Splunk Search

Discussions

Thread Info

How to move the map interactively when mapping stats in Splunk?

I'm using the new map feature, but when you map stats it does not allow the user to interact with the map. Meaning mo...

by Path Finder in

Header Field Extraction Not Working

I have data in los as specified in below sample. FILEHEADER|^2013-12-18 15:22:07|^v4|^RECORDS @FIELDS|^FIELD1|...

by Contributor in

How to determine which users and what apps are using summary events created by my searches?

1) How to evolve the summary searches and I want to know if anyone uses the summary events created by my searches? ...

by New Member in

How to display summed results that are less than 1 in a table?

I have values in a field that, when summed, are values less than 1 (ie, .79 .03). I need these values to display in m...

by Explorer in

How to extract JSON from my sample event data?

Hello, We are trying to extract the substring (JSON) object from the one of the properties of the log: { [-] M...

by Path Finder in

How to write the regular expression to extract this field from my sample log structure?

Hey everyone, I'm trying to add an interesting field to the extraction of one source type. The log structure i...

by New Member in

How to search and compare three indexes in one search?

So I had an issue yesterday that was resolved, but ran into something similar that I cannot seem to find a solution t...

by Contributor in

how to extract 2 different values from a string and put it into 2 fields

My data looks like: A is running b is running c is running each events contain such kind of bunch of data. i...

by Engager in

Eval function weird return

Hello, I am doing a search and i know sometimes it will return no results. index=gamification AND sourcetype = ...

by Explorer in

How to search total events by sourcetype using tstats with timechart to put in a summary index?

Hi, I need a top count of the total number of events by sourcetype to be written in tstats(or something as fast) w...

by Builder in

How to edit my search to calculate total duration for periods with actual events (User activity time)?

Looking for help coming up with search to calculate the total duration there were events in a given time period - ess...

by Splunk Employee in

Timechart with latest() doesn't display results when used on its own

Hi, I'm trying to follow the disk usage as gather by the NIX app. I think the most appropriate timechart function ...

by Builder in

Why is my search with a where condition not filtering results as expected?

Hi, We have a search which gives us average CPU time by host and we want to plot a line graph to get hosts which ...

by Path Finder in

How to create a timechart plotting average values for nested JSON data?

I am receiving JSON into Splunk in the following format. I'm trying to figure out how I can do searches to plot avera...

by Explorer in

How to find out where a search is originating from?

I have this process running on all my indexes: [splunkd pid=7803] search --id=remote_SearchHead.local_scheduler__n...

by Motivator in

How to change _time to some other timestamp field for a timechart search?

Hello, I am trying to use a different timestamp that is NOT _time. My time stamp is Transaction_Date. I tried the ...

by Explorer in

How to search syslog data to find if 3 IP sources hit a common destination IP address in a 48 hour period?

Using syslog data, how do I find if 3 systems go to a common webpage in a 48 hour period? I have 3 IP sources with...

by Explorer in

How to implement math calculations?

Hey, Fellow Splunkers I'm curious to know if it's possible to preform math calculations on a set of "refined" data...

by Path Finder in

How to write a search using my sample data to display two fields under one column and their values under another column in a dashboard?

I have data flowing in from IVR logs and have three fields I'm using which I want to build a dashboard. The event wil...

by Communicator in

How do I get a search with "timechart span=1d" to return and display events from the top of the hour?

I have a search like below. If i run this search, let's say now, it fetches transaction (as per the display ) not...

by New Member in

If "this AND this" OR "this AND this" then ...

I am looking for a string that will show results for the following: if (srcIP="x" AND srcPORT="y") OR (destIP="x" AND...

by Path Finder in

How to write a search to alert when workstations send queries to public IPs?

Hi everyone, We have Infoblox. Can anybody explain how can I configure an alert against only workstations who q...

by Communicator in

How to edit my search to create a new extracted field with rex?

I have this search index=nitro_prod_ecomm earliest=-30m@m | rex field=_raw "\d\d\:\d\d\:\d\d\s+(?\d+\.\d+)" | whe...

by Contributor in

How to edit my eval syntax to convert a date from Active Directory to epoch time?

Hi How to convert the date format from the active directory to epoch time? date format: 2016-10-23T05:00:00...

by Builder in

Unable to search mv

All, I am unable to search by a mvexpand which I am doing via fields.conf. I am getting the extraction I expect, ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to move the map interactively when mapping stats in Splunk?

Header Field Extraction Not Working

How to determine which users and what apps are using summary events created by my searches?

How to display summed results that are less than 1 in a table?

How to extract JSON from my sample event data?

How to write the regular expression to extract this field from my sample log structure?

How to search and compare three indexes in one search?

how to extract 2 different values from a string and put it into 2 fields

Eval function weird return

How to search total events by sourcetype using tstats with timechart to put in a summary index?

How to edit my search to calculate total duration for periods with actual events (User activity time)?

Timechart with latest() doesn't display results when used on its own

Why is my search with a where condition not filtering results as expected?

How to create a timechart plotting average values for nested JSON data?

How to find out where a search is originating from?

How to change _time to some other timestamp field for a timechart search?

How to search syslog data to find if 3 IP sources hit a common destination IP address in a 48 hour period?

How to implement math calculations?

How to write a search using my sample data to display two fields under one column and their values under another column in a dashboard?

How do I get a search with "timechart span=1d" to return and display events from the top of the hour?

If "this AND this" OR "this AND this" then ...

How to write a search to alert when workstations send queries to public IPs?

How to edit my search to create a new extracted field with rex?

How to edit my eval syntax to convert a date from Active Directory to epoch time?

Unable to search mv

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions