Splunk Search

Discussions

Thread Info

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

For example, I have indexed the following six events and splunk has successfully extracted the fields quite nicely: ...

by Splunk Employee in

Why does increasing the time range for a search on 2 indexes give incorrect results in a timechart?

Maybe I'm not understanding the way this works, but I have other searches that use it just fine. The only difference ...

by Explorer in

Can I add a field to an event based on data in a separate event?

I have one sourcetype that contains an event for each request to my site. One of the fields (we'll call it 'api') in ...

by New Member in

How can I get top x results and then do stats on top x

I have web page logs that have several fields. The important ones for this are CDN locations x_edge_location and the ...

by Contributor in

How do I sum the counts of all the similar values in a field to show as a single item?

Below search command is giving the results as below source="report1447097285313.csv" host="ca2indslogprd02" index=...

by Explorer in

How to set the maximum number of displayed values in a chart in Splunk 6.3?

Hi, The following dashboard contains a search that returns more than 1000 values (3600). I want to visualize all o...

by Path Finder in

How to extract this value from pipe delimited fields in Splunk?

Hi All My search results from Splunk look like below 2015-11-13 06:32:33,949|a.abcd|DAS|callabcd():getTime|0.29...

by New Member in

How to use eval function in search in CLI

Hi all, I'm currently trying to run a search within the CLI (which works perfectly on Splunk Web). The search i...

by Explorer in

How to create bins for _time that start and end on specific hours of the day?

I am attempting to summarize data by a 12 hour reporting period. The reporting periods start/end at 8. My search ...

by Communicator in

How to write the regex to extract a field for offset columns?

Hello, I am trying to extract a field that is offset by one column: Event 1: [DT_2.0_REAL][0x80c00002] Event 2:...

by New Member in

How to extract a field name and add it to a fixed string?

Hi How can I extract these fieldnames and values from this event? Step: 0345 Result: Valid Step: 3345 Result: V...

by Builder in

Coalesce Function

Hi, I wonder whether someone may be able to help me please. I've been reading the Splunk documentation on the 'coa...

by Motivator in

Is it possible to resolve an IP Address from a URL in the Search & Reporting app?

How do I get the IP from a URL?

by Engager in

How do I edit my stats search with the proper conditions to return the expected result?

Hello All, Quite new to Splunk and hoping someone can help point me in the right direction. I've being trying to f...

by New Member in

Timechart over one Month 01.-31.

I want to design a new timechart dashboard panel based on a specific search over exact 1 Month (or 30 days) My search...

by Explorer in

Display Only the Total Row

Hi, I wonder whether someone may be able to help me please. With some help along the way I've written the query be...

by Motivator in

How to search the percentage change between multiple dates?

So I loaded some old stock market data into Splunk and now I'm trying to make a big table that shows the percentage c...

by Path Finder in

How would I use multiple values from a subsearch as input to the main search?

I have two sourcetypes "clients" and "potential_clients" and each sourcetype contains address information. I want to ...

by Path Finder in

How to write a search to do multiple aggregations grouped by different fields?

Hello, I am trying to do multiple aggregations on data each time grouped by different fields. I have the following da...

by New Member in

How to join two searches that have two common fields and put a condition on one of the common fields?

I want to do a join of two searches that have a common field ID and time, but I want to have a condition on time when...

by Path Finder in

BUG: tstats not displaying latest time modifier correctly

It appears that tstats will not honor my latest value. Instead is silently uses "now" | tstats count where index=m...

by Champion in

How to trigger a search to run on clicking the strip in a Sankey Diagram?

Whenever the strip between 2 nodes is clicked, a search should run and the output should be generated in a table (bel...

by Engager in

How do you search for the string "error" after a particular string appears?

Hi, I would like to check for the string "ERROR" after the application is in a stable state. The application lo...

by New Member in

Filter out "everything but..." from certain source with heavy forwarder?

I want to filter out everything in my massive firewall logs except those events with event codes for a few important ...

by New Member in

How to combine the results of multiple searches in a single table or panel?

I'm trying to create a dashboard panel with a statistics table, which needs to be populated with the results from mul...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

Why does increasing the time range for a search on 2 indexes give incorrect results in a timechart?

Can I add a field to an event based on data in a separate event?

How can I get top x results and then do stats on top x

How do I sum the counts of all the similar values in a field to show as a single item?

How to set the maximum number of displayed values in a chart in Splunk 6.3?

How to extract this value from pipe delimited fields in Splunk?

How to use eval function in search in CLI

How to create bins for _time that start and end on specific hours of the day?

How to write the regex to extract a field for offset columns?

How to extract a field name and add it to a fixed string?

Coalesce Function

Is it possible to resolve an IP Address from a URL in the Search & Reporting app?

How do I edit my stats search with the proper conditions to return the expected result?

Timechart over one Month 01.-31.

Display Only the Total Row

How to search the percentage change between multiple dates?

How would I use multiple values from a subsearch as input to the main search?

How to write a search to do multiple aggregations grouped by different fields?

How to join two searches that have two common fields and put a condition on one of the common fields?

BUG: tstats not displaying latest time modifier correctly

How to trigger a search to run on clicking the strip in a Sankey Diagram?

How do you search for the string "error" after a particular string appears?

Filter out "everything but..." from certain source with heavy forwarder?

How to combine the results of multiple searches in a single table or panel?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions