Splunk Search

Discussions

Thread Info

where field 1 or field 2 equals False

I have two fields in a query where they either equal True or False and I want to find all the results where these two...

by New Member in

Average number of fields in an event

We use splunk to index beacons our application sends in, many of these fields are optional, and we'd like to calculat...

by Path Finder in

regex help

I have following as raw events Message=Total db time 272 seconds Message=Total db time 2,272 seconds Message=Tota...

by Path Finder in

How do I extract fields from my CSV file to graph response times?

I'm trying to transform the current CSV file output we are getting from an APM into Splunk to graph response times. W...

by Contributor in

How do I make my standard deviation search an alert, and will standard deviation be affected by how far back I search?

I don't want information about Prelert Anomaly Detection...I've already asked about purchasing that app, but I still ...

by New Member in

Stats per hour?

So, I was looking at this: https://answers.splunk.com/answers/205556/how-to-set-up-an-alert-if-the-same-error-occurs-...

by Communicator in

Renaming column names(field value) in a search result

We have a test index which captures all the response times of different transactions by version I wrote a search t...

by New Member in

Need help on rex

Hi Team, Need help to extract fields for the following. Please help rex for the below. 'ConnID' '0072027...

by Explorer in

Calculation multiple events for actual duration for each event and average duration for all users

Hi All, I am working on WIFI data, within the dataset, there are the following values 1. MAC_address 2. Associatio...

by New Member in

Why is my license usage search by app not showing information for all apps in my environment?

Hi, I have a search mentioned below to see license usage per app, but the issue I am facing is, if I run the searc...

by Communicator in

How to display the results of my transaction search in a table?

Hi Everyone, I'm having an issue displaying transaction data in Table. The end result should look like this: No...

by Explorer in

How do I edit my search to include an app in a list that is using source=metrics.log?

Hi, All my apps are indexing their data _internal index and using source=license_usage.log, but one of my apps is ...

by Communicator in

How to search the average of one field by values of another field, then chart them side by side?

I am very new to Splunk and trying to learn manipulation like I would in Excel. My current task is to get an average ...

by Engager in

How to configure regex in transforms.conf to extract values for a field?

Hello, I am attempting to figure out a regex for a transforms.conf for a field named Call Reason Example data l...

by Communicator in

Select all values from downdown list

I have populated drop down input list in my dashboard and I am able to select all my options but everything I have tr...

by New Member in

Why do one of my sourcetypes have a time field and others have a _time field?

Hi, I have two different sourcetypes, and I noticed that one of them always has a "time" field, and another has a ...

by Champion in

help with field extraction

Hi, I have a field extraction that I'm hoping someone can help me with. Here's the example: 2016-02-08T12:17...

by Champion in

How do I fill nulls in time series data without using timechart?

I have time series data that I want to bucket into 15 minute chunks with corresponding counts like so.... mysearch...

by Builder in

how to apply xmlkv for result of other query

Hi, I have huge xml and i have written a query to break the xml. Let me explain with small example ( though i am ...

by Explorer in

between earliest=beginning of the previous day (00:00:00) latest=end of previous day (23:59:59)

I need a way to programatically calculate the beginning of the previous day and the end of he previous day. Any h...

by Path Finder in

Is date_wday reliable to search on?

When I run two queries which differ from a wday filtering: Query1= "Query1" Query2= "Query1" date_wday!=Saturday ...

by Communicator in

How to edit my timechart search to alert when the number of events has dropped by over 80%?

HI At the moment I am running a search on a some log files, and looking to trigger an alert when the number of ev...

by Path Finder in

How to search Windows server logs if there are EventCodes 4634 and 4624 for the same Logon_ID within a 10 second time window?

Hello, I'm quite new to Splunk and am trying the following: In Windows Server Logs, I'm trying to evaluate if t...

by New Member in

How to get the dates which are not present in output for every ID?

Hi, I have ID and dates in my output. (consider this is the data from 02-07-2016 to 02-10-2016) e.g ID Ingestion_D...

by New Member in

How do I extract part of my sample log file?

Hi Team, From the below portion of the log file, I want to display only the Elapsed Time: 01:05:22.0348974. Can yo...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

where field 1 or field 2 equals False

Average number of fields in an event

regex help

How do I extract fields from my CSV file to graph response times?

How do I make my standard deviation search an alert, and will standard deviation be affected by how far back I search?

Stats per hour?

Renaming column names(field value) in a search result

Need help on rex

Calculation multiple events for actual duration for each event and average duration for all users

Why is my license usage search by app not showing information for all apps in my environment?

How to display the results of my transaction search in a table?

How do I edit my search to include an app in a list that is using source=metrics.log?

How to search the average of one field by values of another field, then chart them side by side?

How to configure regex in transforms.conf to extract values for a field?

Select all values from downdown list

Why do one of my sourcetypes have a time field and others have a _time field?

help with field extraction

How do I fill nulls in time series data without using timechart?

how to apply xmlkv for result of other query

between earliest=beginning of the previous day (00:00:00) latest=end of previous day (23:59:59)

Is date_wday reliable to search on?

How to edit my timechart search to alert when the number of events has dropped by over 80%?

How to search Windows server logs if there are EventCodes 4634 and 4624 for the same Logon_ID within a 10 second time window?

How to get the dates which are not present in output for every ID?

How do I extract part of my sample log file?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions