Splunk Search

Ask a Question

Discussions

Thread Info

How to filter my search to only count the users that visited each location at least N number of times?

We have a listing of travelers. Every event has the following two fields: USER and LOCATION. I need a search that ...

by Communicator in

How can I get the subsearch results in the same row as the main search?

Hi, Please see the image below. I want to get shipcond=NEXTDAY in the first column also. How can I get that? Here,...

by Explorer in

why splunk doesn't resolve stats count on postprocess ?

when i try to run a stats count using postprocess splunk doesn't resolve the query search and i don't know why ? t...

by Contributor in

My search returns results but why does it not work as a query in my dashboard?

Hi, I have this query index=top10_1 source="*Account_Log*" OR source="*Arm_Disarm_Events*" OR source="*CPE_Comm...

by Motivator in

How to search unique values in 2 different indexes, compare them, and determine which values are missing from which index?

I've been racking my brain over multi-searches, subsearches, and a few other methods I harvested from Google and Splu...

by Communicator in

How to search a list of saved searches that are (historically) consuming high CPU, memory, and take a long time to execute?

I want a search that will list saved searches that are (historically) consuming high CPU, memory, and take a long tim...

by New Member in

I have a forwarder and indexer set up, but why am I unable to search logs from the search head?

I have a forwarder and an indexer. I see the app is deployed in the forwarder at location etc/apps/. Forwarders ar...

by Path Finder in

Extract fields using regex

I have the data like: 2016-09-09 06:21:31,858 ... blah ... blah... ... ORA-00001: unique constraint (AN_FIELD.CODE...

by Explorer in

How can I use a source folder as a input token?

Hi guys! I have a bunch of test data in JSON files as my sources and they're structured in the following way: "/MyF...

by Explorer in

problem using lookup output field

Hi all. I have an automatic file lookup configured to output some fields and works very well (using the sourcetype): ...

by Builder in

Issues with Sum(count) not showing a number, but total being correct.

Have a search that gives data, for "yesterday" with specific criteria. Trying to show results by Location, with count...

by Communicator in

Comparing two consecutive events

Hello all, I am trying to evaluate my process using two consecutive events and know whether my process succeeded o...

by New Member in

How to scan log files

I have log files which are in below format , I would like to scan them. When one logs reached to its size limit then ...

by New Member in

persistent dropdown, multiselect and time inputs across dashboards

Hi all, I'm using multiple dashboards (for cpuusage, memusage, hdd usage) in an app where you can select different...

by Builder in

How to convert a date time field to epoch time?

Hi, I am looking to format my current time to epoch time (as we need to calculate some math function on time) ...

by Path Finder in

How can we identify users who are running searches without specifying sourcetypes? They are causing skipped searches in Splunk.

Our problem is, some people are running searches without specifying any source types and it's causing maximum system ...

by New Member in

Forwarder Phone Home last day

Hi there, How would I set up a table to find out which forwarders have not phoned home in the last day ? I am curr...

by Builder in

Is someone have any ideas about getting more precise detail on a single user logging in on more than one device to multiple devices in a better perspective?

I am somewhat baffled by what is returned when this search is executed. I know I can hide the OTHER or NULL values bu...

by Path Finder in

How to customize the width of the columns in a column chart in advanced XML?

Hello, I have column chart in advanced XML and wish to set the size of the columns. I have found a number of answe...

by Engager in

merging records based on matching fields

Hi, I have incoming telephone call detail records like these: call_start caller ring_duration call_duration 201...

by New Member in

How to match on a field, then get the next x (10 in this case) number of events and count them?

Hi I have data that looks like this 654660,"reboot","Reason: Uc-keypad hung","TCA200","5","TCA200_Quadra_MR7","...

by Motivator in

How to edit my regular expression to extract the 3 digit HTTP response code and the following text from my sample events?

I want to grab the 3 digit number and the words after, bolded. [INFO 16-09-08:19:39:10] @makeRequest HTTP REQUEST ...

by Contributor in

Export results to .txt

Hi, I was wondering if it's possible to export search and table results in a txt file ? (with a script, a command,...

by Explorer in

How to edit my rex statement to these two fields from my sample SNMP trap data?

I have an SNMP trap that I'm trying to extract two fields from one string with a comma in the middle, but I'm getting...

by New Member in

rename the filed values

Hi, I have two fields salesorg and dist. whenever i have salesorg=2220 and dist=10 i want to change salesorg as xyz. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to filter my search to only count the users that visited each location at least N number of times?

How can I get the subsearch results in the same row as the main search?

why splunk doesn't resolve stats count on postprocess ?

My search returns results but why does it not work as a query in my dashboard?

How to search unique values in 2 different indexes, compare them, and determine which values are missing from which index?

How to search a list of saved searches that are (historically) consuming high CPU, memory, and take a long time to execute?

I have a forwarder and indexer set up, but why am I unable to search logs from the search head?

Extract fields using regex

How can I use a source folder as a input token?

problem using lookup output field

Issues with Sum(count) not showing a number, but total being correct.

Comparing two consecutive events

How to scan log files

persistent dropdown, multiselect and time inputs across dashboards

How to convert a date time field to epoch time?

How can we identify users who are running searches without specifying sourcetypes? They are causing skipped searches in Splunk.

Forwarder Phone Home last day

Is someone have any ideas about getting more precise detail on a single user logging in on more than one device to multiple devices in a better perspective?

How to customize the width of the columns in a column chart in advanced XML?

merging records based on matching fields

How to match on a field, then get the next x (10 in this case) number of events and count them?

How to edit my regular expression to extract the 3 digit HTTP response code and the following text from my sample events?

Export results to .txt

How to edit my rex statement to these two fields from my sample SNMP trap data?

rename the filed values

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions