

by Explorer in

How can I add a Total for the count of events from different index or sourcetypes?

I'm searching blocked events from the firewall and Palo Alto logs and would like to add a line to show the Total of t...

by Path Finder in

Is there a way to append fields at the UF ?

All, Is there a way for me to append data to an event at the UF level ? Or perhaps at index time ? I want to prepo...

by Builder in

How to index a text file in the xml format?

/getClientProfileV1Request></SOAP-ENV:Body></SOAP-ENV:Envelope></soap-env:Body>-- HTTP Header values -<tp:headers xsi...

by Explorer in

How can I find the time duration between two fields?

Trying to find the time duration between 2 fields Field name : START_TS 2017-08-16 04:07:00.0 Field name : END_...

by Path Finder in

duplicate in dates for stats when using predict

I have this query to predict CPU usage, looking at real data for last 90 days and predicting ahead 60 days. index=...

by Path Finder in

Error during index name change for Digital Shadows SearchLight App

Hi, I'm trying to modify the name of the index in the Data Inputs for your Digital Shadows SearchLight App. Whe...

by Path Finder in

Restrict access to views based on roles/users

I have 100 views and 5 different users/roles. Each user can access 20 views and this is based on prefix of those 20 v...

by Champion in

Evalute results based on like-fields from two different indexes?

I have entries in IndexA that I want to find failures for. However, if IndexB has an entry with the same field and is...

by Explorer in

Chart results of a report on a line chart

I've looked into Summary Indexing and I'm not sure that's what I'm looking for here. I have a scheduled report th...

by Path Finder in

How to retrieve events from the most recent day in which there are events present?

I have a small number of events (around 4 or 5) being generated each day Monday through Friday. I would like my searc...

by Engager in

How can I join three fields with a common ID field?

Hi, i want to join all three fields with common id field. please help me with search query | table id servicena...

by Communicator in

Compare Minute by Minute Timechart "Today" vs Summary Index Timechart Average

I currently have a timechart running every minute each day to show a given field value as it increases through the da...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join a search query and a lookup file without any common columns and display the output

How can I troubleshoot high CPU utilization on my heavy forwarder?

Comparing Multivalue Fields

where operation with multiple search criteria + regex

Splunk search - chart the number of hits from each IP over a fixed range

Using curl command from TA-Webtools

Timechart/bin - "flatten" values

How can I generate a report of users and machine usage by machine name?

Splunk on Raspberry Pi

Sum of Unique Values in One Field of a Stats Table

Can I combine two searches and group by _time using a regex filter?

How can I display these fields from my unstructured data?

Show a timechart of all hosts even if 0 values exist

How can I add a Total for the count of events from different index or sourcetypes?

Is there a way to append fields at the UF ?

How to index a text file in the xml format?

How can I find the time duration between two fields?

duplicate in dates for stats when using predict

Error during index name change for Digital Shadows SearchLight App

Restrict access to views based on roles/users

Evalute results based on like-fields from two different indexes?

Chart results of a report on a line chart

How to retrieve events from the most recent day in which there are events present?

How can I join three fields with a common ID field?

Compare Minute by Minute Timechart "Today" vs Summary Index Timechart Average

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions