Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How many CPU cores required for handling concurrent searches

no . of search head -1 (8 cores) no. of indexers - 4 (24-cores each) So, my system-wide concurrent searches limit ...

by Motivator in

Calculations on fields with multiplier abbriviations

Any ideas on how to handle this - I am imaging a horrible if/string statement, but any other ideas? i have a field...

by Ultra Champion in

how to extract the below words from a log

Hi, I have following sample log string , May 13 14:20:32 pcpsd1sb.smart.net 318324: May 13 14:20:31.282 EDT: %C...

by Path Finder in

How to use wildcard in search command where to compare values?

Hello guys I have lots of columns such as test1 ,test1_up ,test1_down ,test2 ,test2_up, test2_down ,tmp1, tmp1_up...

by Path Finder in

display results from map on inputlookup as events

I have a search like this: |inputlookup CSV-Generic-GenCus-GenLBL-SensitiveDataKeyWords.csv | map [search index="...

by Path Finder in

what does status=200 mean?

Hi, please explain, what is the function of 'status'? why we use status? what's its function?what does it do? what d...

by Engager in

Filter Multiple Event Results Into A Single Value

I would like to return the value of a string only once even if it shows up multiple times in splunk. For example: ...

by New Member in

Combine two record sets where a distinct value matches (without using join)

I have a search that generates two distinct types of record entries (searching for "for event"): 2015-05-05 for ev...

by New Member in

multi field in different rows

Hi at all, I'm ingesting many csv where there are a variable number of columns. some of this columns have name ...

by Esteemed Legend in

Display data on single bar line in chart

I have some records in csv, each record has a column 'payment method'. I have to count by 'payment method' and the re...

by New Member in

How to use evaluate function across multiple multivalue fields

Hi, I am trying to create an anomaly detector for unusually high thruputs across all sourcetypes in my Splunk inte...

by Engager in

Convert JSON to table

I tried looking up for a solution and went through almost all suggestions. None worked for me. I have the following j...

by Explorer in

How to split event into multiple rows in a table?

Hello everyone, I'm trying to get an analysis of an process log file. The logfile contains an event for every ende...

by Path Finder in

Using regex to extract word after semicolons

Hi I am attempt to extra host names from logs they always appear after the 4th semicolon : E.g. I want the ext...

by New Member in

How to determine if logs are not being used?

Is there a way to determine which logs are not being used anymore, and therefore can be deleted? For example, maybe a...

by New Member in

Why does my summary search not produce any results?

Hi to all, I have a summary search that doesn't produce results, if I copy and paste the same search in "search & ...

by Explorer in

How to append search results multiple times based on change in particular field value

Hi, I want to something like - append [Query-2] by clause Situation is I have a result set from query-1 and que...

by Path Finder in

Is it possible to search Splunk for list of concurrent searches usage over time?

Hello, is it possible to search Splunk for list of concurrent searches usage over time by searching internal log? ...

by Path Finder in

SPlunk Searches slow

Hello, I am facing challenges to search query in SPlunk 6.4.1 environment But Splunk Performance is very slow. We ...

by New Member in

Manage alert threshold and rows returned all within the custom condition in the alert

This kind of spiraled as I was helping a coworker with an alert they had all the duration and times hardcoded in the ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How many CPU cores required for handling concurrent searches

Calculations on fields with multiplier abbriviations

how to extract the below words from a log

How to use wildcard in search command where to compare values?

display results from map on inputlookup as events

what does status=200 mean?

Filter Multiple Event Results Into A Single Value

Combine two record sets where a distinct value matches (without using join)

multi field in different rows

Display data on single bar line in chart

How to use evaluate function across multiple multivalue fields

Convert JSON to table

How to split event into multiple rows in a table?

Using regex to extract word after semicolons

How to determine if logs are not being used?

Why does my summary search not produce any results?

How to append search results multiple times based on change in particular field value

Is it possible to search Splunk for list of concurrent searches usage over time?

SPlunk Searches slow

Manage alert threshold and rows returned all within the custom condition in the alert

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...