Splunk Search

Discussions

Thread Info

Why does my automatic lookup not work before the first pipe in a search?

I've got a strange problem where I can't quite figure out why my automatic lookups work fine anywhere after a pipe, b...

by Builder in

How to extract Email recipients from Splunk python.log?

I got couple of log entries like below 2015-02-04 09:40:06,373 INFO Sending email. subject="Test e-mail from Splun...

by Path Finder in

How to calculate average response time by day per request type?

Hello, I was able to get the chart with below fields. Now my question is how do I calculate average response time ...

by Explorer in

How to edit my search to show the count and percentage per id for each day?

Hey. I'm quite new with Splunk and learning for the moment. I need to show a table with " Time id count percentage...

by Path Finder in

Subsearch - Filter out outer search using inner search's results? Finding the bad seed.

I need to filter down an outer search based on the inner search's results. What I mean is that my inner search return...

by Builder in

How do I aggregate events using 2 different timestamps?

I am looking to "segment" operational changes(events) based on both the CLOSEDDATE & OPENDATE and essentially calcula...

by New Member in

avg response time of two web services by data center on today, yesterday and few days ago

Hello, I was able to extract the two web services using rex but now the problem is to have a table with something ...

by Explorer in

How do I filter my time chart results to only display devices that have a count of zero for any week within a certain time range?

I'm fairly new to Splunk and have a search that basically returns a count of the number of times a device logs in to ...

by Explorer in

How to set up 2 search heads behind 1 Apache reverse proxy with load balancing?

Howdy! I have wondered around the topic within Splunk community for a while, but did not find a definite answer. S...

by Explorer in

How to get output from external commands run through Perl and use as scripted input

Hi Am trying to run a command through perl and the results used as scripted input which will be indexed by splunk...

by New Member in

How Do I Extract The End of String

Hi, I wonder whether someone may be able to help me please. From a field called 'detail.input' there are two poten...

by Motivator in

How to properly add an event listener for mouseover a column in a chart using simple XML and splunkjs?

I recently got an awesome answer to this question about changing the tooltip when hovering over a pie chart. I am now...

by Contributor in

How to extract two strings from my sample data and concatenate them as one field value?

Hi, I wonder whether someone may be able to help me please. I'm trying to extract the "1234567/123" from the s...

by Motivator in

What Hunk search language command generates a map reduce job in hadoop cluster?

What search commands in Hunk kick off reducers vs. trying to collection data via a streaming session? I ask, since I ...

by Splunk Employee in

Why am I getting search error "The lookup table 'signals' does not exist" after adding a CSV file in my app's lookup folder?

Hello, I have a custom written app. Actually it's a legit app which I just added a few lines in the props.conf and...

by New Member in

What will break if I set coldPath to /dev/null?

I've been asked to size a Splunk installation with only 30 days of hot/warm data - no cold data. I've never heard of ...

by SplunkTrust in

Is it possible to run a subsearch within a stats function?

Hi would like to know is there a way to do queries like, search * | stats values(field1) , values(subquery[field1]...

by New Member in

EVAL JSON Consistency

With JSON formatted events, I can do fun things like this: sourcetype="microBreadcrumb" | stats sum(message.totalI...

by Explorer in

How can I extract the exact search string for modified saved searches from events in the _internal index?

Hi All, I want to list all the saved searches which are modified (action=edit) from the logs, but the exact search...

by New Member in

Why are users getting "No results found" in the email they receive from running a map search with the sendemail command?

Hi all, my search | stats count(filename) AS files, sum(size) AS TotalMb by user| sort -TotalMb | eval email=user....

by Path Finder in

Is it better to only make searchable indexes available via the Selected search indexes option rather than using Restrict search terms?

If I leave the Restrict search terms option empty and only make searchable indexes available via the Selected search ...

by Engager in

Help with regex to extract a field from my sample data

Need assistance with Regex to parse the user from the event below. I'm looking to get the value of a string between =...

by New Member in

Iplocation reporting wrong country for a host - can this be fixed?

Not sure how or if this can be fixed, but iplocation is reporting Germany as the country for datacenter.fiberdc.com.t...

by Explorer in

Group IP addresses in CIDR format

I'm trying to group IP address results in CIDR format. Most likely I'll be grouping in /24 ranges. Is there an easy w...

by Path Finder in

extract one field from one index and pass to another search

Background: My windows AD users are in index "windersAD". All of their web traffic is logged in index "wsa". I would...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does my automatic lookup not work before the first pipe in a search?

How to extract Email recipients from Splunk python.log?

How to calculate average response time by day per request type?

How to edit my search to show the count and percentage per id for each day?

Subsearch - Filter out outer search using inner search's results? Finding the bad seed.

How do I aggregate events using 2 different timestamps?

avg response time of two web services by data center on today, yesterday and few days ago

How do I filter my time chart results to only display devices that have a count of zero for any week within a certain time range?

How to set up 2 search heads behind 1 Apache reverse proxy with load balancing?

How to get output from external commands run through Perl and use as scripted input

How Do I Extract The End of String

How to properly add an event listener for mouseover a column in a chart using simple XML and splunkjs?

How to extract two strings from my sample data and concatenate them as one field value?

What Hunk search language command generates a map reduce job in hadoop cluster?

Why am I getting search error "The lookup table 'signals' does not exist" after adding a CSV file in my app's lookup folder?

What will break if I set coldPath to /dev/null?

Is it possible to run a subsearch within a stats function?

EVAL JSON Consistency

How can I extract the exact search string for modified saved searches from events in the _internal index?

Why are users getting "No results found" in the email they receive from running a map search with the sendemail command?

Is it better to only make searchable indexes available via the Selected search indexes option rather than using Restrict search terms?

Help with regex to extract a field from my sample data

Iplocation reporting wrong country for a host - can this be fixed?

Group IP addresses in CIDR format

extract one field from one index and pass to another search

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions