Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is there a way to change the time duration calculated to a more readable format?

Is there a way to change the time duration calculated to a more readable format? Trying to go from something like ...

by Path Finder in

How to create a time average of a timeframe overarching 00:00?

Hi everybody I'm going crazy because of a "timeproblem" which sounds not hard to handle, but i don't get it... My...

by New Member in

How to edit my regular expression to extract fields that contain "CASE" but not "Case" or "case"?

Hi, I have the following expression (?=[^C]*(?:CASE|C.*CASE))^(?:[^:\n]*:){5}\s+\w+(?P.+), which is used to extrac...

by Explorer in

Clicking an app redirects me to setup instead of search

Hi I have a custom app, it is a simple app which contains a few dashboards and nothing more. When i click app it's...

by Contributor in

Diff and % calculation 1st row vs 2nd row

source=DAM_DB_SUMMARY_REPORT | eval Date=substr(DATES,1,10) | stats sum(TOTAL_RECORDS) as "Total Records" by Date | s...

by Communicator in

After receiving "External search command 'jsonfields' returned error code 1", how to extract fields from a JSON input?

Hi, I am trying to extract fields from a JSON input. I don't understand if I am making any mistake in getting the eve...

by Explorer in

How to convert a decimal number to binary?

All, Assuming Splunk has a function for this. But for the life of me I can't find it. Is there a tool to convert ...

by Builder in

How to edit my dashboard so that my dropdown values will properly display?

Hi, i have created dashboard with 2 dropdowns based on host and based on Time Range. When select host it is working b...

by Communicator in

How can we distribute files from HDFS to be indexed evenly across our four indexers?

We have an HDFS source with sqoop files that have this naming pattern - 000000_0 to 003064_0 and each file is at the ...

by Ultra Champion in

how can i calculate the average time range of DayOne,DayTwo,DayThree for each student_id?

I have a splunk Query as below earliest=-1d@d latest=@d index=abc | where date_hour>=15 OR date_hour<9 | stats ear...

by Builder in

On RH 6 and Splunk 6 my searches are consuming lots of CPU

Using redhat 6, I've noticed that my Splunk instance has searches that are consuming large amounts of CPU and I am ex...

by Splunk Employee in

Alternative for eval while using pivot

I wanted to accelerate my searches so I am using data models and pivot. | pivot Accounting Accounting sum(Input)...

by Communicator in

How to write a regular expression so that it’s case sensitive and only looks at ABC and not Abc or abc?

Please let me know the regex for this. How can the extracted field be modified? Thanks

by Path Finder in

How to display latest events from a log file in a table format?

Hi, we have 2 configuration files like spg.conf and spg.conf.1162016 and we written perl program to find the differen...

by Communicator in

Why is a token not substituted after a drilldown and search from dashboard1 to dashboard2 with my current Simple XML?

I have a Splunk application with two Dashboards. Dashboard1 ( D1 ) is a higher level dashboard that reports overall u...

by Path Finder in

How to change the background color of a table row in a dashboard panel based on a string value?

I have JSON data that is broken into fields. I'm trying to add color to my stats panel or pivot table, but I'm unable...

by New Member in

How to search information on usage for each search from all the different apps in our Splunk environment?

Ladies and Gentlemen, I have been tasked to write up a search that would give a total usage for each search from a...

by Path Finder in

How to use the results of a subsearch to search an index for a pattern or regex on a particular field?

I want to use the results of a subsearch to search an index for a pattern/regex on a particular field. I have this...

by Explorer in

How to edit my search to aggregate the resulting counts by host type?

Hi there, I want to know if this is possible: I have a simple search: index=myindex host=myhost* | stats cou...

by New Member in

How to insert a search box in large table of data that is derived from a search on a dashboard?

Hello, We are using a search which displays data in a table format on a dashboard. As result, the table is too lar...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to change the time duration calculated to a more readable format?

How to create a time average of a timeframe overarching 00:00?

How to edit my regular expression to extract fields that contain "CASE" but not "Case" or "case"?

Clicking an app redirects me to setup instead of search

Diff and % calculation 1st row vs 2nd row

After receiving "External search command 'jsonfields' returned error code 1", how to extract fields from a JSON input?

How to convert a decimal number to binary?

How to edit my dashboard so that my dropdown values will properly display?

How can we distribute files from HDFS to be indexed evenly across our four indexers?

how can i calculate the average time range of DayOne,DayTwo,DayThree for each student_id?

On RH 6 and Splunk 6 my searches are consuming lots of CPU

Alternative for eval while using pivot

How to write a regular expression so that it’s case sensitive and only looks at ABC and not Abc or abc?

How to display latest events from a log file in a table format?

Why is a token not substituted after a drilldown and search from dashboard1 to dashboard2 with my current Simple XML?

How to change the background color of a table row in a dashboard panel based on a string value?

How to search information on usage for each search from all the different apps in our Splunk environment?

How to use the results of a subsearch to search an index for a pattern or regex on a particular field?

How to edit my search to aggregate the resulting counts by host type?

How to insert a search box in large table of data that is derived from a search on a dashboard?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Splunk searches using lookup might get affected if...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...