Splunk Search

Discussions

Thread Info

How to append a single value to multiple rows in my table?

by Explorer in

Chart multiple columns based on time and additional grouping

We are trying to chart multiple results with some success. I am able to have everything sorted based off the Device c...

by Explorer in

get peak values from a timechart

I have a chart and would like to get a total of all the peaks values on the chart. This chart calculates idle time an...

by Path Finder in

Why are some of the events garbled with "\x00"?

I am indexing some logs and I see some events are filled with "\x00" while some other events are indexed correctly.

by Splunk Employee in

Importing a file, how do I configure Splunk to parse fields from the raw logs in this format?

I'm importing a file into Splunk and the file always has these fields: Date (07/25/16 ) | Time (01:12:04) | Messa...

by Communicator in

How do i regex the numbers for the following hung thread log message...?

Looking for a regex in 612,200(threadDuration) and 3(no.of.Threads) for the log message below... WSVR0605W: Thread...

by Builder in

How to pass search result from one Panel to a different Panel?

Hello. I'm trying to construct a footer containing my app's version in a dashboard. The footer resides in a different...

by Communicator in

What is the difference between sma and avg?

I want to know the exact difference between sma and avg. Also, can someone pls provide detailed description of trendl...

by Path Finder in

How to change the frequency of search jobs scheduled to run from configuration files to prevent 100% CPU usage?

I've messed my Splunk system up a bit and some jobs or searches (I don't remember) are continuously running (every mi...

by Path Finder in

How to write a search to alert if there is a growing number of a particular type of event?

How to detect if there is a growing number of a particular type of event? It could indicate “flapping” on the Exchang...

by Path Finder in

Average and maximum time between events by location

Given public transit log data of the form: 2016-08-01 13:34:03 GMT vehicle_id="1234" stop_id="5678" I would li...

by Splunk Employee in

How to write regex to extract fields with multiple values?

The below is the windows security logs Message field data. The Security_ID field is splunk identified and contains 2 ...

by Path Finder in

How to extract an XML element attribute which has a space and no quotation marks?

Hi Guys, I have the below XML in a log file: I can't get the the name attribute via "path="Customer{@value}")" ...

by New Member in

How to edit my search to display Min, Max, Total, and Sum at the end of a table as separate rows?

Hi This is my current Splunk search: index=pqaestore source="/log/jboss_jmx_stats.log" | dedup host | rex field...

by Explorer in

How to edit my transaction search to display the timestamp for each row in my table?

Hi Somesh, How My search: transaction part| timechart values(duration) as duration,values(rollno) as rollno ...

by New Member in

Looking at the job inspector, why is startup.handoff taking majority of the search time?

Pastebin of search.log: http://pastebin.com/aAzw697G Job inspect statistics: 0.00 command.fields 15 1...

by Explorer in

How to search millions of events between two sourcetypes based on common/matching criteria?

I have tried the following search, but it doesn't work correctly. Option 1) Using following join command, it works...

by Explorer in

How do I manually import threat intelligence downloads for internal deployments (no internet)?

Is there anyway to manually import threat intelligence downloads for internal servers (offline from the internet)? Ye...

by Explorer in

How to combine my two searches into one bar graph?

I scoured the internet, but came along a few different attempts and I tried, but the results were not what I was look...

by Contributor in

How to edit my search to sort a count by a field to get the top 3 ?

Hi, I have one that I've worked around until now.....  The scenario is: Row is URI /a /b /c /d /e /f Col...

by Motivator in

Why does my dashboard panel search crash Splunk if the search time frame is less than 15 minutes?

I created a two panel dashboard I want to use to see "block" OR "deny" firewall records from three of our security de...

by Path Finder in

Is the time range for search inclusive or exclusive

Hi, When I search using the Python API and provide earliest_time and latest_time, I guess it is an inclusive range...

by Explorer in

Best practices for summary indexing

Hi, I am trying to set up a bunch of summary indexes and was wondering if there are any best practices to follow? ...

by Explorer in

How do I use a common field found in two sourcetypes to output a corresponding value from sourcetype2?

I have two sources with different data in each except one common column in each sourcetype called "DeviceName". In so...

by New Member in

How to use the results of one search in another search and include both results in the same chart?

Hi, I want to use the result of one search, and then use this result in another search to put it in the same chart...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to append a single value to multiple rows in my table?

Chart multiple columns based on time and additional grouping

get peak values from a timechart

Why are some of the events garbled with "\x00"?

Importing a file, how do I configure Splunk to parse fields from the raw logs in this format?

How do i regex the numbers for the following hung thread log message...?

How to pass search result from one Panel to a different Panel?

What is the difference between sma and avg?

How to change the frequency of search jobs scheduled to run from configuration files to prevent 100% CPU usage?

How to write a search to alert if there is a growing number of a particular type of event?

Average and maximum time between events by location

How to write regex to extract fields with multiple values?

How to extract an XML element attribute which has a space and no quotation marks?

How to edit my search to display Min, Max, Total, and Sum at the end of a table as separate rows?

How to edit my transaction search to display the timestamp for each row in my table?

Looking at the job inspector, why is startup.handoff taking majority of the search time?

How to search millions of events between two sourcetypes based on common/matching criteria?

How do I manually import threat intelligence downloads for internal deployments (no internet)?

How to combine my two searches into one bar graph?

How to edit my search to sort a count by a field to get the top 3 ?

Why does my dashboard panel search crash Splunk if the search time frame is less than 15 minutes?

Is the time range for search inclusive or exclusive

Best practices for summary indexing

How do I use a common field found in two sourcetypes to output a corresponding value from sourcetype2?

How to use the results of one search in another search and include both results in the same chart?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions