Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
x2xj

How do I add the results from Search2 (last 5 minutes) to Search1 (last 30 days) with respect to differences in time ranges?

Hi there, I have two searches that work great independently, however, I now have a need to combine them both. The ...
by x2xj New Member in Splunk Search 02-16-2016
0 1
0
1
tgiles

Opinions on Index Optimization

Hi, all. I'm trying to fix some optimization issues I'm having with Splunk indexes and wanted some input on a propos...
by tgiles Path Finder in Splunk Search 02-16-2016
0 4
0
4
raby1996

How to append the results of one search to another?

Hello, I'm using the search below to collect errors that have occurred on specific machines, however, I need to use ...
by raby1996 Path Finder in Splunk Search 02-16-2016
0 5
0
5
dj_madeira_opow

How do I join a transaction search with a transaction subsearch?

I am attempting to find out the elapsed time between two log statements as a percentage of the duration of the full r...
by dj_madeira_opow New Member in Splunk Search 02-16-2016
0 1
0
1
acirulli

Generate alert when 2 consecutive events occurred for each server

I have several servers sending me log. For each log I have a field called X if X=100 for two consecutive times I hav...
by acirulli Engager in Splunk Search 02-16-2016
0 8
0
8
splunker9999

Search for Server Uptime for last 24hrs

Hi , We are looking for a search for server uptime and downtime. Server is up from last 20days, and results will be...
by splunker9999 Path Finder in Splunk Search 02-16-2016
0 9
0
9
Kukkadapu

How to write a search to find stats for a specific time range based on the day of the week?

Hi, How do I get the stats for the last week/month for different time frames based on the day of the week? Monday ...
by Kukkadapu Path Finder in Splunk Search 02-16-2016
0 4
0
4
stevepraz

After adding two new indexers as search peers to my existing search head, why is my search not returning results from an index on these instances?

I have an environment that has two indexers. I recently added an additional two indexers and added them as search pe...
by stevepraz Path Finder in Splunk Search 02-16-2016
0 8
0
8
renems

How to extract fields from a CSV file that has commas in the fields?

Hi There! I have an issue with a field extraction. I have a Windows CSV file, that has several fields that have comm...
by renems Communicator in Splunk Search 02-16-2016
0 10
0
10
packet_hunter

How to rex the root domain and parse the .TLD from email sender logs?

Scenario: I am trying to list all incoming sender domains and tlds. For example, sender@blah.domain.tld, looking fo...
by packet_hunter Contributor in Splunk Search 02-16-2016
0 6
0
6
rwiley

How to create a text search box where the characters (password) cannot be seen?

I would like to create a text search so a user can look for his or her own stats. There will be a drop-down with the ...
by rwiley Explorer in Splunk Search 02-16-2016
0 1
0
1
vrmandadi

How do I calculate the average response time for the date/time field in my sample data?

I am trying to calculate the average response time for the below field ENDPOINT_LOG{}.EML_RESPONSE_TIME: 2016-01-...
by vrmandadi Builder in Splunk Search 02-16-2016
0 9
0
9
chrisboy68

After calculations in a search, why am I unable to display results using the table command?

Hi, This search below is working great.... index=logs AND (sourcetype=eMetrics) | JOIN type=outer OrderNumber [ s...
by chrisboy68 Contributor in Splunk Search 02-16-2016
0 5
0
5
klsio

How can I condense this search?

I have this search | eval max = round(max, 2) | eval avg = round(avg, 2) | eval median = round(median,2) | eval min ...
by klsio Explorer in Splunk Search 02-16-2016
0 2
0
2
tkomatsubara_sp

geostats コマンドをつかって地図上に表示する際、より細かく地図上に表示したいときはどうすればいいのでしょう?

緯度や軽度の情報を数多く含んだデータがあるのですが、これらを地図上に細かくマップしたいです。 geostats count などとすると、大きな丸が地図に点々と表示されるのですが、これだと荒すぎてこまっています。 なにかいい方法はない...
by tkomatsubara_sp Splunk Employee Splunk Employee in Splunk Search 02-16-2016
0 1
0
1
johnraftery

How to create a button on the dashboard to control when a search is executed?

Hi, I have a search in my dashboard that is quiet expensive - it can take over a minute to complete. The result is ...
by johnraftery Communicator in Splunk Search 02-16-2016
0 9
0
9
Stevelim

What is the best way to add a set of values in a table, subtract another set of values, then append the result back to the table?

I have the following situation: some commands | table Type, Value which results in: Type, Value A, 5 B, 5 C, 1 D, ...
by Stevelim Communicator in Splunk Search 02-16-2016
1 4
1
4
daniel333

How do I edit my "rex mode=sed" search to extract this field?

Just playing with rex sed a bit here. I had load balancer log which pops out the data center name. Just thought I wou...
by daniel333 Builder in Splunk Search 02-16-2016
0 3
0
3
tkomatsubara_sp

マップ(map) で、OpenStreetMap はインターネット接続なしでも使えるのでしょうか?

OpenStreetMapとSplunkタイルは、インターネット接続なしでも 使用できると考えておりますが、正しいでしょうか? プロキシが必要な環境で、プロキシの設定を行わずにOpenStreetMapを使用した結果、地図が正常に表示...
by tkomatsubara_sp Splunk Employee Splunk Employee in Splunk Search 02-16-2016
0 4
0
4
rhaarmann

How to extract fields from a log that is comma delimited?

Ok, complex extraction. I have a log that is comma delimited, but they have key,value,key,value,key,value, etc. It's ...
by rhaarmann Engager in Splunk Search 02-15-2016
0 2
0
2
Beaker77

Why is Splunk Cloud not SOC2 compliant for indexing under 50GB/day?

Hi Splunkers  We're looking at Splunk Cloud as a possible solution in our environment, but compliance across variou...
by Beaker77 Explorer in Splunk Search 02-15-2016
0 2
0
2
cwwirth

Using linemerge to merge events

Here's the scenario. I have a log file in Windows that looks like this: c:\Program Files\server-program>server-comma...
by cwwirth Explorer in Splunk Search 02-15-2016
0 1
0
1
dbray_sd

How To Change Fix Field Value

We are pulling in mysql_query events from a freeradius server however one of the field values has an or "|" in it, so...
by dbray_sd Path Finder in Splunk Search 02-15-2016
0 3
0
3
crhodes

After connecting to a windows domain, Splunk displays wrong username

I've looked around but haven't found the exact same issue I am having. I need to figure out how to fix the following...
by crhodes Explorer in Splunk Search 02-15-2016
1 9
1
9
hastrike

where field 1 or field 2 equals False

I have two fields in a query where they either equal True or False and I want to find all the results where these two...
by hastrike New Member in Splunk Search 02-15-2016
0 6
0
6
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...