Splunk Search

Discussions

Thread Info

stats command help to convert a row to column

Need your help, In the below query, we want to convert metric_name as column with values of avg_average, Can you p...

by Builder in

i need to extract fields from XML

from this data i want to extract theses fields "Message", "Query" and "Row". when i try to extract i am getting error...

by Explorer in

Why am I not getting any search results using the REST API to send a request to the /search/jobs/export endpoint?

Hi, I am trying to do a real-time Splunk search using the REST API. The endpoint I am sending a request to is serv...

by Explorer in

How to edit my search to calculate the time difference between two events?

Hello Splunk'all, I am trying to derive a simple chart from the data I got here within a Splunk Index. The data co...

by Explorer in

Splunk search stuck

Since upgrade from version 6.3.2 to 6.4, we are getting this problem. Search stuck at point of time and doesn't progr...

by New Member in

Capture the peak points in a table

I have a great search that someone here helped me with the other day. It will take all the peak numbers in a search a...

by Path Finder in

Subsearch using boolean logic

Hello, I am looking for a search query that can also be used as a dashboard. The query has to search two different s...

by Path Finder in

How to transform a field into a time format?

I extracted deployment time from events and it's currently in this format 0:04.645 and 1:30.123 and is in terms of Mi...

by SplunkTrust in

How to alert based off the last reported number in a stats count

How to alert based off the last reported number in a time chart. I want to alert based on a comparison of the last tw...

by Contributor in

How can we edit our search to visualize results on a pie chart?

Hi, We have the search below and are looking to view results in pie chart format. We are facing difficulties to vi...

by Path Finder in

How to i get the average maximum number of a field

Hi All, I just involved in SPLUNK project development and i have lilmited knowledge in how to get splunk search wo...

by New Member in

How to get an "eval if else" condition to continue a search depending on the resulting field?

Hello, I would like to know if it's possible to do certain part of search with if statement on a field. For exa...

by Explorer in

How to change the default time range in search?

I have below data LOG_DATE MSG_RECV_DATE 20160809 20160809 20160809 20160809 20160809 20160809 20160810 2016080...

by New Member in

Extracting field

I tried to extract a particular field from my input data , for ex: src_ip However, those fields are not showing on th...

by Path Finder in

How to stop the rounding of latitude and longitude

I have these set of codes, Mapping Test Mapping <map> <title>Map</title> <search> <query> source=...

by New Member in

I'm trying to perform a subsearch on lookup table and extract two fields using a or statement

Hi I'm trying to perform a subsearch to get a list of users in a lookup table and map the mail field to recipients an...

by Explorer in

How to replace the similar uri_paths in a Splunk search to calculate the response time for each endpoint?

Example: application="example" index=web uri_path="/some/example/*" In my application, I have similar uri_path...

by Explorer in

How to break up a single string value in an existing field into a new (multivalued) field with a list of separate values?

I have a field name hosts which has values as: 10.128.193.39,10.128.193.52,10.128.193.47,10.128.193.55,10.128.193....

by Explorer in

How to edit my regular expression to extract these fields from my sample data using rex?

Looking for some help with rex. The raw data looks like this, value= Name : SiteScope.exe MemGB : 6568 Name : powe...

by Communicator in

regex help

Not the best regex king, so I need some help please within the field "From" in my data there are emails. Within th...

by Contributor in

Correlating two different Vendor types

Hello, Lets say I have a firewall and an IPS and I wanted to correlate based on source IP I'm trying to figure out...

by Communicator in

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

How do I extract a substring from a field value, ignoring a word containing a particular character, let's say %2. ...

by Explorer in

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Hi, Great documentation at: http://dev.splunk.com/view/python-sdk/SP-CAAAEE5#getcollparams I'd like to know wha...

by Explorer in

Field Extraction on the command Netstat command?

All, So I am playing with the netstat feature in Splunk for Unix. There does not seem to be field extractions for...

by Builder in

How to edit my search to remove .000 from the end of a time field (HH:MM.000)?

I have a search that creates a time in HH:MM and looks like 04:34.000. How can I drop the .000 at the end of this? He...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

stats command help to convert a row to column

i need to extract fields from XML

Why am I not getting any search results using the REST API to send a request to the /search/jobs/export endpoint?

How to edit my search to calculate the time difference between two events?

Splunk search stuck

Capture the peak points in a table

Subsearch using boolean logic

How to transform a field into a time format?

How to alert based off the last reported number in a stats count

How can we edit our search to visualize results on a pie chart?

How to i get the average maximum number of a field

How to get an "eval if else" condition to continue a search depending on the resulting field?

How to change the default time range in search?

Extracting field

How to stop the rounding of latitude and longitude

I'm trying to perform a subsearch on lookup table and extract two fields using a or statement

How to replace the similar uri_paths in a Splunk search to calculate the response time for each endpoint?

How to break up a single string value in an existing field into a new (multivalued) field with a list of separate values?

How to edit my regular expression to extract these fields from my sample data using rex?

regex help

Correlating two different Vendor types

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Field Extraction on the command Netstat command?

How to edit my search to remove .000 from the end of a time field (HH:MM.000)?

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions