Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
horsefez

For multiple, but different field extractions on the same event source, what extraction definition takes precedence?

Hi fellow Splunkers! I'm curious to know what field extraction takes precedence if a field extraction is defined by ...
by horsefez Motivator in Splunk Search 02-04-2016
0 2
0
2
Alexwii

How do I prevent milliseconds from displaying in the _time field in search results?

Hello everyone ! I would like my search results to not display milliseconds in the _time field in the Search app, be...
by Alexwii New Member in Splunk Search 02-04-2016
0 5
0
5
splunker9999

How can I write a search that shows up and down status in bar graph for past 30 days by server?

Hi, we need to create a dashboard which shows up and down status in bar graph for past 30 days by server we are no...
by splunker9999 Path Finder in Splunk Search 02-03-2016
0 4
0
4
mbintz

How do you order stats by multiple hierarchical fields

There are similar questions to this, but none are quite the same so I apologize for the overlap. Suppose I have a se...
by mbintz Explorer in Splunk Search 02-03-2016
0 2
0
2
kwanx

How to hardcode a field rename

Hello - didn't see this discussed elsewhere. I have an SNMP based source type who is interpreting the fields as unfr...
by kwanx Explorer in Splunk Search 02-03-2016
0 3
0
3
prakash007

Why is rename not working with stats or chart?

I'm not able to rename file names to display in a pie chart...any help would be appreciated... I tried both ways.. ...
by prakash007 Builder in Splunk Search 02-03-2016
1 2
1
2
gwalford

How to allow users to view some search results from an index in a dashboard, without allowing them to search the index?

There is a lot of useful detail in the index=wineventlog. I would like to be able to allow my front tier service desk...
by gwalford Path Finder in Splunk Search 02-03-2016
0 1
0
1
gandusarath

How to edit my search to find the difference between Downtime and Uptime, and also find percentage down time?

Hi, 1.We need to find difference between Downtime and Uptime: In the below example it went down at 18:06:02.299 and ...
by gandusarath Engager in Splunk Search 02-03-2016
0 1
0
1
rewritex

How to search all indexes except for a particular few?

Is there a way to search in all indexes except for a couple? An example is I have about 100 index but don't want to ...
by rewritex Contributor in Splunk Search 02-03-2016
0 3
0
3
jhoang

How to re-arrange a bar chart

Hi, I would like to sort my bar chart's by the following sequence, (Intensive, Intermediate, Minimal, Moderate). How...
by jhoang Path Finder in Splunk Search 02-03-2016
0 9
0
9
elmiko

How can I use a search results table to power another search per line?

I have a search that returns a table like this: IPAddress1 StartDate1 EndDate1 IPAddress2 StartDate2 EndDate2 IP...
by elmiko Explorer in Splunk Search 02-03-2016
0 3
0
3
kseidenschnur_s

What alternatives can I use for my search instead of a subsearch to avoid performance issues?

Hi, I am facing a subsearch performance problem. My goal is to have Bluecoat events filtered only to specific IP's c...
by kseidenschnur_s Splunk Employee Splunk Employee in Splunk Search 02-03-2016
1 8
1
8
tp92222

How do I search and compare fields from two different CSV files?

I have two CSV files: dummy1 dummy2 dummy1 contains server ip apps running 10.1.1.1 Firefox, oracle, skypee ...
by tp92222 Explorer in Splunk Search 02-03-2016
0 3
0
3
sunnyparmar

How do I edit my search to find the difference between two fields?

Hi, I have a search given below. All is working fine, but in last I want to sort out difference between total-acknow...
by sunnyparmar Communicator in Splunk Search 02-03-2016
0 16
0
16
krishna81m

how do I use regular expression search results from one index search and use it in another?

How do I use regular expression search results from one index search and use it in another? The following does not wo...
by krishna81m Engager in Splunk Search 02-02-2016
0 4
0
4
cwilmoth

How to calculate total duration for overlapping transactions

I have been trolling the community and have found a lot of information regarding usage of transactions, however I am ...
by cwilmoth Path Finder in Splunk Search 02-02-2016
1 4
1
4
daniel333

How are underscores in logs treated by Splunk?

All, Can you explain how the underscore is treated by Splunk? I see they are dropped at search times. I am seeing...
by daniel333 Builder in Splunk Search 02-02-2016
0 4
0
4
bworrellZP

How to dedup with multiple criteria?

Hello, Previously I had a dashboard that was giving out C level some data, where I was deduping based on the SQL Rec...
by bworrellZP Communicator in Splunk Search 02-02-2016
0 2
0
2
phspec

How can I clean up my Splunk search?

How do I clean up the following Splunk search? index=firewall Destination_Port!=80 Destination_Port!=443 Destination...
by phspec Explorer in Splunk Search 02-02-2016
0 7
0
7
karthik40us

Conditional searching using eval command

All, I have the search below which is using eval and IF statement. I only want one of the search conditions to exec...
by karthik40us Explorer in Splunk Search 02-02-2016
0 10
0
10
_dave_b

Fields that were once extracted aren't being extracted anymore... why?

Hey there, I made an app. It worked good and extracted data exactly the way I wanted it to. I am now trying to dupl...
by _dave_b Communicator in Splunk Search 02-02-2016
1 17
1
17
adamschmitz

How do I extract these 3 separate fields from Retina syslog output?

I'm trying to extract the below syslog messages from Retina network scanner into 3 separate fields. Each time I star...
by adamschmitz Path Finder in Splunk Search 02-02-2016
0 3
0
3
Makinde

How do I run a stats search to display a count and other fields by another field?

How can I run the stats command to generate a count and display the count and other fields by another field. i.e How...
by Makinde New Member in Splunk Search 02-02-2016
0 4
0
4
jhoang

How do I edit my search to calculate Ticket Resolution Time?

Hi, So currently I am pulling a report with all tickets that have been created this year. For the Ticket Resolution ...
by jhoang Path Finder in Splunk Search 02-02-2016
0 16
0
16
hartfoml

How to find the average time difference between eventTime and recordTime in IDS?

In IDS, I have an eventTime and a recordTime. The recordTime is the timestamp that Splunk uses to record the events. ...
by hartfoml Motivator in Splunk Search 02-02-2016
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...