Splunk Search

Ask a Question

Discussions

Thread Info

Data Model Query tstats

Dear Experts, Request you help to convert this below query into tstats query. index=network_proxy category="Per...

by Explorer in

how to create new search term earliest and latest spesific time

Hello, I was created new search term, but it not worked, my example; sourcetype=xxxxx earliest=01/01/2017 12:00...

by New Member in

how to fetch all the events which are gerater than number for GC in my log

Hi, How can we fetch all the occurence of GC which is greater than 300. we have some thing like below in logs. we ...

by Engager in

How to edit the regular expression in my search to extract a field?

Hi, I am trying to extract error message and error code from logs in Splunk. I can see 2 patterns of these- pat...

by New Member in

strftime() showing different time

I converted my timeStampLight with strftime() but all my time was formatted to 31-12-9999 23:59:59 when I table time ...

by Path Finder in

Regex Help

Hi Team, Need your help with Regex to extract key value pairs. Below is sample event 2017-06-27 14:35:38.000 IN...

by Communicator in

i have a log file. i want to extract the words after "Instantiating" till dot.this will repeat many time in the log file and i want each in different row

StpExfdsec Crsfseate 4 00fsdfsdggf93e1132:116fgsfs7575 2017-06-20 21:20:09 institat step definition 'Error maintan to...

by Builder in

Regex help!

Hello All, Need assistance in regex creation. I want to remove every thing before an character. Example: ...

by Communicator in

truncating and merge values

I have a bunch of log error descriptions that have unique IDs at the end of the sentences "CC declined. 123" 1 "CC d...

by Path Finder in

how to do a stats count and generate all of the fields

I'm trying to do a stats command to find a count of any value less than 2 counts and display all the other fields. I ...

by Path Finder in

Identify which dashboards are using inline searches

I am looking out for a search query to fire on my search head: My intention is to find all the dashboards / report...

by Path Finder in

How to edit my search to do an eval match and if so, to plot a timechart?

I am trying to plot a timechart with a the following index="ABC" cs_uri_stem = "XYZ" | timechart eval( if(match(c...

by Explorer in

Why is my chart not displaying all field values?

Hello, My chart for some reason, isn't displaying the value "high" and it has the high count at the bottom of the ...

by Path Finder in

Matching dissimilar field titles with a Subsearch

Background is that I'm trying to pull in LDAP full names in from one search, and match that to UID from another searc...

by Path Finder in

How can I put fields from joined searches in a summary index?

Hi folks; I have the following query that i use as a base search to feed a dashboard: index=app_caspectrum sour...

by Builder in

How do you sort columns within a column?

For example Name Code Pool Name1 100 p1 57 p32 63 p43 230 p27 Name2 120 p2 77 p33 83 p44 250 p28 should beco...

by Explorer in

how to show most recent value of "status" field for each server by group

With log data as such: date_time server=server1 group=group1 status=statusA date_time server=server2 group=group1 ...

by New Member in

How to replace a field's contents based on their number?

I'm trying to replace the contents of a field to the severity based on the number (I.E. 0 to 19 with Low, 20 to 39 wi...

by Path Finder in

How to sort a string time format to show the latest time?

Hi, I have a string date format that shows up when I do a search; what I did was did a field extraction and named ...

by New Member in

Is there a way to divide the addcoltotals from each case statement in my search?

Is there a way to divide the addcoltotals from each case statement in the following : eval daysclass=case( NoOfDay...

by Engager in

How to construct a log message containing session logs (open / close)?

Hello, I want to build a log message that contains the logs of the same session: login loglog of logout And ...

by Path Finder in

Exclude value based on subsearch

Hello, I want to exclude some values if that have the field SPAN_LOSS_MAX=50 between midnight to 7 a.m. This is my...

by Path Finder in

Search Query for comparing OS from live search and from lookup and showing the differences

Hi All, I need to create a report for comparing OS versions of hosts from live search and from the lookup. Trying ...

by New Member in

In a search head cluster, how do I search users that have logged in the last 30 minutes, on what cluster member, and what kind of searches they are running?

What setup is required and what will be the search so that I can find out, Who all have logged in to the system in...

by Path Finder in

Timechart vs. Chart (_time) to figure out bandwidth?

When trying to figure out bandwidth, which search string makes more sense? | eval MBs=(bytes*8/1024/1024...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Data Model Query tstats

how to create new search term earliest and latest spesific time

how to fetch all the events which are gerater than number for GC in my log

How to edit the regular expression in my search to extract a field?

strftime() showing different time

Regex Help

i have a log file. i want to extract the words after "Instantiating" till dot.this will repeat many time in the log file and i want each in different row

Regex help!

truncating and merge values

how to do a stats count and generate all of the fields

Identify which dashboards are using inline searches

How to edit my search to do an eval match and if so, to plot a timechart?

Why is my chart not displaying all field values?

Matching dissimilar field titles with a Subsearch

How can I put fields from joined searches in a summary index?

How do you sort columns within a column?

how to show most recent value of "status" field for each server by group

How to replace a field's contents based on their number?

How to sort a string time format to show the latest time?

Is there a way to divide the addcoltotals from each case statement in my search?

How to construct a log message containing session logs (open / close)?

Exclude value based on subsearch

Search Query for comparing OS from live search and from lookup and showing the differences

In a search head cluster, how do I search users that have logged in the last 30 minutes, on what cluster member, and what kind of searches they are running?

Timechart vs. Chart (_time) to figure out bandwidth?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!