Splunk Search

Discussions

Thread Info

Add time clause on the second search of a subsearch

I am writing a query to find if a account got locked out because of an attack or because of an account change that ha...

by Splunk Employee in

How to overcome the subsearch limit of 10500?

I am working with Terabytes of data and running into a brick wall with the subsearch limit. The search that I am runn...

by New Member in

How to write a search to populate a drop-down menu in a dashboard with all unique index names?

I am trying to develop a search to populate a drop-down menu in a dashboard with all unique index names. I have tried...

by Path Finder in

How to search all fieldA values where fieldB is a certain value?

We have a single source with data (in table form) looking something like this: NamePositionDepartment John Wh...

by Communicator in

How to edit my search to join results with a lookup table?

I have a lookup table and have one search working good. I have another search I want to join to the lookup table, but...

by Path Finder in

How to query for a Week over Week count of hosts reporting to Splunk

Is there a better way to report the count of hosts reporting to Splunk week over week other than running the query us...

by Path Finder in

How to show Value and Count in a subsearch?

My goal is to look at firewall data and pull the top 10 Blocked IPs along with the incoming ports they were hitting. ...

by Explorer in

How to get a field from a unique transaction and group another transaction by the unique field?

I have an event that will generate a login string for a user. Once that login string is generated, the connection str...

by New Member in

How to edit my search to view all occurrences of an event grouped by a field?

Every time a user logs in, there is a log statement generated. I am currently running a search for a specific set of ...

by Explorer in

How to edit my search to get the last software inventory for each computer?

Hello, I am collecting into Splunk computer software inventory periodically sent by all my computers. Each inve...

by Communicator in

How to edit my search to count the number of hosts per keyword?

Each host has a particular keyword (they are extracted by field extractor), some hosts share the same keywords. I am ...

by Communicator in

How to overlay an average as a line over a timeseries

I've looked around for an answer. Indeed, I modeled my answer after the following question: https://answers.splunk.co...

by Communicator in

Can I use the result of an eval command as a token further down the line in my search?

Hey y'all, I have a chart that takes transaction data from processes that run at different intervals. Most proces...

by Path Finder in

How to Combine Two Regex to Form One Variable

Hi all, I have events similar to these: [10-10-16 18:29:20:057]::TrxThread(A2571700)::DTRACE: Lock acquired for...

by Explorer in

Why is the regular expression to match URI patterns in my Splunk search not working as expected?

I want to match the line 1 and line 5 pattern kind of URI in my search /services/contracts/D7C3D8AD7B616D7ABA7B /s...

by New Member in

I want to know whether Bob had se

Please tell me the way of the binding of data. I want to combine the two data. These data How can you join?

by Explorer in

How to get a stats count for the same field values that are extracted from different unique sample data?

Our logs have errors which we want to extract in a field and get a stats count of those errors. But sample data is di...

by New Member in

Why is the x-axis time range reversed in my timechart?

I am seeing this odd behavior in my timechart, for some reason the X axis is reversed with the newest events showing ...

by New Member in

Need to get stats count by day

I need a daily count of events of a particular type per day for an entire month June1 - 20 events June2 - 55 event...

by Explorer in

How to edit my timechart search with the predict command to predict a particular value?

index=stocks|timechart span=1d stock_price as price |predict price I'm using a search like this I need to predic...

by Path Finder in

Why do these two searches return different results for page views?

I've downloaded an application for web analytics, however on two separate dashboards it shows two difference values f...

by Explorer in

Different median results: fast-mode vs verbose-mode

Hi, I'm calculating a median. The result is not the same when I change from fast to verbose mode... Is this expect...

by Motivator in

More than one timerange in query

I use the following query to find the process mstsc.exe in a subsearch. After that i want use the results from this s...

by Engager in

Associating fields across events

Hi All, I was hoping someone could answer my query: I have the following: index=ateme status=* | eval progre...

by New Member in

Sorting graphs by UK date format (dd/mm/yy)

I'm running a summary index tracking event counts from a number of servers for each day. I'm trying to put up a dash...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Add time clause on the second search of a subsearch

How to overcome the subsearch limit of 10500?

How to write a search to populate a drop-down menu in a dashboard with all unique index names?

How to search all fieldA values where fieldB is a certain value?

How to edit my search to join results with a lookup table?

How to query for a Week over Week count of hosts reporting to Splunk

How to show Value and Count in a subsearch?

How to get a field from a unique transaction and group another transaction by the unique field?

How to edit my search to view all occurrences of an event grouped by a field?

How to edit my search to get the last software inventory for each computer?

How to edit my search to count the number of hosts per keyword?

How to overlay an average as a line over a timeseries

Can I use the result of an eval command as a token further down the line in my search?

How to Combine Two Regex to Form One Variable

Why is the regular expression to match URI patterns in my Splunk search not working as expected?

I want to know whether Bob had se

How to get a stats count for the same field values that are extracted from different unique sample data?

Why is the x-axis time range reversed in my timechart?

Need to get stats count by day

How to edit my timechart search with the predict command to predict a particular value?

Why do these two searches return different results for page views?

Different median results: fast-mode vs verbose-mode

More than one timerange in query

Associating fields across events

Sorting graphs by UK date format (dd/mm/yy)

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Windows Session Tracking

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions