Splunk Search

Discussions

Thread Info

Can I add more details to my license usage by time search to see how much is going to DEBUG logs?

I use the License Usage search (generally when I click through on a host or source from the License Usage page) and c...

by Engager in

Replicate field percentage breakdown in SPL?

If you click on a field name in the left column it will give you top results for that field, along with the percentag...

by SplunkTrust in

How do I create and display a trend of the 10 largest database tables returned in my search results?

I am setting up some trending. We currently collect stats on the largest tables and load them into Splunk. I am able ...

by New Member in

Format result table as tree or make indentations (parent-child relation)

I have following data in data in columns: id parent step_name 1 Step_1 2 1 Step_1_1 3 2 ...

by New Member in

How do I parse my XML data in a single search?

I've an xml wth below structure <root><stats> <total> <stat pass="12" fail="12">C</stat> <stat...

by Communicator in

How to extract values from rows that either contain Dept or do not contain Dept?

2015-05-01 07:33 - [User Login] | Name#ID | 'John#11' | :User name: 'John', ID: '11' successfully logged in 2015-05-0...

by New Member in

As a beginner, how do I actually get to the Splunk CLI to put commands in ?

by Explorer in

Are the Splunk Conf 2011 videos available anywhere?

All, Crazy question. Are 2011 conf videos available anywhere? I remember a Field extraction/Regex track that coul...

by Builder in

Value from Rex command used to perform a new search with extracted value

Hello all, New to Splunk and trying to figure out what I am doing wrong or best way to do the following. I am tryi...

by Path Finder in

Report on how log a user was logged on?

I am trying to generate a report that show how long users stayed logged on. I can do a search and find the users and ...

by Path Finder in

Filtered search from 2 searches

I have 2 searches: 1. Search(AAA)|rename _time as TimeA|table TimeA host; 2. Search(BBB)|rename _time as TimeB|table ...

by Explorer in

How to change my stats sum(x) search to an hourly timechart sum(y)?

Hi I have the following search which displays the sum of a field, but I am trying to put a time chart in hourly w...

by Builder in

How to write a Regex to extract and list out the country names from my html formatted results ?

The following were my html search results <country>USA</country> <country>CANADA</country> <country>UK</country> <...

by Builder in

How do I improve the performance my dashboard load times for a large amount of data?

I have a form that uses a searchTemplate: index=java earliest=$timerange.earliest$ latest=$timerange.latest$ app_...

by Builder in

When to use Hunk - when to use Splunk

Hello all, I am currently struggling a bit with understanding the difference between Splunk and Hunk, and hope th...

by Path Finder in

How to use OR in regex to capture error messages from two different patterns of log files?

So I have the following log structure: Oct 7 13:51:05, 10.96.3.29, 10.96.3.29, domain:,default [xyz][0x80e003aa][...

by Engager in

Communication Ports to be opened from Amazon EC2 Instance to Splunk Cloud

What are the ports to be opened inboud/outbound from Amazon EC2 instances to Splunk cloud.

by New Member in

Splunk sizing: where is the search concurrency information?

I've been reviewing the information around sizing Splunk installations and it seems to distill--at its simplest--to t...

by Contributor in

Unable to start splunk, failed with crash report

[build aa7d4b1ccb80] 2015-09-26 11:27:52 Received fatal signal 6 (Aborted). Cause: Signal sent by PID 1039871 running...

by Path Finder in

Mapping two searches to the same chart element at different times?

Hi, I am on runtime trying to change the search in the same chart element. As in the chart element refers to one s...

by Communicator in

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

If you perform a query that returns events that do not hit the left or right "edge" of your specified time range, and...

by Explorer in

How to edit my search to get an average of the total count for the last X days?

I am getting a total count by using index=aap_prod sourcetype="ECS:PROD:CATALINA" (ECSSearchType=autocomplete OR E...

by Communicator in

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

Hello everyone. I need to substitute text "id" in text fields where I have ids now: like 123123123, 312asda-adas2 ...

by Communicator in

default interval for data sending

I am using Universal forwarder to send data to main Splunk instance to monitor files/directories. What is default ...

by Builder in

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

Hi All, The default behavior when building a dashboard with checkboxes is that the checkboxes equal an AND search....

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can I add more details to my license usage by time search to see how much is going to DEBUG logs?

Replicate field percentage breakdown in SPL?

How do I create and display a trend of the 10 largest database tables returned in my search results?

Format result table as tree or make indentations (parent-child relation)

How do I parse my XML data in a single search?

How to extract values from rows that either contain Dept or do not contain Dept?

As a beginner, how do I actually get to the Splunk CLI to put commands in ?

Are the Splunk Conf 2011 videos available anywhere?

Value from Rex command used to perform a new search with extracted value

Report on how log a user was logged on?

Filtered search from 2 searches

How to change my stats sum(x) search to an hourly timechart sum(y)?

How to write a Regex to extract and list out the country names from my html formatted results ?

How do I improve the performance my dashboard load times for a large amount of data?

When to use Hunk - when to use Splunk

How to use OR in regex to capture error messages from two different patterns of log files?

Communication Ports to be opened from Amazon EC2 Instance to Splunk Cloud

Splunk sizing: where is the search concurrency information?

Unable to start splunk, failed with crash report

Mapping two searches to the same chart element at different times?

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

How to edit my search to get an average of the total count for the last X days?

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

default interval for data sending

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions