Splunk Search

Discussions

Thread Info

How to display load average values in a chart?

Hi, i have written script which extracts the load average values and provides the output.by using below output, how c...

by Communicator in

How to extract a field from a long path name?

HI We need to create a new field for file name and this is to be extracted from path we have. We need to extra...

by Path Finder in

How to extract the field?

How to extract the user(splunk) from the below field? (ABCDEFG\splunk)

by Builder in

How can we get the Splunk 60 day trial license users?

Can you please let me know how to retrieve 60 day trial license users. I need a search to generate a report.

by Path Finder in

Combine 2 fields to create a new field?

I have a search that generates a list of IP addresses and usernames by time. I'd like to dedup the value of ip addres...

by Champion in

How to add the average of the top 5 percent of values, but remove the max value, to my timechart?

What I have: "Properties.MetricType"=ResponseTiming AND "Properties.Http_Request_Path"=/BackflushInputs | timechar...

by New Member in

Why does using chart and stats give me different results when finding the sum of a field?

I noticed this too. It looks like the chart command sums up the field differently??? Here’s what I’m talking abou...

by Communicator in

How to edit my alert to turn it off during a known maintenance window?

Hello - I have an alert setup that I need to not fire on Sundays between 2:45pm and 4:00pm. Below is what I have c...

by New Member in

How do I find the highest number of days between events for a given month

Splunk experts - Trying to figure this out, but at a point where I am stuck. I would like to come up with the lar...

by Path Finder in

Is my search correct in finding the duplicate total count of messages based on a single field value?

I am trying to display the single total count of all messages for the current day that have the same values for a sin...

by Path Finder in

Can't get charting.axisLabelsX.majorLabelStyle.rotation to work.

I've run into the problem where the X axis labels of my charts are being shortened by ellipsis because they are too l...

by Engager in

How to edit my coalesce search to obtain a list of hostnames occurring in specific sources in my data?

Hi All, I have several CSV's from management tools. All containing hostinfo, all of course in their own, beautiful...

by Communicator in

regex to find events on more than one condition

my event is: HDR+1|TIME+2017-01-17 11:09:17.426 GMT|SESS+957785928+18|CLS+BookingLogger|METH+createAndFulfilCommercia...

by Engager in

How to parse each pipe section on a separate line on a NON QWERTY keyboard ( CTRL + \ )

CTRL + \ is great on QWERTY keyboard, how do i do this with an NON QWERTY keyboard ? (AZERTY etc...) doc related : ht...

by Splunk Employee in

Only first line of python script is getting executed

I had placed a python script in the 'C:\Program Files\Splunk\etc\apps\search\bin\parsing.py' This is a sample of my c...

by New Member in

Join same index twice for search1 and search2 into a single table

I have one index that search for an error and the same index search for exeception now i have error result and ex...

by New Member in

How to search the Splunk system to find the current number of concurrent searches vs the max number of concurrent searches?

How to search the Splunk system to find the current number of concurrent searches vs the max number of concurrent sea...

by Splunk Employee in

How to edit my search using the "map" command?

I have two searches I want to be run in a real-time alert. I've never used map before, but this is what I have. It's ...

by Builder in

How can I separate the event by condition?

Hi, I think it is quite complicated and try to explain clearly. I got the firewall log with the following fields ...

by Explorer in

Use TimePicker to average on a specific field

I have a dashboard with several inputs to include a timepicker, one of my panels charts the sums of specific fields o...

by Explorer in

In a visualization, how to include non-existent numeric values in "stats count by" search?

I'm working on a report for network traffic touching my organization's firewalls, and the report looks like this righ...

by Explorer in

How to simplify this search in order to give me a distinct count of servers by application?

Hey guys. I'm kind of new to Splunk and was wondering if there was a simpler way of writing this search. index=...

by Path Finder in

How to add more fields to my table result in my search?

Hi I am trying to find Malware activity detected on vulnerable systems so I did the subsearch as follow: source="a...

by Path Finder in

How to generate a search to identify scheduled jobs by user?

hi, Can anyone please help me with a search to to identify scheduled jobs for abc and xyz application and the user...

by Explorer in

Is the default order of events guaranteed to be from latest to earliest in Splunk?

Hi, I am working on some Splunk searches that highly rely on the order the events are returned in, by the search comm...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display load average values in a chart?

How to extract a field from a long path name?

How to extract the field?

How can we get the Splunk 60 day trial license users?

Combine 2 fields to create a new field?

How to add the average of the top 5 percent of values, but remove the max value, to my timechart?

Why does using chart and stats give me different results when finding the sum of a field?

How to edit my alert to turn it off during a known maintenance window?

How do I find the highest number of days between events for a given month

Is my search correct in finding the duplicate total count of messages based on a single field value?

Can't get charting.axisLabelsX.majorLabelStyle.rotation to work.

How to edit my coalesce search to obtain a list of hostnames occurring in specific sources in my data?

regex to find events on more than one condition

How to parse each pipe section on a separate line on a NON QWERTY keyboard ( CTRL + \ )

Only first line of python script is getting executed

Join same index twice for search1 and search2 into a single table

How to search the Splunk system to find the current number of concurrent searches vs the max number of concurrent searches?

How to edit my search using the "map" command?

How can I separate the event by condition?

Use TimePicker to average on a specific field

In a visualization, how to include non-existent numeric values in "stats count by" search?

How to simplify this search in order to give me a distinct count of servers by application?

How to add more fields to my table result in my search?

How to generate a search to identify scheduled jobs by user?

Is the default order of events guaranteed to be from latest to earliest in Splunk?

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions