Splunk Search

Ask a Question

Discussions

Thread Info

How can I get a text value in my search result to be considered as a numeric value?

Hi, I have a search result of a JSON file. " { [-] number: 58 result: SUCCESS } " How can I consider...

by Communicator in

How to edit my search to display users from my Windows logs that are not found in a lookup table?

Hi, I have my Windows logs with all users and I have a lookup which has few user names. I need to display the user...

by New Member in

My search returns results, but why are alerts not being triggered?

I've set up an alert based on a search that I know returns results. However, the alerts aren't firing. Here is th...

by Explorer in

How to add filters on a dashboard?

Someone plz explain how to add filters on a dashboard. I got a link in this portal, but there is no answer in it. Plz...

by New Member in

Sending Syslog to a Third Party Is Not Working

I have configured forwarding syslog to a third party device but seems the Splunk Heavy Forwarder is not forwarding th...

by New Member in

How to detect change in regular pattern

Hi Experts, We want to detect change in data pattern. Example I have server with Power consumption is 2 KW, if the...

by Explorer in

How to find blocks where response time is 0 from ping data?

Hello all, I receive ping data into my Splunk environment. Everything is filtered so that I can plot the response ...

by Path Finder in

extract command

Hi, This is sample event. I tried to explore extract command. index=* sourcetype=orange | extract pairdelim=";"...

by Communicator in

Splunk search throws "Your Splunk license expired or you have exceeded your license limit too many times" even after extension of my free trail license

My free license has expired. I have requested to extend and they extended the trail license. Below is the error I am ...

by New Member in

How to search for unused Exchange distribution lists?

Is there a search that can identify stale Exchange 2010 distribution lists that haven't been used recently (e.g., >90...

by New Member in

How do I display and email search results from two different result sets?

How do I edit my current search? index=myindex sourcetype=A OR sourcetype=B earliest=-72h ERROR_CODE=5014 AND TXN_...

by New Member in

How to change a field name?

Hello, I'm trying to get a clearer picture of data from our Okta application however two pieces of information ha...

by Explorer in

How to use windcard with spcial charaters to trim a field

Hi All I have a field which has urls in this pattern GET /echo/index?page=content&id=PRO19579&viewlocale=es_ES ...

by Path Finder in

How to filter search results by most recent timestamp by host

I want to create a search that will look over the last 30 days of vulnerability events and only retain those events t...

by Builder in

Returning field from subsearch to eval displays no returned rows in table

I am attempting to return a field from a subsearch into an eval statement. No errors are thrown, but when the table p...

by Explorer in

How can you use max with streamstats?

I have a list of events which are watermarks for customer activities. The data look like this: Date/Time Cust...

by Path Finder in

"Scheduler.log" Alert Efficiencies & Field Meanings

Hi, I'm trying to determine the efficiency of alerts within Splunk. I was wondering if anyone knows which particul...

by Explorer in

Using time range picker does not work in dashboard where report searches are used.

I have a dashboard where we have a reference to a report in a search. In the report we have values for all time range...

by Path Finder in

How to write a search to graph average time by site specific location using my sample data?

I'm trying to graph the average time of an event: July 18, 2016 10:02 -> INFO -> Done with sync of project-high-me...

by Engager in

Dedup all redundant data in a column...having an issue

I am new and learning Splunk. I created a search where multiple time stamps are revealed in a column. I'd just li...

by Path Finder in

Upgraded to 6.4.1 and patterns tab and download button are not appearing after users run searches

Hi, We just upgraded to 6.4.1 and some users are now stating that they are not seeing the "Patterns" tab after sea...

by Champion in

Search not working after upgrade to 6.2

I have a dashboard that has been working fine while using Splunk version 5. We just upgraded to 6.2 and the search is...

by Path Finder in

Extracting from log file

I have the following custom log file 2016-07-15_05:58:57.5857-est label="adbcf" lastmodifiedtime="2016-07-15_05:58...

by Communicator in

How do you average multiple stats values at one time stamp as a timechart?

I have multiple values connected to a timestamp at 5 minute intervals and I want to get the average of these multiple...

by Engager in

subsearch on more than two strings

I have three source types I want to search using a user's username. One of the source types only knows the user's IP ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I get a text value in my search result to be considered as a numeric value?

How to edit my search to display users from my Windows logs that are not found in a lookup table?

My search returns results, but why are alerts not being triggered?

How to add filters on a dashboard?

Sending Syslog to a Third Party Is Not Working

How to detect change in regular pattern

How to find blocks where response time is 0 from ping data?

extract command

Splunk search throws "Your Splunk license expired or you have exceeded your license limit too many times" even after extension of my free trail license

How to search for unused Exchange distribution lists?

How do I display and email search results from two different result sets?

How to change a field name?

How to use windcard with spcial charaters to trim a field

How to filter search results by most recent timestamp by host

Returning field from subsearch to eval displays no returned rows in table

How can you use max with streamstats?

"Scheduler.log" Alert Efficiencies & Field Meanings

Using time range picker does not work in dashboard where report searches are used.

How to write a search to graph average time by site specific location using my sample data?

Dedup all redundant data in a column...having an issue

Upgraded to 6.4.1 and patterns tab and download button are not appearing after users run searches

Search not working after upgrade to 6.2

Extracting from log file

How do you average multiple stats values at one time stamp as a timechart?

subsearch on more than two strings

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Windows Session Tracking

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions