Splunk Search

Discussions

Thread Info

How to create a horizontal bar chart with a bar indicating start time, end time, and duration?

I have data for a batch job that runs each day. I have StartTime, EndTime, and a calculated value for duration. The j...

by Explorer in

How to tell what searches are running currently

I want to avoid killing somebody else's search in the event I need to restart splunk. Is there any way to see all the...

by Path Finder in

How to merge two searches and make a single timechart?

Hey, i'm trying to merge/join 2 searches into 1, and create a table of the data. this is my starting query: ...

by Path Finder in

Overwritten sourcetypes not searchable

Hi fellow splunkers, I ran into a problem regarding "Overwriting of an existing sourcetype via props and transfor...

by Motivator in

How do I get only values ending with, say $, from a search

I would like to search for values that end with or begin with specific characters

by Engager in

How to extract text from the Message field up to the first "." in Windows event logs?

We have made a dashboard to show the rare events generated by users Account_Name=XX* |rare limit=20 EventCode |ta...

by New Member in

Rename an index in a Splunk distributed deployment

I would like to change the name of an index without losing any data etc. Is it possible to modify an index name in th...

by Path Finder in

How to add time filter late in the search command

I understand how to search using the time range picker, or by adding "earliest" and "latest" in the primary search-co...

by Explorer in

How to fill empty latest parameter in URL

When I open a dashboard the URL looks like this: https://....../en-US/app/app_name/dashboard?earliest=0&lates...

by Explorer in

How do I visualize my sample data in a bubble chart?

I want to show the below data in Bubble chart: Data1 $1000 Data2 $10000 Data3 $100000 Data4 $1000000 With this,...

by Explorer in

How to extract Major_Brand_Display_Name value from xml

<EmailAddress>RON@xyz.COM</EmailAddress> <Attributes> <Name>Addressee_Name</Name> ...

by New Member in

Missing interesting fields in the Search & Reporting screen

When I use the Splunk's Search & Reporting screen, it does not list any of the Interesting fields that are in the csv...

by Explorer in

.xlsx option

Hello Is there way to add xlsx to the drop down menu when you do a export? All i am seeing is csv, xml, and json. ...

by New Member in

How to aggregate percentage information in pie chart labels?

I would like to aggregate the % info in the pie labels, so it will read: "OK (77%)" instead of OK "ERRORS (23%)" ...

by Path Finder in

Pull Date from Filename

So I have some logs that are in the following format: Filename: 16061601rw.dat Each line has a time stamp...

by New Member in

How can I see all forwarders deployed in the Distributed Management Console and in a search from internal metrics log?

I am confused here. I work with a massive distributed environment and I want to see ALL of our thousands of forwarder...

by Path Finder in

How to write a search to display the end date of field values and the time difference?

Hi all. I have a sourcetype with PENDING orders in a field: ORDERID. In other sourcetype i have ANSWERED orders wi...

by Builder in

How do I simulate doing a left join or outer join using the "lookup" command?

Issue I am running into right now is I have a result set that I want to pull in threshold values that reside in a loo...

by Path Finder in

How to search the duration between two events in the same field?

Hi, Hi everyone. I need to find out the duration between two events in the same field. My table is like this: u...

by Explorer in

How to generate a search that will show the time between REQ and ACK?

Hi, Anyone, please help me. I need to find out the time between REQ and ACK by using the (TS:1478717835696) and Da...

by Explorer in

Is timewrap an official SPL command in Splunk 6.5?

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command doe...

by Champion in

How to edit my search to find different ports used per IP and their count?

I have am looking data from out firewall. There I have a search that gives me a list of all allowed traffic to all IP...

by Builder in

How to edit my search to use a lookup table to search events around a specific time?

Hi, I have a lookup table that has 1 field (Cpe_ID). I need to use the lookup table to search the events around a ...

by Motivator in

How do I extract a numerical field and rename the value?

this is the raw data from my search index=myindex sourceype=mysourcetype 2016-11-10 07:41:29 Local7.Debug 22.85...

by Explorer in

Modify the format of events in splunk UI

Hi All, I have JSON Logs like below: SAMPLE EVENT: "line":" 2016-10-21 19:16:00 INFO [CollectorAccess] Updating...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a horizontal bar chart with a bar indicating start time, end time, and duration?

How to tell what searches are running currently

How to merge two searches and make a single timechart?

Overwritten sourcetypes not searchable

How do I get only values ending with, say $, from a search

How to extract text from the Message field up to the first "." in Windows event logs?

Rename an index in a Splunk distributed deployment

How to add time filter late in the search command

How to fill empty latest parameter in URL

How do I visualize my sample data in a bubble chart?

How to extract Major_Brand_Display_Name value from xml

Missing interesting fields in the Search & Reporting screen

.xlsx option

How to aggregate percentage information in pie chart labels?

Pull Date from Filename

How can I see all forwarders deployed in the Distributed Management Console and in a search from internal metrics log?

How to write a search to display the end date of field values and the time difference?

How do I simulate doing a left join or outer join using the "lookup" command?

How to search the duration between two events in the same field?

How to generate a search that will show the time between REQ and ACK?

Is timewrap an official SPL command in Splunk 6.5?

How to edit my search to find different ports used per IP and their count?

How to edit my search to use a lookup table to search events around a specific time?

How do I extract a numerical field and rename the value?

Modify the format of events in splunk UI

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions