Splunk Search

Ask a Question

Discussions

Thread Info

Help with Stats based on Conditional Multiple Values - foreach (potentially)

Here is my raw data: advisories=[Advisory@51046c2f[advisory=6,rule=LOGIN_3,passive=true], Advisory@2f9ea478[adviso...

by New Member in

how to run splunk query programmateically

Hi Experts , We are using Splunk UI to search Logged data. I am planning to create a java program and run queries...

by New Member in

Extract fields/subfields into table pipe and ":" delimited and name columns in fly

My search string "[.Id.IdCreateService] - Promotion Created, Promotion Settings For PromoCode=121509PromoId=3550966 :...

by Explorer in

Looking for new events

Good Day Everyone, I"m trying to construct a search that will search our weblogs over a one hour period and repor...

by Contributor in

How is it possible to assign the result of the | append [ subsearch ] in a constant?

Hi, I have a search and an | append [subsearch] which adds at the bottom of the results (see image) a new row with...

by Contributor in

Is there a way to have different timescale for lookups than the actual search?

Hi, I am looking for a solution for this problem. I have implemented Lookup tables based on time and they are work...

by Path Finder in

Summary Question

So if I add a single search head and add my existing indexers/search peers to it. BUT DO NOT set data forwardering on...

by Builder in

appendcols with timechart when queried for longer window - appendcols results empty

Hi, index=test sourcetype=access "READ/1.1" idvalue="" | timechart count(idvalue) as TotalRequests span=30m | appe...

by Engager in

sum total unique users in time chart with appendcols

I need to sum the PMBI users and ADF Users to get total user count. Any suggestions? index=gateway host=sc58lgwap*...

by Path Finder in

I want to identify the top 10 cpu averages over the past 15 minutes and then "timechart span=1m" that average cpu over that same 15 minutes

So, I use this query: index=perfmon object=Processor host=* counter="% Processor Time" | stats avg(Value) as 15min...

by Motivator in

How to do a lookup for timechart headers

Hello! I have made a timechart with a command: (...) *| timechart limit=10 sum(bytes) by src_ip* . So I got top...

by Communicator in

Why subsearch fails with error "Unable to parse the search: Invalid search: AND AND" if it has to return endtime?

search returns valid results, but fails with Invalid search: AND AND if defined as subsearch: 1. Search works ok: ...

by Explorer in

How to write a search to find values similar to a certain string?

Case Scenario: The search string is "google" The results should find g0ogle, go0gle, gogle, gooogle, etc... I have...

by Path Finder in

Can't get results using _time in my search

I performed this search index=* source="WinEventLog:System" EventCode=3 host=jj1 | table host, _time, message a...

by Communicator in

how to keep the earliest time as constant and latest as current time (now) without using token and timerangepicker?

Hi, how to keep the earliest time as constant(Say 12.00AM) and latest as current time (now)in splunk dashboard? re...

by Explorer in

User Name field extraction - Strip DOMAIN in username

I have a field extraction which extracts the User Name. Some users will authenticate with their user name, but some w...

by Path Finder in

Maximum number of historical concurrent system-wide searches has been reached

What does this message means The maximum number of historical concurrent system-wide searches has been reached. curre...

by Explorer in

Find missing ids from two searches using stats not set

I have an index with two 'transaction types'. Create and Offer. For each create, I get an ID and I want to find out a...

by SplunkTrust in

Tips on Formulating a query, where I have known text's from two different log lines

A splunk novice question We have logs and the example is something like this 2016-05-05T09:05:50.610050-07:00 Correl...

by New Member in

Can we combine two reports into one PDF or CSV file?

I have two different searches which I have saved as reports and scheduled it to run every Monday, but can I get both ...

by Builder in

Is there a way to use the join command effectively in Hunk?

We are trying to see whether the out-of-the-box join command works well in Hunk. We tried the following: index="cl...

by Ultra Champion in

How to create a report which will provide details about the duration between each call?

I have a log file like this: 2016-04-26 11:19:05,833 INFO [pool-1333-thread-2] (Test.java:412) - POST http://loc...

by New Member in

Is there a way to search the count of how many times the same log message got logged seconds apart from each other?

Is there a way to see if the same log message got logged seconds apart from each other and get a count on how many ti...

by New Member in

How to display current and previous ranks of top 10 error messages with the respective count and percentage contribution on daily basis.

Hi, Initially I tried with: ConsumerService HostEnvironmentName=PROD| top limit=10 message to get the daily...

by New Member in

Collapsing multiple events

I'd like to collapse multiple firewall logs into very few events to help people understand connectivity between endpo...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with Stats based on Conditional Multiple Values - foreach (potentially)

how to run splunk query programmateically

Extract fields/subfields into table pipe and ":" delimited and name columns in fly

Looking for new events

How is it possible to assign the result of the | append [ subsearch ] in a constant?

Is there a way to have different timescale for lookups than the actual search?

Summary Question

appendcols with timechart when queried for longer window - appendcols results empty

sum total unique users in time chart with appendcols

I want to identify the top 10 cpu averages over the past 15 minutes and then "timechart span=1m" that average cpu over that same 15 minutes

How to do a lookup for timechart headers

Why subsearch fails with error "Unable to parse the search: Invalid search: AND AND" if it has to return endtime?

How to write a search to find values similar to a certain string?

Can't get results using _time in my search

how to keep the earliest time as constant and latest as current time (now) without using token and timerangepicker?

User Name field extraction - Strip DOMAIN in username

Maximum number of historical concurrent system-wide searches has been reached

Find missing ids from two searches using stats not set

Tips on Formulating a query, where I have known text's from two different log lines

Can we combine two reports into one PDF or CSV file?

Is there a way to use the join command effectively in Hunk?

How to create a report which will provide details about the duration between each call?

Is there a way to search the count of how many times the same log message got logged seconds apart from each other?

How to display current and previous ranks of top 10 error messages with the respective count and percentage contribution on daily basis.

Collapsing multiple events

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions