Splunk Search

Discussions

Thread Info

can i pass a subsearch argument as a greater than relationship?

I've looked into format and it doesn't look like I can replace the "=". I want to change ( ( DateStart="12/14/...

by Communicator in

How to remove max outliers from timechart?

I'm time-charting public transit vehicle "layover" time. ("Layover" is how long a driver takes a break upon reaching ...

by Splunk Employee in

Why is my search skipping?

Hi, index=_internal source=*metrics.log group=searchscheduler | timechart partial=false span=10m sum(dispatched) ...

by Path Finder in

getting the list of all saved searches

hi, can i please know the query to list all the saved searches and query used for those saved searches , user id .

by Path Finder in

subtract response time value in 'ms' from the _time field and assign it to new field.

Hi, Our application logs an event at the end of completion of an api call with response time in milliseconds(ms) ...

by Builder in

How to compare a lookup field value with my current search?

HI All, I have a lookup table with host names value around 10 field name host. I have this search index=Application s...

by Path Finder in

How to extract field:value pairs from within the value of other field?

Hi, We are capturing a custom log from Windows event viewer using Splunk forwarder. Most of the fields are extract...

by Builder in

Multiple Where Claus in the same search

I have a search like this sourcetype=foo-bar category=foo | stats count by category | where count>5 I have 5 ca...

by Motivator in

Multiple where values

how can I use multiple values in where clause for ex:index=xyz sourcetype=abc | dedup name | where name="2009-227...

by Explorer in

How to set one dropdown to default value (for ex: All) when i select values from the 2nd dropdown

there are two computed dropdown, just in case i select values from one dropdown the other dropdown should be reset to...

by Explorer in

how to know whether the bucket is hot, warm,cold

hi, how can i find out whether a bucket is hot , cold ,warm bucket. For example , db_2587397960_1411235746_15480, ...

by Path Finder in

Why does my chart lose interactivity with a search using "appendcols"?

Hello All, Currently using Splunk 6.5.1. As the question implies, I have a search that uses the appendcols comm...

by Motivator in

Splunk maps do not display the locations in Indian cities after zooim level 7

Hi, I am using geostats command to display the location wise data for India, at zoom level 7, the maps display the da...

by Path Finder in

Lookup table to many search queries

I have lookup table like this: locationOrFunction, asset_id London,Application for one;Application for two;Applica...

by Path Finder in

Realtime searches in ES delayed?

Hi, I've installed Enterprise Security dedicated search head following all the best practices with beefy enough ha...

by Splunk Employee in

How to count how many "200" codes are in my results, when using the mvjoin function?

Hi guys can you tell me how i can count how many code 200 I have when i have do a mvjoin? I try with this search but ...

by Path Finder in

I have to filter my results based on a static list of known services. How can I avoid having to append this long filter to each my searches?

i constantly have to filter my search results based on a static list of known Windows service names. my searches usua...

by New Member in

Why does the same search produce different results?

I am automating a report. So for that i use 4 dump CSV files whose names i don't change. When i used to change the d...

by New Member in

How to chart values that belong a group which is determined by similar field names

I'm wondering what the most efficient way to deal events that contain values that should be grouped based on the fiel...

by Contributor in

eval values of a formula in a timechart command

Hi, I am using the below query to timechart the values of offers (STATUS=ACCEPTED) from midnight, of the current day,...

by Observer in

Why is the TAIL command listing the events in order of ascending time while the HEAD command lists the events in order of descending time?

Hello, I ran a search that had 15,000+ events. The table had the same amount of results. The results were listed i...

by Explorer in

How to refine the time range within a search?

I'm trying to select a specific custom time range within a search after selecting a larger time range with the time p...

by Path Finder in

My "stats latest" search is inserting values from other fields when the value is actually NULL. How should I edit my search?

Hi, We have been using the stats latest(field) for quite sometime and it worked quite well. But for a new file, so...

by Contributor in

Change multivalue field to strings

I have table like tis name | Category "one; one two; bla trhree aaa bbb; ddddd eeeee aaaaaa; wwww" | Category1 "one...

by Path Finder in

I am trying to implement time limit on the query, but failing to fetch the result

public static void executeQuery(String query,String earliestTime,String latestTime) { Args queryArgs=new Args(...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

can i pass a subsearch argument as a greater than relationship?

How to remove max outliers from timechart?

Why is my search skipping?

getting the list of all saved searches

subtract response time value in 'ms' from the _time field and assign it to new field.

How to compare a lookup field value with my current search?

How to extract field:value pairs from within the value of other field?

Multiple Where Claus in the same search

Multiple where values

How to set one dropdown to default value (for ex: All) when i select values from the 2nd dropdown

how to know whether the bucket is hot, warm,cold

Why does my chart lose interactivity with a search using "appendcols"?

Splunk maps do not display the locations in Indian cities after zooim level 7

Lookup table to many search queries

Realtime searches in ES delayed?

How to count how many "200" codes are in my results, when using the mvjoin function?

I have to filter my results based on a static list of known services. How can I avoid having to append this long filter to each my searches?

Why does the same search produce different results?

How to chart values that belong a group which is determined by similar field names

eval values of a formula in a timechart command

Why is the TAIL command listing the events in order of ascending time while the HEAD command lists the events in order of descending time?

How to refine the time range within a search?

My "stats latest" search is inserting values from other fields when the value is actually NULL. How should I edit my search?

Change multivalue field to strings

I am trying to implement time limit on the query, but failing to fetch the result

Community Feedback

Manual Instrumentation with Splunk Observability Cloud: Implementing the ...

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions