Splunk Search

Discussions

Thread Info

CIDR in a lookup table - no access to transforms.conf?

I know it's possible to put CIDR ip ranges in a lookup table. However, my question is, what if I do not have access t...

by Explorer in

How to build a timechart that shows overall (n+1) capacity and per site visibility?

I'm attempting to develop a chart for one of my engineering teams that shows peak utilization across multiple sites o...

by Communicator in

Why would a bucket/bin be set to a one day span on the License Master?

Looking at the Daily License Usage panel on the "Previous 30 Days" tab under Licensing, I see that the base search is...

by Contributor in

How to add new column to chart with success rate of other columns

I'm using the following search to generate the table below: rex "<status>(?<status>.*?)<"| search status=Incomplet...

by New Member in

Simple daily volume tracking?

If I go into the License Manager, it shows me a simple progress bar of "Volume used today". For pool "auto generated ...

by Path Finder in

How to improve my current search to count how many times EventB is preceded by EventA within the same transaction?

I have a working query, but since this is the first time I used stats as a replacement for join / transaction so I wo...

by Communicator in

How to generate a search that finds the time difference?

i want to find the difference b/w starttime and _time. "StartTime":"2017-02-03 09:51:54.595" (String) EndTime:2017...

by Communicator in

How to generate a search for my sample data?

i have logs like this for each req..... 2016-11-09 12:57:18,855 CorrelationID=2469bae9-fe14-4e67-b345-95d652f4a86...

by Explorer in

How to merge my data?

My raw data looks like this: Timestamp Field1 Field2 Field3 2017-01-01 AAA Key1 Key1val 2017-0...

by Communicator in

My lookup in a macro works in a search, but why does it not work using savedsearch command?

We are on Splunk 6.2.1. This is all in Splunk search... I have a macro with lookup which works fine in a simple se...

by Path Finder in

How to trim output using eval in a data model to remove spaces?

I tried this in eval expression for removing spaces... trim(SWFT_TRN) but it's not working fine..

by New Member in

Indexer not responding.. Replication status is 'Failed'

A reboot cured the above issue( In title), which is far from ideal. See the below lines logged in 'Splunkd.log' on...

by New Member in

How can I convert string of numbers to date format?

I have a list of dates like below: 20170201 20171201 20171225 How can I convert this into a time value that i c...

by Path Finder in

How to find top events contributing to a total of X% of the events?

Hi, I can find the top events but I want to see all those events that are contributing say 80% of the total. e.g. the...

by Engager in

How to calculate max of transaction from sum of 2 fields?

Currently I am trying to find the max of field (which is already a sum of 2 different fields). The problem unfolds as...

by Path Finder in

Lookup based range of latitude and longitude

Hi I'm looking for a sample search that calculates count of events which match within 500m radius of lat/long on loo...

by Explorer in

Are there any plants to output ISO-3166 alpha codes from iplocation command?

Any plans to output ISO-3166 alpha codes from the iplocation command @arahut_splunk, or should we implement a maxmind...

by Contributor in

Query to search for huge set of URLs

I have close to 2000 URLs I want to search in one source. Is it possible to do it in one query by using lookup and wh...

by New Member in

How to edit my search so I can compare differences between a list of fields

Hello all, At a loss trying to accomplish the following: I would like to compare three fields in the same index...

by Path Finder in

if an entry exists in stats, remove the entire line

Hi, I have this work in progress query index=betats source="*top.csv" | dedup PREMISE_FK COMMAND PID | where CO...

by Motivator in

How to not let "Span" overwrite earliest time value

Lets say it is 2/6/17 at 2:18am and I have the following query... ... earliest=-1d@m | bin _time span =10m ... ...

by Path Finder in

Why are some expected events missing when applying a filter in our search?

We recently onboarded some applications' logs, and at our client request, we had to put a custom field to have the ap...

by Path Finder in

Why am I not receiving results when a value contains a with period and underscore?

I would like to show results group by "SLA Request Key". I am able to view sample Data-2 but not Sample Data-1 Sa...

by New Member in

Why is summary index is missing a few indexes in its output?

Hi, I am using around 8 indexes to create a summary index. But after creating the summary index, i am seeing the d...

by Path Finder in

Extend finite fields into the future in conjunction with the predict command

I'm attempting to build out a capacity chart that shows total elements used in a system and predicts the future count...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

CIDR in a lookup table - no access to transforms.conf?

How to build a timechart that shows overall (n+1) capacity and per site visibility?

Why would a bucket/bin be set to a one day span on the License Master?

How to add new column to chart with success rate of other columns

Simple daily volume tracking?

How to improve my current search to count how many times EventB is preceded by EventA within the same transaction?

How to generate a search that finds the time difference?

How to generate a search for my sample data?

How to merge my data?

My lookup in a macro works in a search, but why does it not work using savedsearch command?

How to trim output using eval in a data model to remove spaces?

Indexer not responding.. Replication status is 'Failed'

How can I convert string of numbers to date format?

How to find top events contributing to a total of X% of the events?

How to calculate max of transaction from sum of 2 fields?

Lookup based range of latitude and longitude

Are there any plants to output ISO-3166 alpha codes from iplocation command?

Query to search for huge set of URLs

How to edit my search so I can compare differences between a list of fields

if an entry exists in stats, remove the entire line

How to not let "Span" overwrite earliest time value

Why are some expected events missing when applying a filter in our search?

Why am I not receiving results when a value contains a with period and underscore?

Why is summary index is missing a few indexes in its output?

Extend finite fields into the future in conjunction with the predict command

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions