Splunk Search

Discussions

Thread Info

Create a Line-Chart from an Array within a Single Event

Hi everybody, I'm trying wrap my head around chart visualizations with Splunk. As a Start i'm working with machine da...

by Path Finder in

How to create an extracted field using existing calculated field?

I am trying to create a new extracted field by using existing calculated field. The reason I want to do this is becau...

by New Member in

How to generate a search to report on gradual changes in value over time?

Hi I would like to display the time stamp of the events when there is gradual change in the value. Here is the sam...

by New Member in

Add a median line to hour over hour time chart

How would I add a third trend line into the timechart to show the median value of a 30 day sample? I was thinking of ...

by Contributor in

help me with Pie Chart

----------------------| stats count by status | eval status=" Status: ".status.", Count : ".count|makemv delim="," st...

by Communicator in

How to find historical concurrent searches?

hi, Is there any search or way to find the historical concurrent searches in Splunk? I would like to know trend in...

by Path Finder in

What is the regular expression to extract the numbers in my sample?

I am trying to get the 432233 extracted into a field called memory memorythread = "432233 KB"; tried ?(/d)

by Contributor in

Using nested subsearch where subsearch is results of a regex

Hi Splunk friends, looking for some help in this use case i'm trying to use results from a subsearch to feed a sea...

by Path Finder in

Join 2 indexes

I have 2 indexes that I am joining and I am getting different results based on whether I start the search with one in...

by Engager in

regex to extract each line having a specific keyword

Hi , I am trying to extract each line having a keyword, till the end of that line. below is my data and the query ...

by Path Finder in

Help me with my usecase

-------------------------------------| stats count by status | eval status=" Status: ".status.", Count : ".count | fi...

by Communicator in

RegEx Square Brackets not supported?

Using rex and it seems as if Splunk sees the open square bracket as the beginning of a subsearch. Have I written this...

by Path Finder in

Getting _time into a |rest search

Hello, I have a client that does not have the App for Unix/Nix and does not want to install it. Problem: I need to...

by Communicator in

How to sum float value in stats

I have that field "numberOfDays" that I have created that returns values of number of days in float type (0.345, 1.43...

by Contributor in

Help me get started with a custom Splunk Lookup or command

All, We are a user of Puppet and it's PuppetDB service. Which is a great place to get system information. I can f...

by Builder in

how to combine two columns values based

Hi, I have a table like below Name Percentage1 Percentage2 T1 25 T1 56 T2 34 T2 59 And I need a result like bel...

by New Member in

How to run the main search only if the subsearch returns true?

I have to run the Main search only on the last working day of the month, and I got to a search that should work, but ...

by New Member in

How to join two searches with no common field?

I have two searches search 1 -> index=myIndex sourcetype=st1 field_1=* search 2 -> index=myIndex sourcetype=st2 ...

by Contributor in

timechart per_second working.

Hi, I found a query I could not understand: | eval foo=1 | timechart per_second(foo) as "Bytes per second" Why...

by Path Finder in

Splunk query.

I would like to count the number of times a Server went down, based on up/down state field. State field receives up o...

by Explorer in

extract date time from log entries

I have the following log structure from which I want to index date time properly. INFO :20170503:11.21.54.48:XY...

by Explorer in

Display the "others" or the rest after showing top results

I have this search to show top 5 values: search... | fields ALARM | stats count by ALARM | sort limit=5 -count ...

by Communicator in

Setting a default action for alert in splunk

HI, Is there anyway in splunk to set the "email" as default trigger action for an alert.

by Path Finder in

Cannot find any featureID in Geospatial Visualization.

Hi Splunkers, I tried the new feature, Geospatial Visualization in Splunk V6.3 as "Option 1" posted on splunk blog...

by Contributor in

lookup table does not exist

I am getting error as "Lookup table does not exist. It is referenced by configuration", but i have the lookup on the ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create a Line-Chart from an Array within a Single Event

How to create an extracted field using existing calculated field?

How to generate a search to report on gradual changes in value over time?

Add a median line to hour over hour time chart

help me with Pie Chart

How to find historical concurrent searches?

What is the regular expression to extract the numbers in my sample?

Using nested subsearch where subsearch is results of a regex

Join 2 indexes

regex to extract each line having a specific keyword

Help me with my usecase

RegEx Square Brackets not supported?

Getting _time into a |rest search

How to sum float value in stats

Help me get started with a custom Splunk Lookup or command

how to combine two columns values based

How to run the main search only if the subsearch returns true?

How to join two searches with no common field?

timechart per_second working.

Splunk query.

extract date time from log entries

Display the "others" or the rest after showing top results

Setting a default action for alert in splunk

Cannot find any featureID in Geospatial Visualization.

lookup table does not exist

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions