Splunk Search

Ask a Question

Discussions

Thread Info

Addtotals in table issue

Hello, I'd like to add totals to remove the two-lines result per row, how to do? Thanks.

by Motivator in

How to troubleshoot why my Choropleth map is not showing a certain Spanish Region using Splunk 6.4?

Hello. I'm trying to plot values by regions in a choropleth map with a search like this: |inputlookup some.csv ...

by Communicator in

Advanced search for average and greater than

Hi, can someone point me to the advanced search. I need to search for transactions from current day that are great...

by New Member in

How to edit my search to filter out events where the string values between two fields are the same? (field names contain spaces)

Hello, I am trying to filter out events when the source username and destination username are the same, but it is ...

by Engager in

How to calculate ratios using a single previously calculated value to divide by?

I am calculating a bunch of rates and I would like to take all of the rates I have calculated and divide by one of th...

by New Member in

extracted date as x-axis range

got a date extracted from a file name and got the count of files received on for that extracted date. date-2016-03...

by Communicator in

How to search for users that accessed the same system more than 5 times in 10 minutes and alert on this?

Hi, I'm trying to search for users that access the SAME system more than 5 times in 10 minutes, in order to ident...

by Path Finder in

Is it possible to use Linux commands in the search as a normal user?

As a normal user, is there any way for me to use: ps -aux| grep httpd| wc -l in Splunk's search bar? I'm tryin...

by Explorer in

How to create a chart that shows multiple values by default, but have a multiselect drop-down to drill down to a specific value?

I am trying to provide a chart that shows multiple locations as a default, then allow them to use the multiselect to ...

by Engager in

How to search days where fieldA was the same at the beginning and end of the day for each FieldB?

I'm going crazy trying to figure this out. Splunk is not my primary job function, so I am no good at time manipulatio...

by Explorer in

regex error only when saving to summary index

This is my query. index=snaptor sourcetype=AccessApp | fillnull value=NULL | eval query_string = upper(query_stri...

by Path Finder in

How to run my alerting search on historical data with stats and bin or bucket to see when this search would have triggered an alert?

Trying to see when this search would've triggered an alert over the last few hours. The search normally runs every 10...

by Explorer in

How to access searchmatch count in eMail notifications

I have the below working SPLUNK query which is being used to print the timechart. I would like to trigger an email al...

by New Member in

Sperating a log file values in different filed seperated by comma

Hi All, I have logs in Splunk separated by comma e,g A ,B,C,D,E,F,.,., everything is separated by comma , n...

by New Member in

How to find the time difference between events to calculate the average duration?

Hi, I have a data set that looks like this: I need to calculate the avg duration of the power loss (eve...

by Motivator in

How to create a bubble chart?

Hi, I've calculated the amount of purchase actions grouped by the productId and the elapsed time (in minutes) afte...

by Motivator in

How to use rex to extract Linux directory sizes and names (Part II)?

Additional question 'to the same scenario': "How to use rex to extract Linux directory sizes and names?" On other ...

by Path Finder in

Color code single value on other field

I would like to color a single value, based on a field value that is not the one displayed in the panel. I was able t...

by New Member in

Retention Policy - Keep only 3 months of data

Hi, may i know how to configure Splunk to only retain a rolling window of 3 months of logs data? I'm completely n...

by Path Finder in

How to search for field values that are returned in one search that don't appear in another search?

I am trying to come up with the search syntax that would get me the the values of a field that exist in one search th...

by Path Finder in

Calculate a number from each entry and present the average of all entries

I have the entries below from different sessions: sessionId="001" data="[{message=timing_stats, data=[{beginF=1550...

by Explorer in

How to convert a time field in with the format D.HH:MM:SS to seconds?

Hi, I have execution time in the format of D:HH:DD:SS (0:00:00:22 ,0:00:00:55 ) that I need to convert to seconds...

by New Member in

Is it possible to connect and send queries to Splunk from another application to retrieve results?

Hi, I am interested in the possibility of sending queries from an application (Lavastorm) to Splunk to retrieve r...

by New Member in

How to Rex out junk in a file path?

Scenario: I have the following field called 'filePath' /src/lkfdjgsryj3kt4z57RdC-1-SomeDocument.doc I would l...

by Contributor in

Transaction grouping

Hi all, I have a transaction which have keyword "start" and "stop", I use startswith and endswith to define the wh...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Addtotals in table issue

How to troubleshoot why my Choropleth map is not showing a certain Spanish Region using Splunk 6.4?

Advanced search for average and greater than

How to edit my search to filter out events where the string values between two fields are the same? (field names contain spaces)

How to calculate ratios using a single previously calculated value to divide by?

extracted date as x-axis range

How to search for users that accessed the same system more than 5 times in 10 minutes and alert on this?

Is it possible to use Linux commands in the search as a normal user?

How to create a chart that shows multiple values by default, but have a multiselect drop-down to drill down to a specific value?

How to search days where fieldA was the same at the beginning and end of the day for each FieldB?

regex error only when saving to summary index

How to run my alerting search on historical data with stats and bin or bucket to see when this search would have triggered an alert?

How to access searchmatch count in eMail notifications

Sperating a log file values in different filed seperated by comma

How to find the time difference between events to calculate the average duration?

How to create a bubble chart?

How to use rex to extract Linux directory sizes and names (Part II)?

Color code single value on other field

Retention Policy - Keep only 3 months of data

How to search for field values that are returned in one search that don't appear in another search?

Calculate a number from each entry and present the average of all entries

How to convert a time field in with the format D.HH:MM:SS to seconds?

Is it possible to connect and send queries to Splunk from another application to retrieve results?

How to Rex out junk in a file path?

Transaction grouping

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions