Splunk Search

Community Activity

How to write a search for my requirement? Hi Everyone, Looking for help to write search query for below requirement. -time Resul... by lksridhar Explorer in Splunk Search 12-16-2016 0 3	0	3
Running separate searches from a base search? I have a long search, where in the first part, I'm filtering down lots of data, and doing lookup, eval, etc, let's ca... by szabados Communicator in Splunk Search 12-16-2016 0 3	0	3
My search returns results when run in an app's search bar, but why are there no results when run in the Search & Reporting app? Hi Guys, I am not getting any result from the main search bar with the search below. Even though the same query is w... by Steave4app New Member in Splunk Search 12-15-2016 0 2	0	2
How to calculate idle time between events of a single transaction? Hi, I have the following session logs of users: "2016-12-14 14:27:39" ROWNUM="6152288", ENDED_AT="2016-12-14 14:27:... by p_gurav Champion in Splunk Search 12-15-2016 2 2	2	2
How to reduce the number of decimals in results from 6 digits to 1 digit Hi all, I am running below search which is returning 6 decimals for duration, how do i reduce to 1? example : resul... by puneethgowda Communicator in Splunk Search 12-15-2016 0 2	0	2
How to edit the eval syntax in my search to assign a value based on the result of a subsearch? Hi, I'm working with Nagios events, with field "current_state" equal 2, Nagios is indicating a critical situation. ... by antoniofacchi New Member in Splunk Search 12-15-2016 0 5	0	5
Why am do I get no results searching host=hostname, but do get results if I add index=_introspection to the search? I am unable to find host when I use host = hostname as query, but I can find same host when I use index=_introspectio... by saisrujan28 Explorer in Splunk Search 12-15-2016 0 2	0	2
How to build a search that will provide metrics for peered data? I need a search query to provide amount of data by volume as well as by host by bluemarvel Path Finder in Splunk Search 12-15-2016 0 9	0	9
How to search the top users and compare the usage stats of those users with the previous two days? I have the search below to pull out the count of users for today & last two days. I want to modify this to pull the t... by Vicky84 Explorer in Splunk Search 12-15-2016 1 8	1	8
What is the least resource-intensive way to plot a line graph for event count for each sourcetype within a specified index? So I want to create a dashboard with each panel monitoring one index. Within a panel, it would be a timechart with co... by kalik Explorer in Splunk Search 12-15-2016 1 2	1	2
How to edit my timechart search to find how many fields were processed in a given time span? i have table like this id info starttime endtime responsetime source 2 ... by prashanthberam Explorer in Splunk Search 12-15-2016 0 3	0	3
How to use "rex" instead of "replace" to search for strings with spaces? I was using REPLACE and that works fine until I found out that I cannot search for a string with spaces. For instance... by maximusdm Communicator in Splunk Search 12-15-2016 0 8	0	8
How to edit my search to aggregate the values from all disks in a single value and display a line representing IOPS from these disks? Hi folks, I'm using the following search to display a graph with the disk throughput (IOPS) for every disk in a host:... by jorgefg Explorer in Splunk Search 12-15-2016 0 3	0	3
Retrace automatically Hi! I successfully uploaded my ProGuard mapping. I also managed to retrace a stacktrace of an error. However, it wou... by WonderCsabo New Member in Splunk Search 12-15-2016 0 1	0	1
Using an app generated log file, how to generate a search that will determine and visualize a host's running status? I'll include the "Splunk newb here" disclaimer to start off with... I have an agent that drops a new event every 50 ... by csprice Path Finder in Splunk Search 12-15-2016 0 3	0	3
How to extract a multivalue index-time field from another multivalue index-time field? I'm trying to extract two index-time fields from the input stream. Both should be multivalued. I successfully extract... by arkadyz1 Builder in Splunk Search 12-15-2016 0 6	0	6
How to edit my search to allow filtering by date and time on a dashboard? The search below works only in reports, not in dashboards sourcetype=ped_venda_e_remessa_via_arq Tipo_Linha=WS \|fiel... by cdo_splunk Splunk Employee in Splunk Search 12-15-2016 0 2	0	2
How to use the earliest and latest value found (passed from subsearch to outer search) to calculate duration? I have a batch job that may run multiple times per day. The log format is as follows, I need a table with the belo... by namrithadeepak Path Finder in Splunk Search 12-15-2016 0 1	0	1
How to append columns based on searches, and row values with lookups? Hi all. I have a lookup table (data.csv) that looks like: ID TYPE PRICE 1 Type1 3,23 2 Typ... by changux Builder in Splunk Search 12-15-2016 0 6	0	6
How to extract a new field that contains the domain name for machines on the network? Hi, I'm importing data from Nmap and would like to get the full domain name for the machines on the network. The ou... by ngb Engager in Splunk Search 12-15-2016 1 4	1	4
How do I configure a search to count 14 days between now and a timestamp within my event? We've ingested some database tables for data that consists of changes being made in our environment. I'm looking to c... by jmaple Communicator in Splunk Search 12-15-2016 0 5	0	5
Extracting multiple values from a multivalue field: using rex vs. props.conf or transforms.conf This is a follow-up to my previous question. In there, I managed to extract a multivalue index-time field, but could... by arkadyz1 Builder in Splunk Search 12-15-2016 0 1	0	1
Is there an efficient way to search for entries containing a specific substring of an indexed word? I'm not entirely certain exactly how the search optimization in Splunk works. Certainly, if I search only for a rare ... by johnmccash Explorer in Splunk Search 12-15-2016 0 2	0	2
How to edit my search to separate values in a column into two columns in my resulting table? I have the table like this: time info id response time start time1 in 571 end tim... by prashanthberam Explorer in Splunk Search 12-15-2016 0 7	0	7
How do I aggregate individual searches into a single search? Hi. My organization is looking at identifying individual users (UserID) who have failed authentication(logon) >5 tim... by jasperlee27 New Member in Splunk Search 12-15-2016 0 4	0	4

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Splunk Search

How to write a search for my requirement?

Running separate searches from a base search?

My search returns results when run in an app's search bar, but why are there no results when run in the Search & Reporting app?

How to calculate idle time between events of a single transaction?

How to reduce the number of decimals in results from 6 digits to 1 digit

How to edit the eval syntax in my search to assign a value based on the result of a subsearch?

Why am do I get no results searching host=hostname, but do get results if I add index=_introspection to the search?

How to build a search that will provide metrics for peered data?

How to search the top users and compare the usage stats of those users with the previous two days?

What is the least resource-intensive way to plot a line graph for event count for each sourcetype within a specified index?

How to edit my timechart search to find how many fields were processed in a given time span?

How to use "rex" instead of "replace" to search for strings with spaces?

How to edit my search to aggregate the values from all disks in a single value and display a line representing IOPS from these disks?

Retrace automatically

Using an app generated log file, how to generate a search that will determine and visualize a host's running status?

How to extract a multivalue index-time field from another multivalue index-time field?

How to edit my search to allow filtering by date and time on a dashboard?

How to use the earliest and latest value found (passed from subsearch to outer search) to calculate duration?

How to append columns based on searches, and row values with lookups?

How to extract a new field that contains the domain name for machines on the network?

How do I configure a search to count 14 days between now and a timestamp within my event?

Extracting multiple values from a multivalue field: using rex vs. props.conf or transforms.conf

Is there an efficient way to search for entries containing a specific substring of an indexed word?

How to edit my search to separate values in a column into two columns in my resulting table?

How do I aggregate individual searches into a single search?

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation