Splunk Search

Discussions

Thread Info

How to compare day to same day for N weeks?

I got a question where someone is looking for the hits to a page, but only on Fridays between 6PM and 2 AM the follow...

by Explorer in

Why are all Pages are not displaying in search result?

Hello, When i getting results while doing search query, the complete pages doesn't display. For example, I searche...

by Loves-to-Learn Lots in

How to do column sorting in descending order after timechart?

Hello splunkers, i have a simple timechart query for avg USED_SPACE of disks for last 4 days index=abc sourect...

by Builder in

Splunk collect command

We have an index, say 'index1' that has log retention upto 7 days. As the log volume is huge, we dont want to retain ...

by Path Finder in

How to add two Splunk queries output in Single Panel

Hi All, I am trying to pass a token link to another dashboard panel. My requirement is when I pass Windows Server T...

by Explorer in

How to do One field extraction for similar sourcetypes?

Hello to everyone. After reading the post linked down below, I tried to use the same approach for sourcetypes from...

by Contributor in

How to create Splunk Map display result and link to another dashboard?

Hi Everyone When I click on an area on the map, link to another dashboard, how to setting ? such as the pictur...

by Explorer in

How to discover fields that have the same values?

I have sourcetype=apple and sourcetype=orange. They are both network related sourcetypes. Is there an automated way o...

by Explorer in

using addcoltotals

Can you leverage the total derived using the addcoltotals command to support other calculations? i.e. can you use it ...

by Explorer in

How to Retrieve Matched Events in Splunk Without Waiting for Search Completion?

Hello Splunk Community, I'm encountering an issue with my search queries in Splunk that I hope someone can help me ...

by New Member in

How to add a variable from a lookup table to filter results?

I am trying to do a tstats command to get the last logged time a server has sent logs. My server list i want in the ...

by New Member in

How to convert time duration in minutes?

I want convert minutes like (1.78,1.80,1.84,1.95) to (1h:44m,1h.55m,1h.44m,1h.58m) for example we have 1 hour 95 m...

by Explorer in

How to create Splunk lookup query?

I have a lookup test_lookup with 2 fields a1 and b1. The field a1 is common with the fields in the raw data.the value...

by Communicator in

How to extract the below mentioned fields from the raw date to interesting fields to apt the efficient query

Hi Team, I was trying to find out the workstations clock out of sync logs in splunk by using the below query. but I...

by New Member in

How to extract and rename field from JSON

I have an index, where each event is a JSON object, the structure is as follows: { "otherFields": ...

by Explorer in

Why is multiple OR not working as expected with AND clause in search query?

Hi Everyone,I have a requirement to implement a search query where I have 3 unique values and one common value3 uniqu...

by Engager in

How to create Alert query when date in field is less that 30days?

Hi Team, I am setting up an alert on Splunk where my data is in below format. I am writing a query where it retur...

by Explorer in

How to flatten xyseries results multiple columns?

Trying to do a cross-reference multi-search that gathers specific result counts for two outputs (column1 & column2). ...

by Explorer in

How to create alert on if log message does not appear?

Hi, I have a splunk source which does have data ingestion from multiple servers, i want to setup an alert on that ...

by Explorer in

Splunk event combine: How to get data of one timestamp in a single event?

Hello Splunkers!! I have used DB connect to fetch the data from oracle database table and after ingesting the data...

by Motivator in

How to subsearch with JOIN with multiples fields?

I'm trying to build a search that returns the changes that were made to the GPO. For this, I have my main search t...

by New Member in

mstats and eval - How to get free memory in GB instead of bytes?

Hi I have following query to show a graph of the free memory on the server. This working nicely. However, the n...

by Explorer in

How to search the event log based on a parameter value from another search from the same event log?

We would like to have the search results based on the following criteria. We have records in the event log with the f...

by New Member in

How to find the delta, what values are missing in lookup table comparing the actual data?

Hi, I am facing issues to find delta. I have: Lookup Table: testpolicies.csv Field names in Lookup: policynam...

by Path Finder in

How to combine Eventtype Search and lookup data into one table?

Hi Everyone,I have an search query and a lookup.Search query gives some filenames and their time of creation and in m...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare day to same day for N weeks?

Why are all Pages are not displaying in search result?

How to do column sorting in descending order after timechart?

Splunk collect command

How to add two Splunk queries output in Single Panel

How to do One field extraction for similar sourcetypes?

How to create Splunk Map display result and link to another dashboard?

How to discover fields that have the same values?

using addcoltotals

How to Retrieve Matched Events in Splunk Without Waiting for Search Completion?

How to add a variable from a lookup table to filter results?

How to convert time duration in minutes?

How to create Splunk lookup query?

How to extract the below mentioned fields from the raw date to interesting fields to apt the efficient query

How to extract and rename field from JSON

Why is multiple OR not working as expected with AND clause in search query?

How to create Alert query when date in field is less that 30days?

How to flatten xyseries results multiple columns?

How to create alert on if log message does not appear?

Splunk event combine: How to get data of one timestamp in a single event?

How to subsearch with JOIN with multiples fields?

mstats and eval - How to get free memory in GB instead of bytes?

How to search the event log based on a parameter value from another search from the same event log?

How to find the delta, what values are missing in lookup table comparing the actual data?

How to combine Eventtype Search and lookup data into one table?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions