Splunk Search

Ask a Question

Discussions

Thread Info

How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results?

Hi everyone, I have a big issue. Since Friday, my single node Splunk instance stopped indexing data. I was in the ...

by Communicator in

Foreign key

by Path Finder in

How to search in scheduled report

Hi, Is it possible to search in a scheduled report? I scheduled a request in a report because this request takes s...

by Engager in

How do you combine two or more values from search results into one?

I need to produce a report that shows average use of an app over a certain period of time. I noticed in the log the a...

by New Member in

How to switch 2 strings in one field

Hello, So basically I've got this field value : Refer to <A HREF='https://technet.microsoft.com/library/securit...

by New Member in

How can I check if the number of events in the last hour is greater than the second standard deviation of hourly occurrences over the last week?

I am trying to determine if the number of Full GC events in the last hour is greater than the 2nd standard deviation ...

by Explorer in

why is eval function not working for calculated field but works when run as a search using two different source type

My calculated field with the following eval function is not returning values round(if(svt_due_date=="null",sv_due...

by New Member in

how to use rex command to rex out field starting from < and ending from >

Hi Splunker, How would like to learn how can i rex out these fields names and i don't want to rex out startTimest...

by Explorer in

Unable to Extract Multiple values into a single feild ?

Hi Everyone, I was unable to extract multiple Values into one feild from the the below Event data, Was trying to e...

by Explorer in

Extract json key as a column value for TOP command.

I have a JSONs which have the following structure: { "fieldA": "valueA", "fieldB": "valueB", "fieldC": "valu...

by New Member in

If a user adds a CSV input as lookup, is it the same as an administrator's ability to upload and "add data"?

Will the search and results be the same if a user or power user adds a CSV file as a lookup file compared to the admi...

by Path Finder in

How to group by a multivalue field within a group visualization?

I'm able to get the data I'm looking for on the stats tab, but because there are multiple values for one of the colum...

by Communicator in

Getting Time of last occurrence of a sbstring

I have events like below in a log file- 06/18/2017 22:35:10,Message="Finished Cleanup" 06/18/2017 22:57:02,Message...

by Explorer in

Reporting total scanned events in emailed search results

After running a search the display above the time bar will show X amount of matching events, indicating the number of...

by New Member in

SSL Certificates for thousands of Clients

Hi, after certificates created, how to push them to, lets say, ten thousand deployment clients? someone said some...

by SplunkTrust in

Dividing a value by 1000

My search looks like this base search | rex ".?(?[^,]+),\s?(?[^,]+),\s*?(?[^,]+),\s*?(?[^,]+),\s*?(?[^,]+),\s*?(?[^,]...

by Explorer in

Can I search a value from a table in dashboard?

Hi All, I have created a table with column 1, column 2 and column 3 in Splunk Dashboard. Now i want to have a text...

by Path Finder in

In a field extraction, why does Splunk remove leading and trailing whitespace?

Hi folks, I have a freeradius log authenticating wifi-connections. The field extractions looks fine with my favourit...

by Explorer in

Chart time displayed reversed way

Hi, I have a search that plots a profile of a light senor over time. The log's original timestamp is saves as the ...

by Engager in

Extreme Search Alternative

Is there an alternative for Extreme Search. We only have Splunk Enterprise not Enterprise Security, so we are looking...

by Path Finder in

Display "stats" Search as a Single Value from Summary Index

Hello, Normally, I would use the following search to find my single value: | tstats latest(_time) as latest wh...

by New Member in

last time of user login needs to evaluate

need to evaluate the duration of last time user logged in and time now. problem I am facing is in lastTime I am getti...

by Explorer in

reuse real time searches

Hi at all, I have a situation where there are around 10 users that need to use for their job two o three dashboards c...

by SplunkTrust in

How to use inner search in tstats?

Hello Team, I'd like to know about How to use inner search in tstats? I use that | tstats count from datamo...

by Explorer in

Is the usage of multiple eval calculations in one pipe a feature or an unsupported hack?

Hi, I did not know that it is possible: | makeresults | eval fieldA=123, fieldB=456, fieldC=789 I assume th...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results?

Foreign key

How to search in scheduled report

How do you combine two or more values from search results into one?

How to switch 2 strings in one field

How can I check if the number of events in the last hour is greater than the second standard deviation of hourly occurrences over the last week?

why is eval function not working for calculated field but works when run as a search using two different source type

how to use rex command to rex out field starting from < and ending from >

Unable to Extract Multiple values into a single feild ?

Extract json key as a column value for TOP command.

If a user adds a CSV input as lookup, is it the same as an administrator's ability to upload and "add data"?

How to group by a multivalue field within a group visualization?

Getting Time of last occurrence of a sbstring

Reporting total scanned events in emailed search results

SSL Certificates for thousands of Clients

Dividing a value by 1000

Can I search a value from a table in dashboard?

In a field extraction, why does Splunk remove leading and trailing whitespace?

Chart time displayed reversed way

Extreme Search Alternative

Display "stats" Search as a Single Value from Summary Index

last time of user login needs to evaluate

reuse real time searches

How to use inner search in tstats?

Is the usage of multiple eval calculations in one pipe a feature or an unsupported hack?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!