Splunk Search

Ask a Question

Discussions

Thread Info

"Value" Interesting Field - 2 different types of information

Hello (again), I have the following search: index=perfmon host=(serverA OR host=serverB) (object="Processor" OR ob...

by Communicator in

Count of values by sourcetype

This should be pretty simple, but I seem to lack the right terms to find my answer: We have several source types w...

by Explorer in

help me with group command

--------| transaction UserName |dedup ID| table UserName ID UserName ID abc 100 ..... 103 Abc 101 xyz 200 ...

by Communicator in

Extracted Field to be case insensitive

Hi, I have a Event 1 : 2013-04-02 04:22:38 199.xx.x.211 OPTIONS /CockpitNew - 4444 domain1\123456 102.220.13.119 eb...

by Engager in

Sourcetype Override

We have around 15 files we're ingesting into Splunk all of them have the same format: //logs/TEST/mike/TEST1/syslo...

by Path Finder in

How to get stats to set a field from the same event as another max() field

While handling our CAS logs I have a report that calculates the time it takes to validate a CAS service ticket. I use...

by New Member in

How to insert IF in regular expression

Hi to all, I should extract some fields by a log file, in the log file in some cases I have a field (i.e. field1, in ...

by Explorer in

Day to day % Difference

Hi guys, I create daily reports with various data on that we collect, and i am now looking to add a few extra bit...

by Explorer in

How to calculate average for several prior observations and compare that to the current observation?

Lets say, i have a requirement to show hourly count of payments in a timechart- And lets say today is Monday. I wi...

by New Member in

streamstats is reversed?

I'm trying to calculate volume growth by comparing the values of subsequent events from the df sourcetype. To get the...

by Motivator in

Missing fields extractions

Hi All, Recently we have moved all the splunk rules for alerting to another app, after we moved few searched ar...

by New Member in

How to color cells with time format (duration)

Hi there! I have a table full of calls information and I want to give colour to one of them: I've tried th...

by Contributor in

Delta time for each event for basic search?

If I run a simple search: Index=* It displays each event with columns as time, then the event. Is there a way t...

by New Member in

Splunk Left outer join

Hi, I have an Index=A and inputlookfile where I'm trying to get a list of computers which are not common in 'index =...

by New Member in

Is it possible to aggregate and search within aggregated results?

My app logs multiple lines per request and each line has a "request_id" key for identification. For each request, the...

by New Member in

Is there a difference between Python and Perl Custom Searches?

Is there any penalty for using a Perl custom search over one created in Python? Presently the Perl search is simp...

by New Member in

Data of a field in next row in another field of current row

![alt text][1] The siuation is - I have sprint and their start date , I want the next sprint start date in same ro...

by Path Finder in

Cross referencing to fill in missing details

Hi, I have two .csv files. One contains an IP address with associated output data, a second contains the IP addres...

by Explorer in

How to use variable within foreach command?

I'm looping through JSON array and compare each value using a temporary variable but due to some reason the temporary...

by New Member in

How to exclude sub folders

Hi All I would like to monitor "4670: Permissions on an object were changed". I have the following query: i...

by New Member in

Table fields after using stats and xyseries

I apparently seem to be truncating fields after using the stats and xyseries commands. I found that if I include the ...

by Engager in

How can we improve the performance of an Hunk's query?

We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="I...

by Ultra Champion in

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = ab...

by Builder in

Is there a search or command that will number rows in a table?

is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id...

by New Member in

Grouping a "time" span from one true value to another

I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"Value" Interesting Field - 2 different types of information

Count of values by sourcetype

help me with group command

Extracted Field to be case insensitive

Sourcetype Override

How to get stats to set a field from the same event as another max() field

How to insert IF in regular expression

Day to day % Difference

How to calculate average for several prior observations and compare that to the current observation?

streamstats is reversed?

Missing fields extractions

How to color cells with time format (duration)

Delta time for each event for basic search?

Splunk Left outer join

Is it possible to aggregate and search within aggregated results?

Is there a difference between Python and Perl Custom Searches?

Data of a field in next row in another field of current row

Cross referencing to fill in missing details

How to use variable within foreach command?

How to exclude sub folders

Table fields after using stats and xyseries

How can we improve the performance of an Hunk's query?

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

Is there a search or command that will number rows in a table?

Grouping a "time" span from one true value to another

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions