Splunk Search

Discussions

Thread Info

How to edit my search to filter out from Sunday through Saturday date range?

How do I present data from 2 weeks ago, last week and current week based on the following rule: -the data range has t...

by Communicator in

How to filter out search results where a field value ends with the $ character?

Hello Everyone, Am hitting a snag and need some help. So I have an index whereby we have many account names return...

by Explorer in

Why are the same 2 searches retrieving a different amount of results?

hey i have this 2 searches: index= foo usearch | rex field=summary "(?{.*)" | spath input=json_data | search asset...

by Path Finder in

How to combine searches to generate stats of domains with "success" and "failure" columns?

I am attempting to combine two searches against a custom app within custom props.conf but am going in circles. Both s...

by Contributor in

How can I copy a field value based on another field value ?

Hi, I have the following table: ID, Team, Department 1, Manager, A65 After performing a lookup, I've got th...

by Contributor in

How can I improve configurations in Splunk so that searches run faster?

Simple queries are taking up to 15 or 20 seconds. I checked in Settings/distributed management console and the indexi...

by Path Finder in

table formation

hi guyz, should i make any a table from log file for searching? as i don't know the field name.. how can i make se...

by Explorer in

How to retrieve more than 100 record in searchmanager

Currently, the dashboard is build in HTML dashboard with javascript, but I found that the searchmanager is only retur...

by Path Finder in

Add a data size notation to the end of a value?

So the following will add a $ symbol to the beginning of the value Revenue, like "$ 42" ... | eval Revenue="$ ".to...

by Communicator in

Need help with grouping an counting.

Hi I have the below event output in the a log. 2016-11-03 17:59:02,943 INFO [SerialClientScheduler-1] c.b.t.m.s.Ma...

by New Member in

How to edit my search to find users whose accounts have been locked after X number of invalid credential entries?

Hi, I have been facing issue with f5 APM logs. The device creates multiple events for single session so each line ...

by Path Finder in

How to display the operation name and percentage of each occurrence against total records in a pie chart?

For my search result I have 2 columns i.e. operation name & counts. I want to do a pie chart that will contain operat...

by New Member in

How to write searches for these specific use cases for my data?

Below is the log format  log sample) ID swipe_status date time ...

by New Member in

Problems with subsearch.

I am having trouble getting a subsearch to work and was hoping someone might be able to help. I am trying to compare ...

by New Member in

how do I manipulate string data in tstats results?

I am trying to get all DHCP records for machines on which an authentication attempt was made for a user. I am doing t...

by Builder in

regular expression help

Hi, i am trying to get metric and respective values using regex can you help us to get corresponding metrics and v...

by Communicator in

Why does "eventstats last()" fail for one column when I add mvlist=t after the transaction command?

In my search, I'm using a transaction. After that, I create a table from the results, then I want to apply an eventst...

by Communicator in

total average number rather than average by field

I have the query set up to find the average duration per country. How would I get the query to find the total average...

by Engager in

Should we perform a field extraction or field transformation on this sample log?

Hi, We are looking transform fields from log events, can some one please help. we need to translate to below co...

by Path Finder in

Why does searching fields in a summary index generate single value fields that have two identical values?

Hey folks, I'm looking at a summary index that's being generated through the Splunk Web (e.g. the source is being ...

by Explorer in

Bug during applyPendingMetadata, header processor does not own the indexed extractions confs

I am getting "Bug during applyPendingMetadata, header processor does not own the indexed extractions confs" so every ...

by Path Finder in

Ingesting different data types into one index

Hi, I am being asked if we can ingest two different data formats into one index. Specifically the primary data typ...

by Explorer in

Bug in rex command?? Not working if the raw data has more than 12 pipe or comma.

Running a simple in-line field extraction command. | gentimes start=-1 | eval temp="f1,f2,f3,f4,f5,f6,f7,f8,f9,f10...

by Revered Legend in

How to accelerate searches in dynamic dashboard?

Hi all, We created a dashboard where $d_name$ in following search is user input: <search> <query> ...

by Communicator in

When using the "stats" command, why do the number of results differ when one field is added or removed?

I have noticed that the search results between table and stats can vary if one of the fields returns a null result. B...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to filter out from Sunday through Saturday date range?

How to filter out search results where a field value ends with the $ character?

Why are the same 2 searches retrieving a different amount of results?

How to combine searches to generate stats of domains with "success" and "failure" columns?

How can I copy a field value based on another field value ?

How can I improve configurations in Splunk so that searches run faster?

table formation

How to retrieve more than 100 record in searchmanager

Add a data size notation to the end of a value?

Need help with grouping an counting.

How to edit my search to find users whose accounts have been locked after X number of invalid credential entries?

How to display the operation name and percentage of each occurrence against total records in a pie chart?

How to write searches for these specific use cases for my data?

Problems with subsearch.

how do I manipulate string data in tstats results?

regular expression help

Why does "eventstats last()" fail for one column when I add mvlist=t after the transaction command?

total average number rather than average by field

Should we perform a field extraction or field transformation on this sample log?

Why does searching fields in a summary index generate single value fields that have two identical values?

Bug during applyPendingMetadata, header processor does not own the indexed extractions confs

Ingesting different data types into one index

Bug in rex command?? Not working if the raw data has more than 12 pipe or comma.

How to accelerate searches in dynamic dashboard?

When using the "stats" command, why do the number of results differ when one field is added or removed?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...