Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
markgandolfo

How do I create a timechart by month, but starting with the 15th day of the month? (15th - 14th)

Hi, I'm trying to timechart by month, but starting at the 15th of the month. I've looked for "offsets", but I can't...
by markgandolfo Engager in Splunk Search 02-01-2016
1 3
1
3
gpant

Can we save the search result in SPLUNK SERVER?

I have a command on splunk server i.e.. " /splunk search ' .. | stats dc(f_name)' -uri " I have save the result of ...
by gpant Explorer in Splunk Search 02-01-2016
0 8
0
8
a212830

How would I examine a field and set another field based upon that value?

Hi, I have some hosts that follow naming conventions and I want to create and set another field based upon those nam...
by a212830 Champion in Splunk Search 01-31-2016
1 7
1
7
zineer

How do I edit my search to create a timechart with the mean per day for the top 5 pages in the last 7 days?

I'm sure this is probably easier than I'm making it, but I can't quite get what I want. In our hit logs we track for...
by zineer New Member in Splunk Search 01-31-2016
0 8
0
8
CYBR_AH

How to search ASA Built/Allowed events and the following Teardown event with the same source and destination IP?

Hi everyone, I'm trying to think of a way where I can find a built/allowed ASA event and the following teardown even...
by CYBR_AH Explorer in Splunk Search 01-31-2016
0 1
0
1
Phil219

How do I use a csv to identify search terms and correlate events with metadata?

I have an index of log data I am trying to search. I have a seperate csv file containing a list of about 40 search...
by Phil219 Path Finder in Splunk Search 01-29-2016
0 11
0
11
MartinMcNutt

Why is the search-time extraction being skipped for the first key-value pair within a particular field?

Looking for advice/suggestions to the following. I created a powershell function that makes getting data inside Splun...
by MartinMcNutt Communicator in Splunk Search 01-29-2016
0 1
0
1
splunkyouverymu

How to find outliers relative to a group average?

I have been working on this the last few days, but I am having trouble figuring it out. I'm looking for some pointer...
by splunkyouverymu Explorer in Splunk Search 01-29-2016
1 1
1
1
markgandolfo

How do I edit my search to divide an amount by 100 per month and display this in a timechart?

Hi, I'm trying to group all payments "amount" by month. The challenge is they're in cents, and I would prefer dolla...
by markgandolfo Engager in Splunk Search 01-29-2016
0 2
0
2
ttchorz

How to compare two fields from two indexes and display data when there is a match?

Hi, I want to compare two fields from two indexes and display data when there is a match. indexA contains fields p...
by ttchorz Path Finder in Splunk Search 01-29-2016
0 1
0
1
athorat

"Count Over" Statement not working

Hi , I am using two queries and then want to use the status from the first query and the DP_Time from the second quer...
by athorat Communicator in Splunk Search 01-29-2016
0 4
0
4
packet_hunter

What is the best way to concatenate multiple separate field values into a combined new field?

Scenario background : I am searching email logs for all senders and recipients of specific subject. Each email is a ...
by packet_hunter Contributor in Splunk Search 01-29-2016
0 4
0
4
AmitKrJash

How to include the count of unique error strings and the count of each error string in my alert email/PDF?

Hi, I have created a Splunk alert where it is taking the error strings from the log files and grouping the similar s...
by AmitKrJash Explorer in Splunk Search 01-29-2016
1 1
1
1
govindparashar1

How do I append new columns for different search results?

I wants to append multiple search results in separate columns. The following searches are fetched from different sour...
by govindparashar1 New Member in Splunk Search 01-29-2016
0 2
0
2
Kukkadapu

How to extract this field which may have multiple values separated by pipes? (offerId="ABC_79|ABC_80|ABC_81|ABC_56" or offerId="ABC_79")

Hi, Can you help me with the search to extract the following? The offerId may come in the log as offerId="ABC_79|AB...
by Kukkadapu Path Finder in Splunk Search 01-29-2016
0 2
0
2
szabados

How to build a datamodel like this ?

My data consists of pairs of files, lets call them file_A_1...file_A_n, and file_B_1...file_B_n, where file_A_1 is co...
by szabados Communicator in Splunk Search 01-29-2016
0 2
0
2
IRHM73

Join Search Hitting Row Limit - Stats Alternative

HI, I wonder whether someone may be able to help me please. I'm trying to put together a query which looks for two s...
by IRHM73 Motivator in Splunk Search 01-29-2016
0 29
0
29
wfrankl2

Can I get field extraction for XML data that is a data field in a JSON event?

I have event data coming into Splunk as JSON, that's all fine and works great, but one of the fields they are going t...
by wfrankl2 Explorer in Splunk Search 01-29-2016
0 4
0
4
rameshlpatel

splunk chart issue

Hi , In splunk, I am trying to create chart for each day (24 hrs) with span of every minute. e.g. index="monitor" s...
by rameshlpatel Communicator in Splunk Search 01-29-2016
0 2
0
2
rishiaggarwal

Help Needed with Regular Expression

Hi All, i am newbie to splunk platform and seeking some help in writing a regular expression to pull a "" value fro...
by rishiaggarwal Explorer in Splunk Search 01-29-2016
0 6
0
6
umplebyj

How to edit my search to identify blocked network traffic and top the worst offenders?

Hello, I am trying to identify worst offenders for blocked traffic and then identify all of the locations they are g...
by umplebyj Explorer in Splunk Search 01-29-2016
0 3
0
3
Mitchellsch

How do I search the network data model to track certain ports?

I'm very new to searching data models in Splunk and I want to search within my network data model to monitor certain ...
by Mitchellsch Explorer in Splunk Search 01-29-2016
0 1
0
1
dikaye

How to count a specified keyword?

I have some syslog string like that: Jan 29 14:26:12 10.9.8.10 Jan 29 14:06:32 C420-PLOI91903V0YL fault-engined: %CI...
by dikaye Path Finder in Splunk Search 01-28-2016
0 1
0
1
bhicks32

How to use substr to extract the first character of a string and keep all characters up until the first space character?

I have a string nadcwppcxicc01x CPU Usage has exceeded the threshold for 30 minutes &I where I would like to create a...
by bhicks32 Explorer in Splunk Search 01-28-2016
0 1
0
1
a212830

Splunk DB Connect 1: Do Splunk dbquery jobs count against search limits?

Hi, I have customers using dbquery to augment Splunk dashboards (not joining the data, but presenting the data in an...
by a212830 Champion in Splunk Search 01-28-2016
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...