Splunk Search

Ask a Question

Discussions

Thread Info

Query to display data as per the DateTime column of Record

Hello Splunk Experts, sorry if i am not able to format the question properly as I am new to splunk. I have a csv f...

by Path Finder in

Count occurences of same ticket number in a multivalue field

Hello guys, I am trying to count the number of times the same ticket number appears in a multi-value field. The ti...

by Explorer in

Splunk displays incorrect location on using iplocation

On using iplocation, Splunk returns incorrect coordinates for an IP, and displays location incorrectly on map with ge...

by Explorer in

How do I normalize, flatten, or unpivot table data?

I am trying to take the results of a timechart table and normalize/flatten/un-pivot the data. For example, I have the...

by Engager in

How to write a simple search query to add another set of host name along with the current present host name?

Hi All, I have used the below query to capture the splunk service status (Up or Down) via splunkd.log. This query is ...

by Motivator in

Time-based Lookup Configuration not quite working?

Dear All, I have a set of error events that are generated when an issue happens in our environment. I run an alert...

by Contributor in

change the time format in timechart tooltip

How to change the time format in timechart tooltip? its in AM/PM format but i need to change to 24hr format.

by Explorer in

How to determine if the log is missing

there are many hosts in an indexer. How do I check if the log is missing? If a host does not have a log Within an ...

by Communicator in

How to display a year's data on a quarterly basis, and define which months are considered for each quarter?

Hi Team, I have data for the year 2016. I want to display the data on a quarterly basis, and I want to customize t...

by Path Finder in

How to use a file to map results from fields to more meaningful names?

I have log files that contain compCodes (over 500 different types of them). Is there a way I can create a mapping fro...

by Path Finder in

How to edit my search to create a bubble chart with dates shown on X axis?

I have a search that returns me 3 fields (let's say country, _time, count) I want to show these results in a bubbl...

by New Member in

How to write a regex to extract a field within a particular field?

I am looking for a way to some how extract and mask some of important information that comes within logs. I don't hav...

by Path Finder in

Transforming tables without hacky chart(first) usage

I have some data I'm trying to rearrange into an appropriate table for visualization. It starts out like this: G...

by Path Finder in

How to generate a search when a field value total is less than 21?

The Log output is below: Need to search if Port 2003 farm total < 21 6/6/17 3:35:01.000 PM Tue Jun 6 15:35:01 E...

by New Member in

Modifying Timeline Scale

Is there a way to specify the scale of the time chart when performing a search. For instance, if you perform a sea...

by Explorer in

If - Then Logic in Table Results With Column Value Based on Field Results in Search

Good morning, I have a search that looks through and Oracle database for an ACTION_NAME: source="dbx:[DB source...

by Path Finder in

Pass a variable to a rex command

Hey Community, I'm trying to pass a variable including the pattern to a rex command mode=sed. This is my approach ...

by Path Finder in

Remove first word with rex

Hey Community, I'm trying to remove the first word of a Uri with a rex. /test/contentA/contentB.html It shou...

by Path Finder in

splunk - create alert for a specific host not sending data in last 30 min using metadata

Below is the search that i have prepared to check for the host named nmshost01 not sending data for over 30 min | ...

by New Member in

When applying a table view to my search, the Java stack exception is not display well. How to resolve this?

Hi, i have the below json object that is being returned when applying my search: index="devops" sourcetype="_j...

by New Member in

Why do my post-process timecharts display "no results found" in dashboard, but the query on its own is fine?

I have a simple-xml Splunk dashboard with a base query, and two post-processing queries inheriting from the base. How...

by Engager in

How to filter if a user has events in the last 60 days?

I have a table which consists of user names, events triggered by the user and the timestamps when the events were tri...

by Path Finder in

Why "$SPLUNK_HOME/var/run" in my environment had temporarily huge size.

"$ SPLUNK_HOME / var / run" in my Splunk environment gradually increased from 15:00 PM on 2017/6/5 to 2017/6/6 09: 00...

by Builder in

How extract fields within my sample log?

Below is my log Database-Error(3100)\nCONF-01083 - Count of positive/negative confirmations do not match the servi...

by Path Finder in

Remove part of values of a field without affecting its role.

I have three colums Track, Flow and Job. I want to plot 'Track+Flow' vs 'Job' as 'Track+Flow' giving uniqueness. Eg: ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Query to display data as per the DateTime column of Record

Count occurences of same ticket number in a multivalue field

Splunk displays incorrect location on using iplocation

How do I normalize, flatten, or unpivot table data?

How to write a simple search query to add another set of host name along with the current present host name?

Time-based Lookup Configuration not quite working?

change the time format in timechart tooltip

How to determine if the log is missing

How to display a year's data on a quarterly basis, and define which months are considered for each quarter?

How to use a file to map results from fields to more meaningful names?

How to edit my search to create a bubble chart with dates shown on X axis?

How to write a regex to extract a field within a particular field?

Transforming tables without hacky chart(first) usage

How to generate a search when a field value total is less than 21?

Modifying Timeline Scale

If - Then Logic in Table Results With Column Value Based on Field Results in Search

Pass a variable to a rex command

Remove first word with rex

splunk - create alert for a specific host not sending data in last 30 min using metadata

When applying a table view to my search, the Java stack exception is not display well. How to resolve this?

Why do my post-process timecharts display "no results found" in dashboard, but the query on its own is fine?

How to filter if a user has events in the last 60 days?

Why "$SPLUNK_HOME/var/run" in my environment had temporarily huge size.

How extract fields within my sample log?

Remove part of values of a field without affecting its role.

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions