Splunk Search

Discussions

Thread Info

How to parse a time duration of the format "4s", "9.1ms", etc.

The default duration output from go (golang) is to use a single float with one or two characters identifying the unit...

by New Member in

Why does a tstats search for an accelerated data model require allow_old_summaries=t (or: tstats has no results in some apps)

Experience Seen: in an ES environment (though not tied to ES), a | tstats search for an accelerated data model return...

by Splunk Employee in

How to write the regex to extract a field from XML data if the field is not completely XML?

Hi I have a field which I would like to extract a field from the XML being displayed. The only problem is the fie...

by Explorer in

Can anyone explain how this transaction search for average request execution works?

Can anyone please explain this search? It's for average request execution: index=main sourcetype=access_combined O...

by Builder in

How can I extract multiple email values from a single field in a CSV?

I have a CSV with a fields Recipient, Sender, File name..etc which is currently set to be monitored from a remote mac...

by Communicator in

How to make HTML table column width's adjustable?

I am using TableElement/TableView component in my HTML dashboard to render a table. My search results are showing up...

by Communicator in

Why are my nested subsearches failing?

Hello, I'm running into a problem where if I nest subsearches too far, I start to return no results. I'm unable t...

by Explorer in

Pie charts are not loading on dashboard

I have used javascript to display pie charts on dashboard. It works fine with other browsers on windows as well as ub...

by New Member in

How to get previous search results as a sub-search

Hi all, hope you can help me with this question. What I'm trying to do is, given the information Splunk keeps abou...

by New Member in

Can AND or OR be used in case statements in eval expressions?

Right now I have a search that contains c(eval(status<=400)) AS SUCCESS c(eval(status>400)) AS FAILURE. This works, p...

by Explorer in

Which of my two searches is more accurate for monitoring scheduled searches?

Hi to all, I'd like to know the difference between two kind of results that I get with 2 different searches: 1...

by Communicator in

Regular Expression to Extract Values From a Field

Hello Ninjas, Am having some trouble trying to figure out how to use regex to perform a simple action. So I hav...

by Explorer in

How do I edit my "eval field=substr..." syntax to remove part of a stacktrace after a certain string?

Hi I'm trying to create a dashboard where I count stacktraces in the logging. (the long term goal is to get rid o...

by Engager in

HTML Drop-down Search not populating

I have a KVstore and created a drop-down input filter. I can't seem to get it to filter my data. The drop-down lists ...

by New Member in

How to create drop-down search inputs in HTML to filter my data?

I want to have search inputs/drop downs that can filter out my data similar to this question: https://answers.splunk....

by New Member in

Is there a way to display a different name in a drop-down list, but use the original string value in the search using the chart replace function?

Hi I have a drop-down and Chart/List. The chart should show the event on the item selected from list. Is there...

by New Member in

streamstats to get last value with field clause

I'm using streamstats to get some values from the last event, but I need to do it where that last event has a propert...

by Path Finder in

Is my map search being parsed before variable substitution?

Having issues with the following: | map search="search index=summary search_name=\"$summary_search$\" $summary_sel...

by Path Finder in

Dedup consecutive values and count removed

Hello, I want to count consecutive events that have common values of multiple fields. I can do partially the stuff...

by Explorer in

Simple XML Dashboard: Is it possible to block a global search until it is completely finished?

Here is the situation: I've got a dashboard where the user can type in an IP address. I've got a global base searc...

by New Member in

How do I query a macro for it's definition?

I would like to query an app's macros and return the macro attributes such as the name and the definition. Can someon...

by Path Finder in

Convert SS:%3N format string to milliseconds

Hi, An application outputs a processingtime information in "SS:%3N" format (e.g. "3.241" = 3.241 seconds ) Is there a...

by New Member in

How to convert a working rex statement to a field extraction?

Sample data: 12/28/2015 11:39:14.113 -0600 collection="MSMQ Queue" object="MSMQ Queue" counter="Messages in Queue"...

by Communicator in

How do you use Splunk search to search for installed software on Windows server logs?

by Engager in

How to write a search to calculate the average and median for a field in my sample data and produce a time chart?

Hi Team, Am using Splunk for the first time. I need to calculate the average and Median for the field rate which i...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to parse a time duration of the format "4s", "9.1ms", etc.

Why does a tstats search for an accelerated data model require allow_old_summaries=t (or: tstats has no results in some apps)

How to write the regex to extract a field from XML data if the field is not completely XML?

Can anyone explain how this transaction search for average request execution works?

How can I extract multiple email values from a single field in a CSV?

How to make HTML table column width's adjustable?

Why are my nested subsearches failing?

Pie charts are not loading on dashboard

How to get previous search results as a sub-search

Can AND or OR be used in case statements in eval expressions?

Which of my two searches is more accurate for monitoring scheduled searches?

Regular Expression to Extract Values From a Field

How do I edit my "eval field=substr..." syntax to remove part of a stacktrace after a certain string?

HTML Drop-down Search not populating

How to create drop-down search inputs in HTML to filter my data?

Is there a way to display a different name in a drop-down list, but use the original string value in the search using the chart replace function?

streamstats to get last value with field clause

Is my map search being parsed before variable substitution?

Dedup consecutive values and count removed

Simple XML Dashboard: Is it possible to block a global search until it is completely finished?

How do I query a macro for it's definition?

Convert SS:%3N format string to milliseconds

How to convert a working rex statement to a field extraction?

How do you use Splunk search to search for installed software on Windows server logs?

How to write a search to calculate the average and median for a field in my sample data and produce a time chart?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions