Splunk Search

Discussions

Thread Info

How to add time filter late in the search command

I understand how to search using the time range picker, or by adding "earliest" and "latest" in the primary search-co...

by Explorer in

How to fill empty latest parameter in URL

When I open a dashboard the URL looks like this: https://....../en-US/app/app_name/dashboard?earliest=0&lates...

by Explorer in

How do I visualize my sample data in a bubble chart?

I want to show the below data in Bubble chart: Data1 $1000 Data2 $10000 Data3 $100000 Data4 $1000000 With this,...

by Explorer in

How to extract Major_Brand_Display_Name value from xml

<EmailAddress>RON@xyz.COM</EmailAddress> <Attributes> <Name>Addressee_Name</Name> ...

by New Member in

Missing interesting fields in the Search & Reporting screen

When I use the Splunk's Search & Reporting screen, it does not list any of the Interesting fields that are in the csv...

by Explorer in

.xlsx option

Hello Is there way to add xlsx to the drop down menu when you do a export? All i am seeing is csv, xml, and json. ...

by New Member in

How to aggregate percentage information in pie chart labels?

I would like to aggregate the % info in the pie labels, so it will read: "OK (77%)" instead of OK "ERRORS (23%)" ...

by Path Finder in

Pull Date from Filename

So I have some logs that are in the following format: Filename: 16061601rw.dat Each line has a time stamp...

by New Member in

How can I see all forwarders deployed in the Distributed Management Console and in a search from internal metrics log?

I am confused here. I work with a massive distributed environment and I want to see ALL of our thousands of forwarder...

by Path Finder in

How to write a search to display the end date of field values and the time difference?

Hi all. I have a sourcetype with PENDING orders in a field: ORDERID. In other sourcetype i have ANSWERED orders wi...

by Builder in

How do I simulate doing a left join or outer join using the "lookup" command?

Issue I am running into right now is I have a result set that I want to pull in threshold values that reside in a loo...

by Path Finder in

How to search the duration between two events in the same field?

Hi, Hi everyone. I need to find out the duration between two events in the same field. My table is like this: u...

by Explorer in

How to generate a search that will show the time between REQ and ACK?

Hi, Anyone, please help me. I need to find out the time between REQ and ACK by using the (TS:1478717835696) and Da...

by Explorer in

Is timewrap an official SPL command in Splunk 6.5?

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command doe...

by Champion in

How to edit my search to find different ports used per IP and their count?

I have am looking data from out firewall. There I have a search that gives me a list of all allowed traffic to all IP...

by Builder in

How to edit my search to use a lookup table to search events around a specific time?

Hi, I have a lookup table that has 1 field (Cpe_ID). I need to use the lookup table to search the events around a ...

by Motivator in

How do I extract a numerical field and rename the value?

this is the raw data from my search index=myindex sourceype=mysourcetype 2016-11-10 07:41:29 Local7.Debug 22.85...

by Explorer in

Modify the format of events in splunk UI

Hi All, I have JSON Logs like below: SAMPLE EVENT: "line":" 2016-10-21 19:16:00 INFO [CollectorAccess] Updating...

by Contributor in

How do I return the number of times a specified value appears in a field?

Hello, I have a simple issue that I can't resolve, and was hoping for support. I have the following data: OBJEC...

by Explorer in

How do I count the number of events based on the value of a field?

Hello, I am having trouble with a simple search. I have the following data: OBJECT ID,NEW STATE 1,STATE ONE 1,S...

by Motivator in

How to identify seasonal event log messages? (every weekend, every month, every day at a certain time, etc.)

I’ve got a stream of event logs (log4j variation - timestamp host class msg summary etc) coming in – I want to identi...

by Explorer in

Can somebody lists down the comparison between splunk and Graylog2 tools?

Hello All, I want to know the differences/comparisons between Graylog2 and Splunk. I know that Graylog2 is free, b...

by Builder in

How to edit my search to show only the last field value from a field for each IP?

Hello From the search, I get the IP's and its last scan information with LAST_SCAN_DATETIME. I need to get the inf...

by Builder in

What is the regular expression for my use case?

i am unable to display dv_state="Closed Complete" from the data. please help me with REX for this use case. dv_sta...

by Communicator in

How to calculate the average and standard deviation of a field that has two values?

I have the Splunk searches as below: search: My Search | stats earliest(date_hour) as FirstHour latest(date_ho...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to add time filter late in the search command

How to fill empty latest parameter in URL

How do I visualize my sample data in a bubble chart?

How to extract Major_Brand_Display_Name value from xml

Missing interesting fields in the Search & Reporting screen

.xlsx option

How to aggregate percentage information in pie chart labels?

Pull Date from Filename

How can I see all forwarders deployed in the Distributed Management Console and in a search from internal metrics log?

How to write a search to display the end date of field values and the time difference?

How do I simulate doing a left join or outer join using the "lookup" command?

How to search the duration between two events in the same field?

How to generate a search that will show the time between REQ and ACK?

Is timewrap an official SPL command in Splunk 6.5?

How to edit my search to find different ports used per IP and their count?

How to edit my search to use a lookup table to search events around a specific time?

How do I extract a numerical field and rename the value?

Modify the format of events in splunk UI

How do I return the number of times a specified value appears in a field?

How do I count the number of events based on the value of a field?

How to identify seasonal event log messages? (every weekend, every month, every day at a certain time, etc.)

Can somebody lists down the comparison between splunk and Graylog2 tools?

How to edit my search to show only the last field value from a field for each IP?

What is the regular expression for my use case?

How to calculate the average and standard deviation of a field that has two values?

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions