Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
abhijitp

Is there a way to have different timescale for lookups than the actual search?

Hi, I am looking for a solution for this problem. I have implemented Lookup tables based on time and they are workin...
by abhijitp Path Finder in Splunk Search 05-07-2016
0 7
0
7
daniel333

Summary Question

So if I add a single search head and add my existing indexers/search peers to it. BUT DO NOT set data forwardering on...
by daniel333 Builder in Splunk Search 05-07-2016
0 2
0
2
sethuk555

appendcols with timechart when queried for longer window - appendcols results empty

Hi, index=test sourcetype=access "READ/1.1" idvalue="" | timechart count(idvalue) as TotalRequests span=30m | append...
by sethuk555 Engager in Splunk Search 05-06-2016
0 1
0
1
kmccowen

sum total unique users in time chart with appendcols

I need to sum the PMBI users and ADF Users to get total user count. Any suggestions? index=gateway host=sc58lgwap* ...
by kmccowen Path Finder in Splunk Search 05-06-2016
0 8
0
8
lycollicott

I want to identify the top 10 cpu averages over the past 15 minutes and then "timechart span=1m" that average cpu over that same 15 minutes

So, I use this query: index=perfmon object=Processor host=* counter="% Processor Time" | stats avg(Value) as 15minav...
by lycollicott Motivator in Splunk Search 05-06-2016
0 2
0
2
lukasz92

How to do a lookup for timechart headers

Hello! I have made a timechart with a command: (...) *| timechart limit=10 sum(bytes) by src_ip* . So I got top (re...
by lukasz92 Communicator in Splunk Search 05-06-2016
0 6
0
6
gregnsk

Why subsearch fails with error "Unable to parse the search: Invalid search: AND AND" if it has to return endtime?

search returns valid results, but fails with Invalid search: AND AND if defined as subsearch: 1. Search works ok:...
by gregnsk Explorer in Splunk Search 05-06-2016
3 8
3
8
mgrosholz

How to write a search to find values similar to a certain string?

Case Scenario: The search string is "google" The results should find g0ogle, go0gle, gogle, gooogle, etc... I have s...
by mgrosholz Path Finder in Splunk Search 05-06-2016
0 10
0
10
TheJagoff

Can't get results using _time in my search

I performed this search index=* source="WinEventLog:System" EventCode=3 host=jj1 | table host, _time, message and g...
by TheJagoff Communicator in Splunk Search 05-06-2016
0 3
0
3
mprreddy51

how to keep the earliest time as constant and latest as current time (now) without using token and timerangepicker?

Hi, how to keep the earliest time as constant(Say 12.00AM) and latest as current time (now)in splunk dashboard? requ...
by mprreddy51 Explorer in Splunk Search 05-06-2016
0 4
0
4
pjohnson1

User Name field extraction - Strip DOMAIN in username

I have a field extraction which extracts the User Name. Some users will authenticate with their user name, but some ...
by pjohnson1 Path Finder in Splunk Search 05-06-2016
0 7
0
7
sureshsala

Maximum number of historical concurrent system-wide searches has been reached

What does this message means The maximum number of historical concurrent system-wide searches has been reached. curre...
by sureshsala Explorer in Splunk Search 05-05-2016
0 1
0
1
bowesmana

Find missing ids from two searches using stats not set

I have an index with two 'transaction types'. Create and Offer. For each create, I get an ID and I want to find out a...
by SplunkTrust SplunkTrust in Splunk Search 05-05-2016
0 2
0
2
somnath_tm

Tips on Formulating a query, where I have known text's from two different log lines

A splunk novice question We have logs and the example is something like this 2016-05-05T09:05:50.610050-07:00 Correl...
by somnath_tm New Member in Splunk Search 05-05-2016
0 1
0
1
vrmandadi

Can we combine two reports into one PDF or CSV file?

I have two different searches which I have saved as reports and scheduled it to run every Monday, but can I get both ...
by vrmandadi Builder in Splunk Search 05-05-2016
0 2
0
2
ddrillic

Is there a way to use the join command effectively in Hunk?

We are trying to see whether the out-of-the-box join command works well in Hunk. We tried the following: index="clai...
by ddrillic Ultra Champion in Splunk Search 05-05-2016
0 5
0
5
simikd

How to create a report which will provide details about the duration between each call?

I have a log file like this: 2016-04-26 11:19:05,833 INFO [pool-1333-thread-2] (Test.java:412) - POST http://local...
by simikd New Member in Splunk Search 05-05-2016
0 1
0
1
2009652

Is there a way to search the count of how many times the same log message got logged seconds apart from each other?

Is there a way to see if the same log message got logged seconds apart from each other and get a count on how many ti...
by 2009652 New Member in Splunk Search 05-05-2016
0 2
0
2
abhi_syntel_hum

How to display current and previous ranks of top 10 error messages with the respective count and percentage contribution on daily basis.

Hi, Initially I tried with: ConsumerService HostEnvironmentName=PROD| top limit=10 message to get the daily detai...
by abhi_syntel_hum New Member in Splunk Search 05-05-2016
0 2
0
2
Runals

Collapsing multiple events

I'd like to collapse multiple firewall logs into very few events to help people understand connectivity between endpo...
by Runals Motivator in Splunk Search 05-05-2016
0 5
0
5
qinglinms

Why am I getting unexpected results with my timechart search?

I have the following data in my index _time PUID TotalMinutes TotalDisconnec...
by qinglinms Explorer in Splunk Search 05-05-2016
1 5
1
5
guillecasco

how can i do to extract with REX

URR: /UMY/t5/update/?body-hash=6764545kk345565e1e9c946034gg&environment=350789e8-j235-4f5c-95f2-lmnu9458b how can i ...
by guillecasco Path Finder in Splunk Search 05-05-2016
0 1
0
1
guillecasco

How to extract a field from my sample log with the rex command?

I have this log: [:|host|:] ip-10-.-666-6666225 [:|reqID|:] some id [:|ap|:] info {:|sum|:} INCOMING REQUEST: PATH: ...
by guillecasco Path Finder in Splunk Search 05-05-2016
0 3
0
3
sim_tcr

How to search the total number of users per day?

Hello, I have a field where the user names are recorded. I want to display a timechart with total number of users fo...
by sim_tcr Communicator in Splunk Search 05-05-2016
0 1
0
1
mfrost8

Searching local indexes on a search head?

We have a test server that's indexing data locally (with sufficient license to do so). For some development effort,...
by mfrost8 Builder in Splunk Search 05-05-2016
1 10
1
10
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...