Splunk Search

Ask a Question

Discussions

Thread Info

Timechart, last value is always 0

Hi, I have this query index=os sourcetype=vmstat OR sourcetype=cpu OR sourcetype=df host=betamax-admin File...

by Motivator in

What search string can I use to find a list of indexers, their source, and sourcetype?

Can someone help me with a Splunk search string to find list of indexers, their source and sourcetype?

by Path Finder in

How can I join two searches on a common field?

This is my sample logs in [bowlers]: "doYouBowl":"YES", "pin":"123", "name":"Billy" "doYouBowl":"NO", "pin":"456",...

by Engager in

Why isn't calculated field working when trying to override an extracted value into a Network Resolution (DNS) data model's expected field?

Hi all, I have some MSAD:NT6:DNS logs I'm trying to massage into the Network Resolution data model. I have a field...

by Communicator in

What regular expression should I use to eliminate a character in the field value?

Hi What Regex do I have to use to eliminate a character in the field value? eg: G0:1K:BF:04:12:2C expected: G0...

by Builder in

How to include Field Extraction name in Splunk search?

Hi, I have extracted a transaction id using field extraction. Field Extraction Name: BANK_APPLOG : EXTRACT-Tra...

by Explorer in

Split graph based on two conditions of same field

Hi Splunkers, I want a graph that contains two columns, one should represent data for 1st half and 2nd half of a y...

by Explorer in

Field delimitation using character position

Hi all. I have some log files like this: 265964455 00000000000000028000000002Fuerza R 1 0...

by Builder in

Comparing two time periods with the diff command, how to display only new errors from the last 24 hours that have NOT happened in the last 7 days?

I am trying to display errors from the last 24 hours that have NOT happened in the last 7 days. I only want to see th...

by Explorer in

How to combine two charts?

I have made two charts based on two different search queries. One is a column chart and another one is a line chart.B...

by Explorer in

Read only fieldset

I am using drilldown in dashboard.. It will redirect to the new view with selected parameters.. I want the input fiel...

by Path Finder in

Splunk maxing out at 11 realtime searches despit having 16 CPUs

Hi, I have a single-server instance of Splunk with 16 cores. According to my research the maximum number of realti...

by Communicator in

How do I pipe splunk query output to a file?

How do I take output (say . . . "View Sources") and pipe it to a file?

by Path Finder in

How to create an alert to trigger a happy birthday email based on a date field in a CSV file?

Hello all I have data in a CSV file like: Name. dob gender Xxx 02/08/1995 m Abc 12/09/1993 F Bxc 24/05/1992 m S...

by New Member in

How do I create a dashboard to show count roll up by location and billing system?

Planning to create a dashboard from the information as below. Can we see count roll up by location and billing system...

by Explorer in

How do I prevent initial delta value from breaking my visualization?

I am trying to get the delta of several key-value pairs over a period of an hour. The initial ingestion of data is fr...

by Builder in

How to modify my search so it shows total MB per user for the day?

bucket _time span=1d| eval _time = strftime(_time,"%b %d, %Y")| stats sum(eval(Bytes_Written/(1024*1024))) as MBytes...

by Path Finder in

POST LOGIN need to execute a search and use token across dashboard

Hi All, For a particular filter which is used across my dashboard , I have run a search in javascript and set a to...

by Explorer in

Questions regarding datamodel, stats, NOT, and Macros in my query

This is the query I have: | tstats summariesonly count from datamodel=Threat_Intelligence.Threat_Activity where NO...

by Communicator in

What does "stats sum(count) by" do?

Hey, a really basic question, but I'm unsure of the answer. What does stats sum(count) by do? I'm fairly sure that th...

by Communicator in

How to edit this search to remove the time for maintenance windows using a CSV file?

We've got a search that displays our web monitor logs, and would like to add a function that allows us to remove time...

by Communicator in

How to use the result from one search in another search?

I have a set of fields like Servername, type, Country, desc,_time. These fields have been indexed and I already have ...

by Communicator in

How to get a transaction command to work with a combination of indexTime and another field?

Good Afternoon Splunk, I have a question about some data that I am trying to evaluate for the transaction command....

by Communicator in

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

I have field values that are coming in with unnecessary spaces. I'm trying to remove them and from another post, I f...

by Path Finder in

show unique values from yesterday

Hello, please help! I want to display only the unique names from yesterday that are not in today's list Initial s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Timechart, last value is always 0

What search string can I use to find a list of indexers, their source, and sourcetype?

How can I join two searches on a common field?

Why isn't calculated field working when trying to override an extracted value into a Network Resolution (DNS) data model's expected field?

What regular expression should I use to eliminate a character in the field value?

How to include Field Extraction name in Splunk search?

Split graph based on two conditions of same field

Field delimitation using character position

Comparing two time periods with the diff command, how to display only new errors from the last 24 hours that have NOT happened in the last 7 days?

How to combine two charts?

Read only fieldset

Splunk maxing out at 11 realtime searches despit having 16 CPUs

How do I pipe splunk query output to a file?

How to create an alert to trigger a happy birthday email based on a date field in a CSV file?

How do I create a dashboard to show count roll up by location and billing system?

How do I prevent initial delta value from breaking my visualization?

How to modify my search so it shows total MB per user for the day?

POST LOGIN need to execute a search and use token across dashboard

Questions regarding datamodel, stats, NOT, and Macros in my query

What does "stats sum(count) by" do?

How to edit this search to remove the time for maintenance windows using a CSV file?

How to use the result from one search in another search?

How to get a transaction command to work with a combination of indexTime and another field?

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

show unique values from yesterday

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions