Splunk Search

Discussions

Thread Info

Modify search term before search

I would like to modify my search term before I actually search for it. Background: I want to see how the MX for a cer...

by Explorer in

eval if clarification

I have a document field that opens a document if available and it displays "no document found" if there is no documen...

by Path Finder in

Extract values bucketed by time

Hello, I have a bucketed chart in this format: Is it possible to calculate the geometric mean of the va...

by New Member in

can some one help me with the query how to get successful login after multiple failed logins for windows ?

im trying to get the count of succesfful login after multiple login failure

by New Member in

how can i filter my output to display only the user results which satisfies the condition substraction of the fields A and B is greater than 3 hours. Where A and B are the epoch times converted to human readable time?

Hi everyone, Since I dont have much knowledge on Splunk query language. I am struggling for the past one week to s...

by Builder in

Powershell: How to parse epoch stamped DB files for a specific date range and move those files to thaweddb?

I'm trying to automate a task for moving db files from a specified date range to the thaweddb so that my teams can se...

by Explorer in

How to calculate the time difference between request and response log entries?

I need to calculate time difference between two (request and response) entries in log I have logs like below R...

by Engager in

Can I update KV store through a search?

Hi, I am doing a POC to check if KV Store is a better option as compared to a traditional file lookup for my app. ...

by Path Finder in

How do I write a search to extract these two fields from my sample nested JSON data?

I have the following sample payload { "time" : "11-23-2016 23:19:15.875 +0000", "message" : "CSE Filter ...

by New Member in

How to create a visualization showing event counts since beginning of the transaction, separated by time?

I have transactions with varying number of events. I want a plot showing how many events occur in buckets since the b...

by New Member in

I am unable to retrieve date/datetimp related fields from cassandra to splunk. But rest of the fields with out date/time fields are retrieved successfully.

i am getting the below error in search.log\ ERROR ERP.cassandra_erp - Exception in thread "main" java.lang.NoSuchM...

by Path Finder in

How to find the time difference in hours between the _time of two different fields ?

I'm going crazy of calculating the difference between two fields which has epoch time. The following is my Query U...

by Builder in

No results found, still chart and stats return 1.

Hi, I have a query which returns no results: index="itsm" sourcetype=incidents | dedup NUMBER sortby OPEN_TIME ...

by Loves-to-Learn in

Filter the number of less than 1000 of the data

Filter the number of less than 1000 of the data example: index=app sourcetype=EPC*Event* level=ERROR |rex field...

by Engager in

How to format results sent via sendemail?

Scenario: I am sending results inline with sendemail. Unfortunately, the way it displays (and sends results) in colum...

by Contributor in

How to use two stats commands with different where clauses?

Hello, I am trying to use the stats command with 2 different where clauses with the end result being to use the 2 ...

by Communicator in

How to write a search to only return results where multiple values exist?

I have a log output which provides many fields, but the two I'm most concerned with are user and device. I'm tryi...

by Explorer in

How can I use a subsearch as fields in my report?

This is the search I'm working with: index="*-network" (sourcetype="cisco:asa" OR sourcetype="routers") user="user...

by Explorer in

How to calculate the average of a column, and display this average next to it in a separate column?

I displayed the list of people and their count by using the below search: foo | stats dc(A) as people by B whi...

by Builder in

How to list all values of an Extracted Field?

Good Morning, Fellow Splunkers I'm looking to list all events of an extracted field one time. Example: Extr...

by Path Finder in

How to write a regular expression to extract key value pairs from my sample event?

Hi, We have events which contain key value pairs separated by a colon :. Here is the sample event: <6>2016-11-2...

by Communicator in

How to search multiple indexes for certain key value pairs?

I am trying to search our WIndows logs and our Fortinet logs for specific info. (index=windows) OR (Index=fortinet...

by Explorer in

How to edit my search to calculate a percentage for my timechart?

I have to calculate % of SLA missed over time. basesearch|dedup ID|EVAL sla_status = case(Status like "Closed MPT ...

by Communicator in

How do I invert the x and y-axis in my chart?

Hello, I'm trying to flip the x and y axis of a chart so that I can change the way my data is visualized. As it st...

by Motivator in

How to edit my XML to use a timepicker output to control the time range of the search?

Hi All, I have a Splunk form where I am using 2 time pickers to come up with different times for 3 different joins...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Modify search term before search

eval if clarification

Extract values bucketed by time

can some one help me with the query how to get successful login after multiple failed logins for windows ?

how can i filter my output to display only the user results which satisfies the condition substraction of the fields A and B is greater than 3 hours. Where A and B are the epoch times converted to human readable time?

Powershell: How to parse epoch stamped DB files for a specific date range and move those files to thaweddb?

How to calculate the time difference between request and response log entries?

Can I update KV store through a search?

How do I write a search to extract these two fields from my sample nested JSON data?

How to create a visualization showing event counts since beginning of the transaction, separated by time?

I am unable to retrieve date/datetimp related fields from cassandra to splunk. But rest of the fields with out date/time fields are retrieved successfully.

How to find the time difference in hours between the _time of two different fields ?

No results found, still chart and stats return 1.

Filter the number of less than 1000 of the data

How to format results sent via sendemail?

How to use two stats commands with different where clauses?

How to write a search to only return results where multiple values exist?

How can I use a subsearch as fields in my report?

How to calculate the average of a column, and display this average next to it in a separate column?

How to list all values of an Extracted Field?

How to write a regular expression to extract key value pairs from my sample event?

How to search multiple indexes for certain key value pairs?

How to edit my search to calculate a percentage for my timechart?

How do I invert the x and y-axis in my chart?

How to edit my XML to use a timepicker output to control the time range of the search?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions