Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
markwymer

How to return a field that isn't part of the stats count?

Hi, I'm trying to get a table of all the Session_ID values when the count of Logon_IDs is more than 2, but since th...
by markwymer Path Finder in Splunk Search 05-13-2016
0 1
0
1
Aaron_Fogarty

show only values from a lookup that are not returned in a search?

My search events contain a userID e.g. 'b1234'. I am using a lookup file to show the name, manager and department of ...
by Aaron_Fogarty Path Finder in Splunk Search 05-13-2016
0 6
0
6
harald_leitl

Is there a way to count the series of consecutive identical events that are interrupted by another event?

Hello, Is there a way to count the series of consecutive identical events that are interrupted by another event? So...
by harald_leitl Path Finder in Splunk Search 05-13-2016
1 10
1
10
MattQ

Exclude a known IP from results

I am returning query results that give a list of IPs on which an event has occurred. I want to create an alert to fi...
by MattQ Explorer in Splunk Search 05-12-2016
0 6
0
6
geelsu

Is there a limit with having multiple "SOURCE !=" in a search?

Newbie here. I was exploring Dashboard setup, so started doing some searches to create one with. I started eliminat...
by geelsu New Member in Splunk Search 05-12-2016
0 3
0
3
Phil219

How to group the results of a transaction?

Hello, my search basesearch|transaction attribute|table username, attribute As expected, this returns a table with gr...
by Phil219 Path Finder in Splunk Search 05-12-2016
0 8
0
8
vil505

How can I use a text input form to search through a table to narrow down results?

This is probably simple, but how can I use the text input in a form to narrow down my results? I'm building a form t...
by vil505 Explorer in Splunk Search 05-12-2016
0 4
0
4
guillecasco

How to add values dynamically from a search to a drop-down input?

Hey, I have something like this for a drop-down in a Splunk dashboard: <input type="dropdown" token="trouID" searc...
by guillecasco Path Finder in Splunk Search 05-12-2016
0 2
0
2
olheiser01

How to write a search to determine if the value of one field is found in the value of another field?

I am trying to return a result when one field contains another. For example, field1="ABCDEFG" field2="CDE" Match= T...
by olheiser01 New Member in Splunk Search 05-12-2016
0 2
0
2
hcorleyss

Scheduling searches and delayed events

Hi, is there a best practice to achieve the following? I am looking to search for events and then to output them to ...
by hcorleyss New Member in Splunk Search 05-12-2016
0 2
0
2
jreddy

How to edit my timechart search to predict when the Top N subnets will run out of Free addresses?

Currently, my line chart is showing predict vales for the given subnets i.e when the subnets will run out of Free add...
by jreddy New Member in Splunk Search 05-12-2016
0 2
0
2
smhsplunk

Conditional if based on dropdown value (match with a column name for second dropdown)

I have two dropdowns, first one selects T1, T2 or T3. Depending on the first selection the second dropdown will ...
by smhsplunk Communicator in Splunk Search 05-12-2016
0 2
0
2
n179911

How to search a range of numbers?

In Splunk, how can I search for a range of numbers (e.g. from "Test213" to "Test220")? I tried 'test2[13-20]" or 'te...
by n179911 New Member in Splunk Search 05-12-2016
0 4
0
4
cmahan

How to search for Disk Partition Size info, not just total size?

I need a search that will return details regarding a partitioned volume. For example: The  volume on a server was ...
by cmahan Path Finder in Splunk Search 05-12-2016
0 1
0
1
rsingh_splunk

How to edit my search to extract the last appended letter in a URI field and use eval to assign each letter a certain value?

Hi all, I need to extract the last appended letter part in the URI field and use eval to term them as: d = Detail m ...
by rsingh_splunk Splunk Employee Splunk Employee in Splunk Search 05-12-2016
0 2
0
2
mclane1

How to select all checkboxes in a form input by default?

Hello, I would like to know how select by default all checkboxes in input like this: <input type="checkbox" token="...
by mclane1 Path Finder in Splunk Search 05-12-2016
0 3
0
3
echalex

Using source:: for field extraction in props.conf

Hi, I'm trying to extract the name of the tomcat instance based on the path of the source. I've been successful by sp...
by echalex Builder in Splunk Search 05-11-2016
0 4
0
4
ahmedhassanean

How to aggregate Splunk events with different key value pairs based on event time?

I have logs that contain different Key/value in different logs, but with same transaction. I would like to summarize ...
by ahmedhassanean Explorer in Splunk Search 05-11-2016
0 15
0
15
smileyge

Fields disappear in search app?

I am running a search with just over a million rows on a particular index with maybe 15 fields per event. Once it get...
by smileyge Path Finder in Splunk Search 05-11-2016
0 3
0
3
Eogs

Latest + add 1 hour

Hello splunk users, I have a search string with earliest defined and i want to define latest as "latest=earliest+1H"...
by Eogs Explorer in Splunk Search 05-11-2016
2 13
2
13
ra01

How to use timechart with a calculated field?

I have this search that displays my conversion rate: tag=external_traffic eventtype=pageactions session_id=\* | tra...
by ra01 Path Finder in Splunk Search 05-11-2016
0 5
0
5
aboitsau

Is it possible to modify "chart" command results

Hello, Our index has the following data: method name (amf_name), execution time (call_dur), application_version (app...
by aboitsau New Member in Splunk Search 05-11-2016
0 4
0
4
tmarlette

How to edit my eval replace / trim statement to format domain information?

So I have some domain information that i'm attempting to format appropriately with EVAL functions either replace, or ...
by tmarlette Motivator in Splunk Search 05-11-2016
0 2
0
2
Graham_Hanningt

Best practice for post-process searches with a timechart base search?

I have a Splunk Enterprise 6.4 dashboard that displays multiple timecharts, all based on the same events in the same ...
by Graham_Hanningt Builder in Splunk Search 05-11-2016
2 5
2
5
nikolab

How to edit my search to display all events of the current day with a sum exceeding the average of the last month?

I have a bank transaction XML log with date, card number, and amount. I need print all transactions of the current da...
by nikolab Explorer in Splunk Search 05-11-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...