Splunk Search

Discussions

Thread Info

How to search files compressed using Snappy from virtual indexes?

Hi all, I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured ...

by New Member in

How to optimize my lookup search with large amounts of data?

I'm currently collecting IoCs in terms of IPs and Domain names and want to run searches towards my historical log-dat...

by New Member in

How can I calculate the term frequency for all the words in a field's values?

I am trying to calculate some term frequency on the field. The field is defined as follow. rex field=_raw "Notes : (...

by Explorer in

Updating LookUp Table Data Externally - 'Auto-magically'

I am wanting to create a process that will make it really simple and easy for my users to update their lookup table f...

by Contributor in

Is it possible to use fillnull for fieldnames with a specific pattern?

Hi, is it possible to use fillnull for fields with a specific pattern? Wildcards are not working, but I want to av...

by Motivator in

Regex extraction advice for phone numbers - Replace for multivalued fields

Hello, I am trying to extract and normalize some phone numbers that are appearing in inconsistent ways. Below I at...

by Path Finder in

Creating Server update from events and csv lookup

I am hitting a mental block in creating this query and wish to monitor our server performance so we have visibility o...

by Engager in

How to calculate min/max/avg/stdev by each line

The date are all number field, such as cluster, field_1, field_2, field_3, field_4, field_5 1 3 56 6 767 8 1 56 6 543...

by Path Finder in

How to calculate percent increase of crime by month over 6 years?

Hello, I'm new to Splunk and would appreciate any help. I am trying to figure out what month had the largest percent...

by Engager in

set earliest and latest time stamp

How to set earliest to 26th of previous month and latest to 25th of current month? if hard corded then 26th of Feb to...

by Communicator in

Combinig two graphs into one

I have two graphs (I put example and their search code) and I want to display them on a single graph. Is there a way ...

by Contributor in

Error in 'transaction' command: Descending time ordered events required, but the preceding search does not guarantee time order

I believe commands like "transaction" work on the _time metadata field that is hidden in each event. This is similar ...

by Builder in

How to change the unit values (5G to 5 and 400M to .4) for a scripted input?

I have scripted output from UGE qhost command that gives memory in G (GBs) or if less than 1GB, in M (MBs). I'd like ...

by New Member in

How to count the number of occurences of distinct strings associated with a specific json tag across multiple events?

Hello, I am very new to this tool. I have Splunk set up to monitor a log file and extract json being written to th...

by New Member in

Need to run a subsearch with practically unlimited rows

Hi, Currently I'm trying to run a query which take the results of a subsearch as a parameter as follows: index=...

by Explorer in

How to extract multi key value from a single event

Here is the logs, event=SUCCESS_FROM_SERVICE UserID=abc currentTime=2017-03-31T05:22:52.176Z headline="[{'content...

by New Member in

How to index Oracle audit trails stored in .aud files?

Hi, I have a request from a client to index the .aud files generated by Oracle. I have been searching Splunk Answe...

by Path Finder in

Getting a value from subsearch

(index="myindex" OR index="wineventlog") AND ((host=MYSERVER1 OR host=MYSERVER2) AND (EventCode=20274 OR EventCode=20...

by Builder in

display single row vertically

Is there a way to display a single row table in vertical form ? simpleresult ist like key1 key2 key3 I'd like k...

by Builder in

Rename a Column When Using Stats Function

Good morning, This must be really simple. I have the query: index=[my index] sourcetype=[my sourcetype] event=l...

by Path Finder in

Is it possible to write a search that shows the selected timerange of saved searches?

Hi, Is it possible to write a search that shows the selected timeranges for all saved searches? The result table w...

by Motivator in

timechart time format change

I am trying to tabulate number of specific operation per day using this format timechart span=1d count as DLCreate...

by Explorer in

How to push the search query to lookup file

If I write a search query and want to push the search query code to my lookup. Ho to do it??

by Explorer in

Find Time-Range for Most Recent event.

So I have splunk events and I want to display information as a time range. For example: event type1: Started proc1 id...

by Engager in

How to extract multivalue pipe separated subfields (with header) from a field?

I have a data source from DBX that has a field called "description" that contains a pipe separated format with header...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search files compressed using Snappy from virtual indexes?

How to optimize my lookup search with large amounts of data?

How can I calculate the term frequency for all the words in a field's values?

Updating LookUp Table Data Externally - 'Auto-magically'

Is it possible to use fillnull for fieldnames with a specific pattern?

Regex extraction advice for phone numbers - Replace for multivalued fields

Creating Server update from events and csv lookup

How to calculate min/max/avg/stdev by each line

How to calculate percent increase of crime by month over 6 years?

set earliest and latest time stamp

Combinig two graphs into one

Error in 'transaction' command: Descending time ordered events required, but the preceding search does not guarantee time order

How to change the unit values (5G to 5 and 400M to .4) for a scripted input?

How to count the number of occurences of distinct strings associated with a specific json tag across multiple events?

Need to run a subsearch with practically unlimited rows

How to extract multi key value from a single event

How to index Oracle audit trails stored in .aud files?

Getting a value from subsearch

display single row vertically

Rename a Column When Using Stats Function

Is it possible to write a search that shows the selected timerange of saved searches?

timechart time format change

How to push the search query to lookup file

Find Time-Range for Most Recent event.

How to extract multivalue pipe separated subfields (with header) from a field?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions