Splunk Search

Ask a Question

Discussions

Thread Info

Grab max value and associated value

I have a stats table of max hits by API for a given time period. index="ml_summary" report=api_stats earliest=-1w@...

by Communicator in

Combining Row Results Into Columns

Here is my search: | dbinspect index=netflow | stats sum(sizeOnDiskMB) as StateSize by state, splunk_server | eval...

by Builder in

Hi all,I'm pretty new to splunk and having my hands on it. My question is what query is used to get the data of specifuic user.

Hi all,I'm pretty new to splunk and having my hands on it. My question is , I have a index=sftp and user as some xyz....

by New Member in

Why are data model metrics not showing up with this search?

The following searches work : | tstats `xxxx_summaries_only` avg(All_Performance.Memory.swap_free) AS swap_free F...

by Path Finder in

Percentile Implementation

Hi I am wondering what percentile implementation does Splunk use (used by stats, etc.). It does not always return ...

by Explorer in

How to set an alert that will trigger an email when based on these conditions?

HI All, I need some help in setting alerts for a condition, where I'm using a simple Splunk search to get whether th...

by Path Finder in

index time extractions search

I have did index time extractions for fields. I have stored them in _meta. But when I search for the extracted field...

by Contributor in

how to check number of lines in each events

number of lines from file is not matching in the count, want to check each events number of lines. ?

by Explorer in

How can I split the values in the stats table. I have used in combination of stats Values() count() by host

index=* | stats values(source),values(sourcetype),count(sourcetype) by host ....query i used host values(source) ...

by Builder in

How to generate a search that finds the closest log record based on a user's input timestamp?

I'm trying to figure out a way to get the closest log record to a user input timestamp. I'm thinking about making a d...

by Engager in

mulitple regex extraction

Hi, I'm trying to extract two fields from the below data 02-08 07:33:41.211 E/Rules_LightBaseAction( 2660): com...

by Motivator in

How to create a new key-value pair from various fieldnames with a similar pattern?

Hi, my events can include a fieldname with a pattern like: product_type_a product_type_b product_type_c To g...

by Motivator in

need help to optimize splunk query from database feed

index=idx_cibca__prod:- Has data from database having all fields but not CUST_NAME ie why we used join idx_cibca_look...

by Path Finder in

compare two fields value for equality in two different indexes

HI I want to know why this code is not working index="malecious_url" OR index="surikata" |fields http2,http | where(...

by New Member in

How do I use a regular expression to extract all 22 entries of a Message field in a multiline JSON data?

How do I use a regular expression to extract all 22 entries of Message field with left boundry = "Messages": [ ri...

by Path Finder in

append search to different sources

Hi, I want to combine to searches: index=bla | stats count(al_responsecode) as "Total per responseCode al" by a...

by Path Finder in

Trying to get a range of dates right based on a last Saturday of the month

hi there, the 1st and 3rd statement is wrong and the 2nd might be correct. Here is what I am trying to do: Current...

by Communicator in

How to write a search to find out the average dashboard runtime?

hi there, i would like to write a search to find out dashboard runtime. index=_internal source=*splunkd_ui_acc...

by Explorer in

I need a single value after dividing 2 results which we obtain as a result of stats dc. As of now, I see 3 values.

The query I use is- sourcetype=iis URL_root=abc "https://www.abc.com"|stats dc(SessionId) as TotalVisits, dc(useri...

by Path Finder in

How to plot a bar graph based on date in a csv file?

Hi All, I am new to the Splunk world and pls help me to explore. I have a product.csv files which contains 6 field...

by Explorer in

Is my (big) csv lookup file indexed in memory by Splunk?

Hi, I have a quite big csv file (~20Mb) and I changed the max_memtable_bytes to 100Mb in my limits.conf file. My sear...

by Communicator in

Split multiline value field into separate lines

I have a field which have multilines, how to split this field delimited by timestamp into separate lines 2017/02/0...

by Contributor in

How do I get the mid point of the specified time range?

I have a query where I need to break up the provided time range into 2 period so I can see the delta between the peri...

by Path Finder in

Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time?

Hi, I am looking for any sample code in any language/script that shows an actual use case of dispatch.data_format ...

by New Member in

Get Distinct Count of Success & Total based on UserID

I'm trying to make one search that will accomplish the following: Total Login Attempts: DC(USERID) WHERE ACTIVITY ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Grab max value and associated value

Combining Row Results Into Columns

Hi all,I'm pretty new to splunk and having my hands on it. My question is what query is used to get the data of specifuic user.

Why are data model metrics not showing up with this search?

Percentile Implementation

How to set an alert that will trigger an email when based on these conditions?

index time extractions search

how to check number of lines in each events

How can I split the values in the stats table. I have used in combination of stats Values() count() by host

How to generate a search that finds the closest log record based on a user's input timestamp?

mulitple regex extraction

How to create a new key-value pair from various fieldnames with a similar pattern?

need help to optimize splunk query from database feed

compare two fields value for equality in two different indexes

How do I use a regular expression to extract all 22 entries of a Message field in a multiline JSON data?

append search to different sources

Trying to get a range of dates right based on a last Saturday of the month

How to write a search to find out the average dashboard runtime?

I need a single value after dividing 2 results which we obtain as a result of stats dc. As of now, I see 3 values.

How to plot a bar graph based on date in a csv file?

Is my (big) csv lookup file indexed in memory by Splunk?

Split multiline value field into separate lines

How do I get the mid point of the specified time range?

Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time?

Get Distinct Count of Success & Total based on UserID

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions