Splunk Search

Ask a Question

Discussions

Thread Info

Clarification on Estimated Distinct Count (estdc)

Within a search I was given at work, this line was included in the search: estdc(Threat_Activity.threat_key) I fou...

by Communicator in

Is using count over streamstats time_window not timechart span possible?

Hello splunkfans, i'm kind of running out of ideas and this is my first contact to streamstats.  I am working on ...

by New Member in

How to show stats sum for a field using a value produced from an eval statement?

Hi, I have one field with values for each month, and this eval gives me the current month name(current February); ...

by New Member in

Splunk ES - Notification when a suppression is created

Hello, Is there a way to get a RSS or email notification when a new notable suppression is created or enabled in ...

by Builder in

How to extract fields from Oracle Diagnostic logs (ODL) format

I am trying to extract fields from Oracle Diagnostic logs for Hyperion Essbase as each event will have values in diff...

by New Member in

Splunk query to add commas on calculated fields by date

Can you help suggesting options to add commas to the calculated fields Example : chart count as TotalCnt, people O...

by Explorer in

How do I create a sparkline for each day in a chart?

I am trying to summarize network traffic to or from an IP address. I would like to look for daily patterns and though...

by Builder in

How to edit my subsearch to find a particular SessionID and phrase?

I have multiple events that are related by a similar sessionID. One event contains an employerCode, which is what I w...

by New Member in

How to build a search macro for multiple client run times?

Looking to build a macro on an ugly search for some of our clients. Multiple clients use this same search, therefore ...

by Contributor in

Please help me write a macro for the following eval search command

eval range=case( start_time=="ZERO_TIME","All Time", start_time!="ZERO_TIME" AND ctime - strptime(start_time, "%a %b...

by Observer in

How to set up a conditional search on my application logs to find whether the last start message was recent?

I need help on setting up the conditional search on my application logs for stop (Application Stopped) & start (Appli...

by New Member in

How to add a column of averages to a timechart?

Similar to how timechart sum() by ip | addtotals which adds a "Totals" Column to a timechart, how can you add an aver...

by Engager in

After upgrading Splunk from 6.4 to 6.5.1, why is the "search" command not working?

I have upgraded my Splunk version to 6.5.1 from 6.4. After this, I observed the "search" command is not working. Is t...

by Path Finder in

filed Extraction using regex in a query?

Hi Team, I have data like below: \launching VM Initializing Wed 2017-01-04 02:22:48 Going-stop Wed 2017-01-04 0...

by New Member in

How to use join with data model?

I have tried using join to detect the common field from lookup but i need not find the fields that are not present us...

by New Member in

How does Splunk reconstruct events when using forceTimebasedAutoLB?

According to this blog post: http://blogs.splunk.com/2014/03/18/time-based-load-balancing/ Using this setting...

by Champion in

TimeFormat conversion to millisecond

Hello, I have extracted field which contains application response time in below format. Format: 00:00:00.000...

by Contributor in

Use Lookup To Filter Events

Hi, in my searches I want to filter my events when the field "Version" has specific values. The list of values I w...

by Motivator in

Error in 'eval' command: The expression is malformed. An unexpected character is reached at ',0)'

Hi, for a SLA project, I'm using Splunk to read Nagios the availability status of some services. Using the conditi...

by New Member in

The same sql but different searche result

The SPL below was ran in search bar and table in panel, but the search result are different. Why the same SPL made...

by Explorer in

Alternative to join command to do a summation on date_hour

I need to sum up the time differential for two events on a date_hour, date_wday, and date_month basis. Originally I u...

by Path Finder in

is there a way to get metadata about a search result with loadjob

Hi, I am trying to get the metadata info of the search artefact that is returned by loadjob (when loading the lat...

by Engager in

Save Button Grayed Out When Editing Regex (Field Extraction)

I am trying to extract a new field from an event using regex in Splunk 6.5. I've progressed through the "Extract a Ne...

by Path Finder in

How to import files that change names when they roll over to a new daily file

Hi, I have a system which logs data into a file, once about 24 hours of logging occurs the file is renamed and a n...

by Explorer in

How to edit our props.conf to assign a time field in our sample JSON event as the event timestamp?

Can you please tell us how to assign event log time (ALERT_TIMESTAMP fields value ) as the event timestamp (_time)? S...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Clarification on Estimated Distinct Count (estdc)

Is using count over streamstats time_window not timechart span possible?

How to show stats sum for a field using a value produced from an eval statement?

Splunk ES - Notification when a suppression is created

How to extract fields from Oracle Diagnostic logs (ODL) format

Splunk query to add commas on calculated fields by date

How do I create a sparkline for each day in a chart?

How to edit my subsearch to find a particular SessionID and phrase?

How to build a search macro for multiple client run times?

Please help me write a macro for the following eval search command

How to set up a conditional search on my application logs to find whether the last start message was recent?

How to add a column of averages to a timechart?

After upgrading Splunk from 6.4 to 6.5.1, why is the "search" command not working?

filed Extraction using regex in a query?

How to use join with data model?

How does Splunk reconstruct events when using forceTimebasedAutoLB?

TimeFormat conversion to millisecond

Use Lookup To Filter Events

Error in 'eval' command: The expression is malformed. An unexpected character is reached at ',0)'

The same sql but different searche result

Alternative to join command to do a summation on date_hour

is there a way to get metadata about a search result with loadjob

Save Button Grayed Out When Editing Regex (Field Extraction)

How to import files that change names when they roll over to a new daily file

How to edit our props.conf to assign a time field in our sample JSON event as the event timestamp?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions