Splunk Search

Ask a Question

Discussions

Thread Info

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

I'd like to have a simple XML dropdown that selects, as an example a Device Name. deviceName,Vendor,Model mainfw,C...

by Splunk Employee in

How to add a fixed value into the stats count?

I am trying to have a single value panel. The search for the same is given below: index=* host="prodserver-*" sour...

by Engager in

How do I use regex to extract URL parameter field names

I want to extract the field names from a URL's parameters. For example my raw event might look like this: action=a...

by Explorer in

How do you use the value of a field as a keyword search?

I would like to use the value of a field as a keyword search. For example, if I have field like dest_ip="1.1.1.1", ho...

by New Member in

Is it possible to run a search with a cron expression inside the search?

My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time ...

by New Member in

How to edit my stats search to find the percentage of a range?

I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to ...

by Explorer in

How to search average response times at a specific time?

Hello, I'm trying to write a splunk query but dont know where to start with. Is it possible to write a query to se...

by Explorer in

How to create a drilldown to run a new search from clicking an item on a table?

I looked through the docs and other Splunk Answers, but it still isn't making sense to me, so please bear with me.  ...

by Builder in

How to show stats count grouped by two fields in a graph?

I have 3 Ticket groups A, B, and C. And multiple users. My system logs every ticket purchased under each ticket group...

by New Member in

Detailed Index Status Report - Is there one?

I would like to see the following for each index limit (maximum size) Mbcurrent size Mbavg. Mb indexed per day las...

by Legend in

How to edit my regex to extract this pattern from my sample data?

I am trying to extract a pattern as below. Tried a few things, but all sorts of junk data is being picked up. Even...

by New Member in

How to group results by count with high number of values

Hi everybody, I'm new to Splunk and this will be my first question! I'm tinkering with some server response time dat...

by Explorer in

Measure service uptime when we have expected downtimes

Hi, I'm looking for a way to measure the uptime of a service we run. The tricky part for me is that we have downtime ...

by Explorer in

How to set max y-axis value to a number derived from a search?

I need to base the max y-axis value to the number created from a search . . . how do I do that? I looked at hidden se...

by Path Finder in

Regex for pattern match

Hello I need a regex expression to match the below patern in my abc.log Pattern details: , 2014-03-...

by Explorer in

How to edit my search to pull the first instance of an AnyConnect VPN connection for each start and end session?

I want to know if anyone can help me pull the first instance of a VPN Connection for each start and end session. Anyc...

by Path Finder in

show fields with no values in a timechart

Hello Expert, I'm showing a multilines graph using this search: sourcetype="mysource" thefield="x" or thefield=...

by Builder in

Hi, i want to colored my cell by red if the value are equal or less than 2 for the below table query for (Value_g)

index=vsdm_p host = vgmm13zw.internal.vodafone.com OR host = vgmm14zw.internal.vodafone.com source="Perfmon:FreeDiskS...

by New Member in

Timechart intervals starting NOT on the top of the hour

If you have created a timechart mapping, say, the number of unique users over time, Single Value will display the mos...

by Engager in

How to view a list of my most recent searches (search history)

This seems like it should be an easy question, but I haven't found the answer.... I ran a search recently and it h...

by Builder in

Where to find comparison between Splunk releases 6.2, 6.3, and 6.4?

Another release of Splunk is out today ...6.4.0 we are currently on 6.2 Can anyone help me with a table of compariso...

by Contributor in

Why do I not get the same results for (search status="200" OR "500") and (search status="500" OR "200")?

Hi I try Splunk myself after I've join in Splunk beginning Course and found this strange result. Is it bug or some...

by New Member in

How to add a unit with a value to a timechart?

Dear Experts, We are trying to add unit with a value to a timechart. My search is: index = xyz sourcetype = csv...

by Explorer in

How to detect when a server has stopped indexing logs in Splunk?

I need to know what server(s) has stopped ingesting logs OR for which server the logs are not ingesting into Splunk. ...

by New Member in

How to search keywords to identify in a field using regex?

How to match keywords to identify in a field using regex. Our requirement is to capture the keywords that are (Liq...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

How to add a fixed value into the stats count?

How do I use regex to extract URL parameter field names

How do you use the value of a field as a keyword search?

Is it possible to run a search with a cron expression inside the search?

How to edit my stats search to find the percentage of a range?

How to search average response times at a specific time?

How to create a drilldown to run a new search from clicking an item on a table?

How to show stats count grouped by two fields in a graph?

Detailed Index Status Report - Is there one?

How to edit my regex to extract this pattern from my sample data?

How to group results by count with high number of values

Measure service uptime when we have expected downtimes

How to set max y-axis value to a number derived from a search?

Regex for pattern match

How to edit my search to pull the first instance of an AnyConnect VPN connection for each start and end session?

show fields with no values in a timechart

Hi, i want to colored my cell by red if the value are equal or less than 2 for the below table query for (Value_g)

Timechart intervals starting NOT on the top of the hour

How to view a list of my most recent searches (search history)

Where to find comparison between Splunk releases 6.2, 6.3, and 6.4?

Why do I not get the same results for (search status="200" OR "500") and (search status="500" OR "200")?

How to add a unit with a value to a timechart?

How to detect when a server has stopped indexing logs in Splunk?

How to search keywords to identify in a field using regex?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions