Splunk Search

Ask a Question

Discussions

Thread Info

How to edit my search to only display users that have logged on to more than 5 workstations and sort the list in descending order?

Hello, Like the title says, I have the search criteria pretty nailed down, however, I would like to do a count so ...

by New Member in

Optimize query by referring latest source data

Hi, Here are the three sources that I have for the below query that I need to optimize : a) tech_detail.gz b) grou...

by Explorer in

Splunk is only reading some records from a lookup and leaving others out. Any suggestions why?

I have a CSV file uploaded as a lookup. I am using the userID from my search with the lookup, but for some reason, th...

by Path Finder in

How can I chart 24hr difference between Fields at exactly 7am over the last 7 days

I am capturing events every minute. Within the events, there is a continuously compounding field: "FlowTotal_Running_...

by Engager in

SEDCMD search inline question

I am trying to test a sedcmd command, inline, that Im going to add. I am finding a string and replacing it with a fie...

by Builder in

What is the basic difference between the lookup, inputlook and outputlookup commands

Good afternoon All, I am having a hard time trying to understand the difference between "lookup", "inputlookup", a...

by Path Finder in

Why is my search with transaction and concurrency commands skipping over certain events?

I'm not sure if I can get any help here, but I am going to try cause I've been wrestling with this search/data for a ...

by Builder in

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

Hello Splunkers Hope you are doing good, appreciate beforehand all the time you take helping us out here. So I'...

by Explorer in

How to extract fields from my _raw data into events and sort them in a table?

I will try and explain my problem to the best of my ability. I am attempting to create a saved search from which I ho...

by Explorer in

How to edit my search to compute host up times with a lookup table and importance value?

I have to take a logfile and extract certain fields to present as a percentage of availability ("UP" host_names). I ...

by New Member in

Replace string

I want to replace (" ") in my xml file to single (").Since there is some misplace of double codes in my whole file.So...

by Communicator in

I need to fill missing values in a search as NULL

I need to fill missing values from search items as NULL (not the string, but actual NULL values) I see options to ...

by Path Finder in

convert time field

i have the last sync time for my activesync clients going to splunk via powershell input. ex: LastSyncAttemptTime = ...

by Path Finder in

Use of color field in treemap visualization

Is there a working example of the use of color_field in the new Treemap visualization? I have tried the form that...

by Path Finder in

stats count help

I am pulling syslogs and attempting to count IPs that are blocked for abuse. My counts are coming up 0. the IP used h...

by Engager in

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

I'd like to have a simple XML dropdown that selects, as an example a Device Name. deviceName,Vendor,Model mainfw,C...

by Splunk Employee in

How to add a fixed value into the stats count?

I am trying to have a single value panel. The search for the same is given below: index=* host="prodserver-*" sour...

by Engager in

How do I use regex to extract URL parameter field names

I want to extract the field names from a URL's parameters. For example my raw event might look like this: action=a...

by Explorer in

How do you use the value of a field as a keyword search?

I would like to use the value of a field as a keyword search. For example, if I have field like dest_ip="1.1.1.1", ho...

by New Member in

Is it possible to run a search with a cron expression inside the search?

My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time ...

by New Member in

How to edit my stats search to find the percentage of a range?

I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to ...

by Explorer in

How to search average response times at a specific time?

Hello, I'm trying to write a splunk query but dont know where to start with. Is it possible to write a query to se...

by Explorer in

How to create a drilldown to run a new search from clicking an item on a table?

I looked through the docs and other Splunk Answers, but it still isn't making sense to me, so please bear with me.  ...

by Builder in

How to show stats count grouped by two fields in a graph?

I have 3 Ticket groups A, B, and C. And multiple users. My system logs every ticket purchased under each ticket group...

by New Member in

Detailed Index Status Report - Is there one?

I would like to see the following for each index limit (maximum size) Mbcurrent size Mbavg. Mb indexed per day las...

by Legend in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to only display users that have logged on to more than 5 workstations and sort the list in descending order?

Optimize query by referring latest source data

Splunk is only reading some records from a lookup and leaving others out. Any suggestions why?

How can I chart 24hr difference between Fields at exactly 7am over the last 7 days

SEDCMD search inline question

What is the basic difference between the lookup, inputlook and outputlookup commands

Why is my search with transaction and concurrency commands skipping over certain events?

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

How to extract fields from my _raw data into events and sort them in a table?

How to edit my search to compute host up times with a lookup table and importance value?

Replace string

I need to fill missing values in a search as NULL

convert time field

Use of color field in treemap visualization

stats count help

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

How to add a fixed value into the stats count?

How do I use regex to extract URL parameter field names

How do you use the value of a field as a keyword search?

Is it possible to run a search with a cron expression inside the search?

How to edit my stats search to find the percentage of a range?

How to search average response times at a specific time?

How to create a drilldown to run a new search from clicking an item on a table?

How to show stats count grouped by two fields in a graph?

Detailed Index Status Report - Is there one?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions