Splunk Search

Discussions

Thread Info

How to get all indexes and sourcetypes?

After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp...

by Contributor in

How to edit my search to get a count and time chart of unique status codes by URL?

Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform ...

by New Member in

Convert saved search to inline search

I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th...

by Contributor in

How to write a search to find the the 90th and 99th percentile for response time?

hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By ...

by Communicator in

How to create a dashboard search to output these specific fields in results?

What I'm trying to do is when I give input as index=sftp USER=gradydftsftp and it gives output as: Jan 27 10:15:01...

by New Member in

How to write a search to compare results from two tables, and show the results that only exist in the first table?

Background: I'm trying to create a search that will let me know if something about a user is true within the last 7 d...

by Path Finder in

How do I extract these fields from my sample json event?

I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr...

by Path Finder in

How to create a time chart with milestones?

Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . ...

by Motivator in

How to run a certain eval statement in a search based on the date range?

Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Nee...

by Contributor in

Lookup latest value in CSV or datasource

Hi, I am currently tracking my electricity usage and would like to calculate the current cost using the kWh value in ...

by New Member in

use eval to change field vale

I have this logs: URI: tttplitmr_78 METHOD: POST BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E...

by Path Finder in

"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame?

Hi, I have events that are sorta kinda duplicated. Sorta kinda means that everything is the same EXCEPT there is a...

by Motivator in

How to create a search for moving average for email sent per user

Thx to DalJeanis I have the following search that establishes a baseline of email sent per user by subject then looks...

by Influencer in

How to edit my search to find total emails sent per user on a daily basis?

I am trying to pull stats that shows the average emails sent per user per day and I have the following search below, ...

by Influencer in

How to edit my search to alert once per result for multiple hosts?

We are using Splunk 6.4.2 and I have alerting setup on a specific search as follows: index = wineventlogs source...

by Communicator in

Regex with forward slash character

Hi, I'm trying to extract to fields from a precalculated field and so far I've trouble with the forward slash char...

by Explorer in

sort based on 2 values

Hi, I'm new to Splunk and I'm struggling to find a solution for the requirement I have. Here is my requirement: I ...

by New Member in

Time without errors

Hi, I'm trying to calculate the time without errors in the system. To do that I'm doing something like | eval ...

by Explorer in

Is anyone else having timeline issues in Chrome using Splunk 6.3.3?

I am running 6.3.3, and I recently noticed some problems manipulating the Timeline in Chrome 53.0.2785.101 m. When I ...

by Builder in

How to get to grips with SPL.

Hi guys, I'm new to splunk, and we have recently implemented splunk enterprise in our environment. We are primaril...

by Engager in

Why am I unable to add my search to a dashboard panel?

I am using the following search to get all indexes and sourcetypes. But I am unable to add the search to a dashboard ...

by Contributor in

How can we show or display application response time based on session id?

hi, we running load test on 6 of the micro services and each has different API. we are indexing those logs into Splun...

by Communicator in

How to remove numbers from events at search time?

Hi, i have endpoints which are extracted from the log message and some end points are with numbers at the end. can we...

by Communicator in

timechart span=60m snaps to hour whereas I want it to snap to minute

I'm trying to get hourly averages and compare the last to the previous one. ...some search | timechart span=60m ...

by Builder in

How to edit my regular expression for a multivalue field extraction with new lines?

Hello, I need REGEX help. I've wasted almost all day trying to do this and only came up with this which is very sl...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get all indexes and sourcetypes?

How to edit my search to get a count and time chart of unique status codes by URL?

Convert saved search to inline search

How to write a search to find the the 90th and 99th percentile for response time?

How to create a dashboard search to output these specific fields in results?

How to write a search to compare results from two tables, and show the results that only exist in the first table?

How do I extract these fields from my sample json event?

How to create a time chart with milestones?

How to run a certain eval statement in a search based on the date range?

Lookup latest value in CSV or datasource

use eval to change field vale

"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame?

How to create a search for moving average for email sent per user

How to edit my search to find total emails sent per user on a daily basis?

How to edit my search to alert once per result for multiple hosts?

Regex with forward slash character

sort based on 2 values

Time without errors

Is anyone else having timeline issues in Chrome using Splunk 6.3.3?

How to get to grips with SPL.

Why am I unable to add my search to a dashboard panel?

How can we show or display application response time based on session id?

How to remove numbers from events at search time?

timechart span=60m snaps to hour whereas I want it to snap to minute

How to edit my regular expression for a multivalue field extraction with new lines?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!