Splunk Search

Community Activity

How to search for and display the count of events per sourcetype in a table? Hi all. I have a search that begins with: index="first" OR index="second" sourcetype=* I need to show a table wit... by changux Builder in Splunk Search 10-31-2016 0 5	0	5
How to generate a search that will correlate multiple IP addresses that hit the same URL? I am utilizing Cisco Ironport Squid logs. I found a suspicious event that is possible malware related and multiple co... by DavidScavotto Explorer in Splunk Search 10-31-2016 0 6	0	6
How to write a search to display forwarders missing at a certain point in time? Hi Guys Is there a search that can pull back the forwarders that are missing / not sending data at a point in time, ... by AaronMoorcroft Communicator in Splunk Search 10-31-2016 1 2	1	2
How to calculate the time difference in minutes between two events? I have two events I'm using this nt_time=strptime(VENDOR_NOTIFIED_TIME,"%F %T")\|eval st_time = strptime(START_DATE,... by msachdeva3 Explorer in Splunk Search 10-31-2016 0 4	0	4
extracting fields between pattern in a search and and calculating length of value Hello. I have a simmilar quesiton to this : https://answers.splunk.com/answers/176585/how-to-extract-a-field-betwe... by shere New Member in Splunk Search 10-31-2016 0 6	0	6
Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance? Hi Guys, I'm running a search and it seems to take longer than needed. I've search the logs for errors and found thi... by gwobben Communicator in Splunk Search 10-31-2016 2 2	2	2
How to search for a field value during a certain period of time using an extracted time field? Hi I have an extracted field from regex, ie Time_extract which gives hour. Now I want to get the logs between a per... by arunkuriakose Explorer in Splunk Search 10-30-2016 0 3	0	3
Help with Splunk 6.3 Simple XML text input box: condition match regex IP address I am trying to test a text input box value to determine if an IP address was provided. If an IP address was provided,... by mydog8it Builder in Splunk Search 10-30-2016 1 16	1	16
Is it possible to highlight a specific term from an inputlookup? All; I am running Splunk 6.3.5 and need to see what term "hits" in the resulting event. The search is: index=proxysg... by TheJagoff Communicator in Splunk Search 10-30-2016 1 4	1	4
How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype? Hello, I'm trying to build a search that lists the hosts daily that are, filtering for a specific SourceType, sendin... by DomenicoFumarol Explorer in Splunk Search 10-30-2016 1 2	1	2
How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"? I have a search to create a summary index which runs every 15 minutes: index=foo "myerror" \| bin span=15m _time \| ... by burwell SplunkTrust in Splunk Search 10-29-2016 0 4	0	4
Is there a way to calculate the percentile of a value within a range of values? One of the most useful functions in Excel is percentilerank, which calculates the percentile of a value within a rang... by Kenshiro70 Path Finder in Splunk Search 10-29-2016 0 3	0	3
How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute? I'm trying to write a search to track the amount of data being ingested to a specific index, measured in MB/per minut... by dsofoulis Path Finder in Splunk Search 10-29-2016 2 1	2	1
How to write a search to identify the total amount of data is being indexed by MB per minute? I need to identify the total amount of data is being indexed by my indexer cluster, by MB per minute. I think the bes... by danielsofoulis Path Finder in Splunk Search 10-28-2016 1 3	1	3
How to derive earliest and latest from a list of events that overlap in timespans I need to roll up several events with overlapping start and stop times. I need the total time of the events without ... by neusse Path Finder in Splunk Search 10-28-2016 0 2	0	2
How to generate a single search that uses inputlookup and join on multiple fields? I have a list of hosts that submit logs periodically. I need Splunk to generate an alert if the last time it receive... by pcordel Explorer in Splunk Search 10-28-2016 0 7	0	7
How can I hide rows with duplicate values in an xyseries table? I have a large table generated by xyseries where most rows have data values that are identical (across the row). I wa... by bradj013 Explorer in Splunk Search 10-28-2016 0 4	0	4
Splunk Input step in Pentaho PDI is unable to run query on Splunk with error "SSL peer shut down incorrectly" Hi All, I am trying to use Splunk Input step in Pentaho PDI. I am getting the following Exception. Any idea what is ... by hkosuru Explorer in Splunk Search 10-28-2016 0 1	0	1
Why am I unable to search my JSON log file without using spath, even after configuring my props.conf? Hi Folks, I have the following log file information. With my props.conf, it consumes it and visually shows fine, bu... by rh0dium Explorer in Splunk Search 10-28-2016 0 8	0	8
How to troubleshoot why my forwarders have stopped forwarding most data at a certain time? Splunk 6.4.1 We have run into an issue on Tuesday where data for over 99 clients have just stopped presenting in the... by CaptainHook Communicator in Splunk Search 10-28-2016 0 5	0	5
Search that alerts if one event exists and another does not I have two types of events in the same index: 2016-10-27 00:43:49.722 event=file_change 2016-10-27 00:43:54.000 even... by hcannon Path Finder in Splunk Search 10-28-2016 0 2	0	2
How to extract timestamp (year, month, date) from a filename? I have a file name that contains such timestamp: "filenameexample_161128_kadjfkj.txt" year(16) month(11) date(28) ... by moaf13 Path Finder in Splunk Search 10-28-2016 0 2	0	2
How to create a search to find accelerated searches, their users, and their access count? We have a rather larger Splunk installation and user base. While checking our system for optimizations, we found that... by knielsen Contributor in Splunk Search 10-28-2016 0 4	0	4
What is anomalies and how can I calculate for a specific field? For the below search My search \| timechart span=1h limit=0 count by student Is it possible to list out the anomalou... by pavanae Builder in Splunk Search 10-28-2016 0 2	0	2
How to compute the mean activity volume per field in Splunk? How to Compute the mean activity volume per user in each hour yesterday, and find the ones more than n standard devia... by pavanae Builder in Splunk Search 10-28-2016 0 2	0	2

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Splunk Search

How to search for and display the count of events per sourcetype in a table?

How to generate a search that will correlate multiple IP addresses that hit the same URL?

How to write a search to display forwarders missing at a certain point in time?

How to calculate the time difference in minutes between two events?

extracting fields between pattern in a search and and calculating length of value

Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance?

How to search for a field value during a certain period of time using an extracted time field?

Help with Splunk 6.3 Simple XML text input box: condition match regex IP address

Is it possible to highlight a specific term from an inputlookup?

How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype?

How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"?

Is there a way to calculate the percentile of a value within a range of values?

How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute?

How to write a search to identify the total amount of data is being indexed by MB per minute?

How to derive earliest and latest from a list of events that overlap in timespans

How to generate a single search that uses inputlookup and join on multiple fields?

How can I hide rows with duplicate values in an xyseries table?

Splunk Input step in Pentaho PDI is unable to run query on Splunk with error "SSL peer shut down incorrectly"

Why am I unable to search my JSON log file without using spath, even after configuring my props.conf?

How to troubleshoot why my forwarders have stopped forwarding most data at a certain time?

Search that alerts if one event exists and another does not

How to extract timestamp (year, month, date) from a filename?

How to create a search to find accelerated searches, their users, and their access count?

What is anomalies and how can I calculate for a specific field?

How to compute the mean activity volume per field in Splunk?

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation