Splunk Search

Discussions

Thread Info

How to create a bar chart to count how many events were created and completed over last 6 months (span 1 week)?

I managed to count how many events were created and completed (tickets) in last weeks (last 6 months). You can see th...

by Path Finder in

How to plot SAR info?

I have SAR info like this and I am able to get values in table format. But I need the same values plotted in graph. I...

by New Member in

How to edit my search to find a session where a user has visited two different URLs in the same session?

Hi all, (URL="xxx.com") OR (URL="zzz.com") index=logs | timechart span=1d dc(IP) I am trying to use above sea...

by New Member in

How to find out why an indexer is using more license than other indexers?

how to find out why an indexer is using more license than other indexers? Because i have 5 indexers, out of which 2 i...

by Path Finder in

How do you get around the subsearch limitation when defining events?

Hi Splunkers. I am retrieving a field from JSON log file using rex, table and spath. Although this runs fine as a ...

by Path Finder in

Pass earliest/latest in pipeline

Hi, Sorry for the newbie question. We want to calculate percentage of time between 2 events over the entire search...

by Communicator in

How to set up an alert if an ack message is not available for a particular req?

Hi, i have messages like this how to setup an alert if ack message is not available in the logs for particular req. a...

by Explorer in

How to edit my search to count the number of servers?

We have Multiple servers that all end with the same few letters like this. Office1Server Office2Server Remot1Serv...

by Observer in

how get combine result from two different search to a timechart

I have 2 search search 1 index=A "testx" | stats count(user) AS total1 by _time search 2 index=B "testx" | sta...

by New Member in

Why does "| fields - _*" and "| fields - _raw,_time" give zero results?

I've got a query that gives 178 results, and it ends with me filtering down to a single field, which by itself works ...

by Explorer in

Why won't my regular expression extract fields when the _raw field is greater than 56kb?

Hi, I'm trying to extract two fields with this regular expression: Transaction\sID=\"(?P<Transaction_ID>\w*)\"....

by New Member in

How to write a regular expression to extract the domain name from dest_host field?

Hi, How to write a regular expression to use to extract the domain name from the dest_host, like extracting the l...

by Builder in

How do you calculate the time in minutes since the latest event, using a manual time entered as a field, not the timestamp?

Samples are collected and later manually entered into Splunk. I am interested in the time the sample was tested, not ...

by Engager in

How do I limit the "export results" action to export only the fields that were presented to the client using FieldPicker module with StrictMode param set to "True"?

Is it possible to limit the "export results" action to export only the fields that were presented to the client using...

by Path Finder in

how to get a list of skipped searches which are NOT REAL-TIME ??

Hi All, We have removed real-time searching capability in our enterprise but the users havent yet removed their Realt...

by Communicator in

When trying to filter results using where or eval, why am I not getting any results?

Hi all, I am trying to filter results based on information in two fields and am getting no result when I used the...

by Path Finder in

how to break a lookup table into mulitple lookup tables ( rowwise or based on a field value)

we have a lookup table which is like: table: host,userid,index,status host1.dom.com,user1,idx1,Y host1.dom.com,user2,...

by Contributor in

Getting cumulative total into chart

I have a dataset like: quarter,faculty, people 2016-Q1,LAW,2 2016-Q1,BUSINESS,11 2016-Q1,EDUCATION,2 2016-Q2,BUSIN...

by Explorer in

Why do I only see "no results found"?

I have 27,285,464 Events from 6 sources, but the console tells me that no search results are found. Splunk Versio...

by New Member in

how to match new lines in splunk

I have a event as below nam=this is org name; -this is hyta name; -this is hju name; falu= this is gao name I n...

by Contributor in

arules command returns no output

Hi, Basing on customers' purchases I'd like to make a proposition of what item can be probably purchased if a user ha...

by Builder in

What is the best way to search for patterns in username field values?

Need help with searching for patterns in username field values... I want to know if anyone has suggestions for the...

by New Member in

lookup table not visible when creating "New Automatic Lookup" until after server restart

I can upload a lookup table .csv fine, "| lookupinput <name.csv>" also works fine. When I create an autolookup, the l...

by Contributor in

Counting Specific Events Type?

Good Morning, Fellow Splunkers I have a field extraction that outputs four possible values [Example]: Field Ext...

by Path Finder in

How to write a regular expression to extract a long string until a group of multiple characters, and ignore if it begins or ends with double quotes?

I am trying to extract fields out of events that are tab-delimited unless there are quotes around them. For example, ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a bar chart to count how many events were created and completed over last 6 months (span 1 week)?

How to plot SAR info?

How to edit my search to find a session where a user has visited two different URLs in the same session?

How to find out why an indexer is using more license than other indexers?

How do you get around the subsearch limitation when defining events?

Pass earliest/latest in pipeline

How to set up an alert if an ack message is not available for a particular req?

How to edit my search to count the number of servers?

how get combine result from two different search to a timechart

Why does "| fields - _*" and "| fields - _raw,_time" give zero results?

Why won't my regular expression extract fields when the _raw field is greater than 56kb?

How to write a regular expression to extract the domain name from dest_host field?

How do you calculate the time in minutes since the latest event, using a manual time entered as a field, not the timestamp?

How do I limit the "export results" action to export only the fields that were presented to the client using FieldPicker module with StrictMode param set to "True"?

how to get a list of skipped searches which are NOT REAL-TIME ??

When trying to filter results using where or eval, why am I not getting any results?

how to break a lookup table into mulitple lookup tables ( rowwise or based on a field value)

Getting cumulative total into chart

Why do I only see "no results found"?

how to match new lines in splunk

arules command returns no output

What is the best way to search for patterns in username field values?

lookup table not visible when creating "New Automatic Lookup" until after server restart

Counting Specific Events Type?

How to write a regular expression to extract a long string until a group of multiple characters, and ignore if it begins or ends with double quotes?

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions