Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to get a transaction command to work with a combination of indexTime and another field?

Good Afternoon Splunk, I have a question about some data that I am trying to evaluate for the transaction command....

by Communicator in

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

I have field values that are coming in with unnecessary spaces. I'm trying to remove them and from another post, I f...

by Path Finder in

show unique values from yesterday

Hello, please help! I want to display only the unique names from yesterday that are not in today's list Initial s...

by Explorer in

How to check if new hosts get added to instance & get alerted?

The number to hosts have increased in our instance & we want to check which ones are the new ones added. Also we want...

by Path Finder in

How to list count of Error messages

I have multiple error messages in the logs and I do count by ErrorMessage. The error messages gets listed as below. ...

by New Member in

show value in case of no results found

hello, I'm trying to do a stats count command and to show "0" (for single value chart) instead of N/A in case the que...

by Explorer in

Searching the latest event quickly

Hello I would like to check if my firewall rules are used or not. For that, I'm doing something like that : index=...

by Engager in

How to use drilldown and selection in the same chart at the same time?

Hi, I'm trying to use both drilldown and selection in a timechart to limit the events shown in an events view (not...

by Communicator in

Searching the _introspection index, why are PerProcess events missing?

Hi, While checking the introspection index, the search index=_introspection | dedup component | table component r...

by New Member in

How to revise my search in order to convert my cluster map into a choropleth map?

Hi, I have a query that supplies IP address and a status code and I have created a cluster map from the results ...

by Motivator in

How to edit my search to categorize User Agent by Mobile OS?

Hello Splunk Masters, I'm working on a radial gauge that will show successful IIS requests. I need to be able to b...

by Explorer in

Why don't I see the real time option in time range picker?

I don't see the real time option in the time range picker. I do have queries to search in real time.

by Contributor in

How can I use rex to extract the time stamp of a used search?

I am attempting to create a search that would pull information about search usage. I have an index generated off of t...

by Path Finder in

Need help normalizing a field's contents for display

I'm extracting a piece of a filename to create a field using makemv and a rex command. The extracted field should be ...

by Contributor in

How can i search what all indexes are into splunk ESS app?

please let me know via CLI or Splunkweb.?

by New Member in

How to edit my stats search to calculate a percentage based on a custom range?

I have a search from web logs that I need to calculate a percentage based on a custom range. Search example: i...

by Explorer in

Can this query be written more efficiently?

It's a query for a staked column chart. index=myCompIn source="/locatedin/mySrc.log" "Reply Back" "CAT-IN " "SOME ...

by New Member in

Can I get clarification on what my search string is doing?

I have this search string, and I'm unsure of what some of it does. This is the search: | inputlookup append=T malw...

by Communicator in

Is there a way to limit how long real-time searches run?

Hi, Is there a way to limit how long a real-time search can run? I have customers firing them up (legitimately) an...

by Champion in

Do users need some capability to use search commands based on Python scripts like xmlkv?

We have users with somewhat limited capabilities using custom search home apps. They are able to search the data they...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get a transaction command to work with a combination of indexTime and another field?

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

show unique values from yesterday

How to check if new hosts get added to instance & get alerted?

How to list count of Error messages

show value in case of no results found

Searching the latest event quickly

How to use drilldown and selection in the same chart at the same time?

Searching the _introspection index, why are PerProcess events missing?

How to revise my search in order to convert my cluster map into a choropleth map?

How to edit my search to categorize User Agent by Mobile OS?

Why don't I see the real time option in time range picker?

How can I use rex to extract the time stamp of a used search?

Need help normalizing a field's contents for display

How can i search what all indexes are into splunk ESS app?

How to edit my stats search to calculate a percentage based on a custom range?

Can this query be written more efficiently?

Can I get clarification on what my search string is doing?

Is there a way to limit how long real-time searches run?

Do users need some capability to use search commands based on Python scripts like xmlkv?

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?