Splunk Search

Discussions

Thread Info

date modifier

Hey guys. I want to find hosts for all time which haven't any messages last 7 days, trying this: index=main sou...

by Communicator in

How to find the timechart of difference value .

I have one field abc which contain values of different parameter and it goes on increasing gradually. I have to add t...

by Explorer in

How to search for users who haven't signed in to an app over the last 30 days.

Hello, I'm trying to figure out the search that would be needed to find any users who haven't logged in to an app...

by Explorer in

Exclude search events for a field containing a specific useragent.

I am attempting to create a sorted count list of useragents that customers are using to browse my website. I want ...

by New Member in

How do I create a stacked bar graph with 2 fields?

Hi, I am trying to create a stacked bar graph, using 2 fields. First field is Level, second field is Urgency. ...

by Path Finder in

Why is a multikv field null, even if it is not empty?

I'm trying to extract data from events which contain a table: RAW Data Table # | INST_ID | STATISTIC ...

by Contributor in

Streaming and non streaming commands

Can someone explain exact difference between streaming and non-streaming commands in laymen terms? Thanks

by Communicator in

How to extract selective fields from our log files in CSV format at index-time?

I would like to know how could I extract selective fields at Index-time from our log files which are in CSV format. L...

by Path Finder in

Referring to array elements by index

Hi, I am trying to take each field out of array in json, can someone please help? My problem is that I want the eleme...

by Explorer in

Is there any way to delay bucket-fix activity performed by the master when an indexer goes down unintentionally?

Hi, We have a cluster of 3 indexers with replication factor of 3 and search factor of 2. Just curious to know i...

by Path Finder in

Can we get query's perfomance data?

We are looking for ways to find out how long a query has been running, performance stats / total run time etc. So...

by Ultra Champion in

Why is the predict command producing unexpected results with my current timechart search?

I have volumes that are ingested into Splunk for the past 6 months Need to predict the volumes for the following per...

by Explorer in

Regex for filter in creating pivot

Hello, I need to create a pivot where I need to filter the records based on the starting characters of string fiel...

by New Member in

search query with table.

Hi all, I have the fields unit, user, work from the result set: unit user work a kiran w ...

by Builder in

Splunk query help - CPU Load - Need to change query for negative values

Hi, We have splunk query to find CPU load like | eval pctCPULoad=round(100 - pctIdle,2) , and we used condition...

by Path Finder in

How can I extract breakable_text properly?

Hi everyone, I have many logs in the following format as an example Timestamp: 6/27/2016 8:40:25 PM Message...

by New Member in

Problems opening a search on an APP...

When I try to open a search for an app that is not the "Search" gives the following result: . . ...

by Path Finder in

Regex Help Needed

I am not an expert with regex and I am trying to extract a field name= First, Last out of the following string use...

by Path Finder in

Splunk Dynamic Query

Hi, I am trying to make a dynamic query and seams not working as expected: First i load a saved search | sa...

by Explorer in

How can you add a value from the header of a file into the various rows?

I'm drawing in multiple files that look something like this... and I need to be able to distinguish between data draw...

by Explorer in

how to get the number of logins per user for the past 30 days?

We want to know how to get the number of logins per user for the past 30 days? and also, if there is a metric we can ...

by Explorer in

How can I correlate access logs with a malware domain list in CSV format?

Hello Guys, I am VERY new to Splunk and security. I actually started to work on a security project where we want t...

by Explorer in

Is our single 32 core search head the reason why both of our 8 core indexers are getting overloaded with searches?

Hello guys, We just started using Splunk within Azure and spun up two standard_a4 machines to serve as our indexe...

by Path Finder in

How to compare 2 fields in an index to 1 field in a lookup?

I have a field named HASH which contains hash values and I would like to compare it to md5 and sha256 (name of the ot...

by Explorer in

lookup help

I have a lookup table, and then I added another field to the table (csv) The original table contained some of the ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

date modifier

How to find the timechart of difference value .

How to search for users who haven't signed in to an app over the last 30 days.

Exclude search events for a field containing a specific useragent.

How do I create a stacked bar graph with 2 fields?

Why is a multikv field null, even if it is not empty?

Streaming and non streaming commands

How to extract selective fields from our log files in CSV format at index-time?

Referring to array elements by index

Is there any way to delay bucket-fix activity performed by the master when an indexer goes down unintentionally?

Can we get query's perfomance data?

Why is the predict command producing unexpected results with my current timechart search?

Regex for filter in creating pivot

search query with table.

Splunk query help - CPU Load - Need to change query for negative values

How can I extract breakable_text properly?

Problems opening a search on an APP...

Regex Help Needed

Splunk Dynamic Query

How can you add a value from the header of a file into the various rows?

how to get the number of logins per user for the past 30 days?

How can I correlate access logs with a malware domain list in CSV format?

Is our single 32 core search head the reason why both of our 8 core indexers are getting overloaded with searches?

How to compare 2 fields in an index to 1 field in a lookup?

lookup help

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions