Splunk Search

Ask a Question

Discussions

Thread Info

Detecting Simultaneous Sessions

I have an inhouse written app that outputs an audit log in the form of: DateTime,Username,Activity,SessionID So...

by Engager in

automatic lookups

Hi, I configured a lookup that works fine, if I explicitly use the lookup statement in my search, but I want the f...

by Champion in

Streamed search execute failed because: Error in 'surrounding': Too many events (> 10000) in a single second.

Even though I have overwritten what I believe is this limit in limits.conf, btool is showing, [show_source] max_co...

by Builder in

How do I rename fields in my Splunk search result set?

index=xxx earliest=-7d@d latest=@d ( sourcetype="FirstSourceType" ResponsePayLoad="*xxx*" ActivityStep="rs" (Response...

by Engager in

Splunk DB Connect 1: How to use "timechart avg()" in a dbquery search?

This search works fine: "DBOMA" "SELECT "Time" , "Virtual_Machine" , "ready" FROM DBSTDBO.CPUBYVM where "Virtual_M...

by Path Finder in

Help with trimming characters

Hi, Having some issues here. I have the following values in a field named populace The values are encased in a < ...

by Communicator in

Why am I getting inconsistent search results?

I have configured Kepware IDF for Splunk and am ingesting data over TCP:51112. The source_type I have set ('opc') is ...

by Explorer in

How do I add fields to output from predict

I need to locate and alert on counts that are not within predicted bounds. It seems simple enough using predict, but ...

by Explorer in

Is it possible to search cold bucket data only for a given index?

Hello, I modified my cold bucket location, and I want to perform some test queries for data residing in cold buckets ...

by Path Finder in

Time and Date in two different places within my events

Here is part of what my events that are in xml format look like: Blockquote``_id="1767282" _uuid="0D981036-9B...

by Splunk Employee in

Creating new fields and setting values for fields retrieved on search.

I put the key value pairs of the log message into the content body whenever i create new events throught the splunk's...

by Communicator in

How to put a function on the lookup field from a lookup table?

Hi, My event results have a field "name" and it has lower case values (e.g. 'mike_lee'). But in my lookup table, ...

by Path Finder in

How to easily replace a character in a token value ?

Hello, I have a token "user" representing the name of a user. This name can contain "(" or ")". When I am using th...

by Contributor in

Subtracting value if another field value matches

Hi all, Im running two searches one returns a number called "difference" and a field called "code2", the other sea...

by Path Finder in

Help grouping results best command to use

I'm pretty new to Splunk and trying to wrap my head around how to pull data out of Splunk and display it. I have a se...

by New Member in

How can I create a report giving a number of counts per categories per week ?

I am struggling to create a report that would give number of counts per categories per week. Something that could be ...

by New Member in

Accessing fields from specific events in a transaction

I have logs which contain a value, time_taken. I want to work out the latency of entire transactions by summing the t...

by Path Finder in

Why is my search not pulling all results from a log in JSON format?

I need some help writing a search that can do the following things: The log file below needs to be interrogated an...

by Engager in

How to access Date Partitioned files in HDFS dynamically using virtual index

Hi, I have hdfs folders as below. /bla/bla/bla/20160121 /bla/bla/bla/20160122 /bla/bla/bla/20160123 How to...

by Explorer in

Using eval for a search. Drilldown XML ignores my lookup link and just re-uses the original search query, but with it narrowed down to the cell selection?

Sorry for the mouthful in the title. I'm using a drilldown in the XML for a component in a dashboard which worked ...

by Explorer in

useage of query result

hello , i am new to splunk and i have a bit of a problem with using the results from the query, <condition match="...

by New Member in

Field Extraction question - Capturing GUID

I'm still quite new to Splunk so my wording may be a little off. I am running into an issue when trying to create a f...

by Contributor in

Search for user day 1 retention

I'm taking a shot at providing metrics on day 1 retention numbers of users in our system (Create a profile and the ne...

by Explorer in

How to create a data model from a subset of all transactions?

Hi, I'm using splunk to provide some insights into our caching performance. Across the entire set, I can easily do...

by New Member in

Finding time between two events.

Using transaction I have grouped together events for same users. There are two types of event. 1. Send SMS to user. 2...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Detecting Simultaneous Sessions

automatic lookups

Streamed search execute failed because: Error in 'surrounding': Too many events (> 10000) in a single second.

How do I rename fields in my Splunk search result set?

Splunk DB Connect 1: How to use "timechart avg()" in a dbquery search?

Help with trimming characters

Why am I getting inconsistent search results?

How do I add fields to output from predict

Is it possible to search cold bucket data only for a given index?

Time and Date in two different places within my events

Creating new fields and setting values for fields retrieved on search.

How to put a function on the lookup field from a lookup table?

How to easily replace a character in a token value ?

Subtracting value if another field value matches

Help grouping results best command to use

How can I create a report giving a number of counts per categories per week ?

Accessing fields from specific events in a transaction

Why is my search not pulling all results from a log in JSON format?

How to access Date Partitioned files in HDFS dynamically using virtual index

Using eval for a search. Drilldown XML ignores my lookup link and just re-uses the original search query, but with it narrowed down to the cell selection?

useage of query result

Field Extraction question - Capturing GUID

Search for user day 1 retention

How to create a data model from a subset of all transactions?

Finding time between two events.

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions