Splunk Search

Discussions

Thread Info

Moving fields from a subsearch

I have a search and subsearch that is working as required but there is a field in the subsearch that I want to displa...

by Contributor in

assign value to earliest

How I can assign a value to the earliest argument in my query which is the rounded to the last 10 minutes?when I try ...

by Path Finder in

How to capture x,y data from stacked charts for drill down option

Is there a way of capturing the x, y and z data from a stacked chart? At the moment, my x and y are as follows ...

by Path Finder in

Average count of events per field grouped by another field

Hello All, I'm a relative newbie and hoping the community can help me out. I'm kind of stuck o...

by New Member in

Show/filter only events that existed 24 hours ago

I have the following search index=cisco sourcetype=cisco:wlc snmpTrapOID_0="CISCO-LWAPP-AP-MIB::ciscoLwappApRogueDe...

by Path Finder in

How to spot any changes to the value of a field

Hello, I have an index where data is ingested once a week. Objective of ingesting this data is to identify if there...

by New Member in

chart

Hi,I have total four fields lets say a,b,c and d. i want to show 'a' as a separate column and 'b','c' and 'd' as stac...

by Contributor in

Check lookup table for old/expired entries

Hi All I need to do some lookup table maintenance and would like to know which hosts are not being monitored but stil...

by Explorer in

Adding fields in stats command

Hi Splunkers! Good day! I would like to add event and detection fields in stats command, after adding in stats co...

by Contributor in

Splunk search for range of characters

Hi All.. how can I search a range of characters in splunk.. example I want to search name of people whose name starts...

by Explorer in

Apply condition and filter results

Kindly help me with a new SPL In am getting results for the existing below SPL. I tried applying a new condition ...

by Loves-to-Learn Lots in

help on could not load lookup message

Hello When I run a search i have the message "could not load lookup" with different lookup name For example : C...

by Motivator in

time chart to show the number of widgets manufactured per reporting period

Have a log with related eventOne event has the number widgets made in the period and another event has the actual tim...

by Explorer in

Splunk UI query start and end time

How can one add to the result of a Splunk query running on Splunk UI the time span i.e. the values one can put in ear...

by Path Finder in

Stats Count by day ?

I have a query that gives me four totals for a month. I am trying to figure out how to show each four total for each...

by Contributor in

How to use mstats and inputlookup command

Hi, I have a alert query that uses mstats, I want this query to not throw alert during public holidays (from 9 AM t...

by Communicator in

Search time parsing for nested json logs

Hi,I am looking to parse the nested JSON events. basically need to break them into multiple events.I an trying some t...

by Path Finder in

Finding Anomalies or Outliers

Trying to find anomalies for events. I have multiple services and multiple customers. I have an error "bucket" that i...

by Explorer in

Why is the ratio calculation of two fields returning wrong results?

HelloI'm trying to calculate ratio of two fields but im getting wrong resultsif i'm calculating each one of them sepa...

by Communicator in

Splunk search comparing avg I/O and avg load but not giving results

This splunk search is not showing any result. index=os OR index=linux sourcetype=vmstat OR source=iostat [|...

by Observer in

searching for specific result

system_id = AA-1, AA-1-a, AA-1-b, AA-10, AA-10-a, AA-10-b, AA-12, AA-12-a, AA-12-b,,, and so on. Notice all the syste...

by Path Finder in

How can I determine how much an index is being searched?

I am trying to determine how many searches are searching on a particular index per day. I know how much data the i...

by Communicator in

What's the best way to only do a Lookup based on the results of the main search?

Hi, What's the best way to only do a Lookup based on the results of the main search? I want to only run this when...

by Explorer in

How to search in Splunk if a specific lookup table is being used in a dashboard?

Hello, I was wondering if it is possible to locate or search in Splunk if a specific lookup table is being used in...

by Engager in

How to search and report based on presence or lack of string?

Have following data in the logfile {xxxx},{"GUID":"5561859B8D624FFC8FF0B87219060DC5"} {xxxx},{"GUID":"55...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Moving fields from a subsearch

assign value to earliest

How to capture x,y data from stacked charts for drill down option

Average count of events per field grouped by another field

Show/filter only events that existed 24 hours ago

How to spot any changes to the value of a field

chart

Check lookup table for old/expired entries

Adding fields in stats command

Splunk search for range of characters

Apply condition and filter results

help on could not load lookup message

time chart to show the number of widgets manufactured per reporting period

Splunk UI query start and end time

Stats Count by day ?

How to use mstats and inputlookup command

Search time parsing for nested json logs

Finding Anomalies or Outliers

Why is the ratio calculation of two fields returning wrong results?

Splunk search comparing avg I/O and avg load but not giving results

searching for specific result

How can I determine how much an index is being searched?

What's the best way to only do a Lookup based on the results of the main search?

How to search in Splunk if a specific lookup table is being used in a dashboard?

How to search and report based on presence or lack of string?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions