Splunk Search

Discussions

Thread Info

How to edit my search to calculate the time difference between two events?

Hello Splunk'all, I am trying to derive a simple chart from the data I got here within a Splunk Index. The data co...

by Explorer in

Splunk search stuck

Since upgrade from version 6.3.2 to 6.4, we are getting this problem. Search stuck at point of time and doesn't progr...

by New Member in

Capture the peak points in a table

I have a great search that someone here helped me with the other day. It will take all the peak numbers in a search a...

by Path Finder in

Subsearch using boolean logic

Hello, I am looking for a search query that can also be used as a dashboard. The query has to search two different s...

by Path Finder in

How to transform a field into a time format?

I extracted deployment time from events and it's currently in this format 0:04.645 and 1:30.123 and is in terms of Mi...

by SplunkTrust in

How to alert based off the last reported number in a stats count

How to alert based off the last reported number in a time chart. I want to alert based on a comparison of the last tw...

by Contributor in

How can we edit our search to visualize results on a pie chart?

Hi, We have the search below and are looking to view results in pie chart format. We are facing difficulties to vi...

by Path Finder in

How to i get the average maximum number of a field

Hi All, I just involved in SPLUNK project development and i have lilmited knowledge in how to get splunk search wo...

by New Member in

How to get an "eval if else" condition to continue a search depending on the resulting field?

Hello, I would like to know if it's possible to do certain part of search with if statement on a field. For exa...

by Explorer in

How to change the default time range in search?

I have below data LOG_DATE MSG_RECV_DATE 20160809 20160809 20160809 20160809 20160809 20160809 20160810 2016080...

by New Member in

Extracting field

I tried to extract a particular field from my input data , for ex: src_ip However, those fields are not showing on th...

by Path Finder in

How to stop the rounding of latitude and longitude

I have these set of codes, Mapping Test Mapping <map> <title>Map</title> <search> <query> source=...

by New Member in

I'm trying to perform a subsearch on lookup table and extract two fields using a or statement

Hi I'm trying to perform a subsearch to get a list of users in a lookup table and map the mail field to recipients an...

by Explorer in

How to replace the similar uri_paths in a Splunk search to calculate the response time for each endpoint?

Example: application="example" index=web uri_path="/some/example/*" In my application, I have similar uri_path...

by Explorer in

How to break up a single string value in an existing field into a new (multivalued) field with a list of separate values?

I have a field name hosts which has values as: 10.128.193.39,10.128.193.52,10.128.193.47,10.128.193.55,10.128.193....

by Explorer in

How to edit my regular expression to extract these fields from my sample data using rex?

Looking for some help with rex. The raw data looks like this, value= Name : SiteScope.exe MemGB : 6568 Name : powe...

by Communicator in

regex help

Not the best regex king, so I need some help please within the field "From" in my data there are emails. Within th...

by Contributor in

Correlating two different Vendor types

Hello, Lets say I have a firewall and an IPS and I wanted to correlate based on source IP I'm trying to figure out...

by Communicator in

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

How do I extract a substring from a field value, ignoring a word containing a particular character, let's say %2. ...

by Explorer in

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Hi, Great documentation at: http://dev.splunk.com/view/python-sdk/SP-CAAAEE5#getcollparams I'd like to know wha...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to calculate the time difference between two events?

Splunk search stuck

Capture the peak points in a table

Subsearch using boolean logic

How to transform a field into a time format?

How to alert based off the last reported number in a stats count

How can we edit our search to visualize results on a pie chart?

How to i get the average maximum number of a field

How to get an "eval if else" condition to continue a search depending on the resulting field?

How to change the default time range in search?

Extracting field

How to stop the rounding of latitude and longitude

I'm trying to perform a subsearch on lookup table and extract two fields using a or statement

How to replace the similar uri_paths in a Splunk search to calculate the response time for each endpoint?

How to break up a single string value in an existing field into a new (multivalued) field with a list of separate values?

How to edit my regular expression to extract these fields from my sample data using rex?

regex help

Correlating two different Vendor types

How do I extract a substring from an existing field value, but ignore any strings containing a particular character (%2)?

Splunk Python SDK: What are the default values for search parameters (e.g. max time)?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...