Splunk Search

Discussions

Thread Info

Filtered search from 2 searches

I have 2 searches: 1. Search(AAA)|rename _time as TimeA|table TimeA host; 2. Search(BBB)|rename _time as TimeB|table ...

by Explorer in

How to change my stats sum(x) search to an hourly timechart sum(y)?

Hi I have the following search which displays the sum of a field, but I am trying to put a time chart in hourly w...

by Builder in

How to write a Regex to extract and list out the country names from my html formatted results ?

The following were my html search results <country>USA</country> <country>CANADA</country> <country>UK</country> <...

by Builder in

How do I improve the performance my dashboard load times for a large amount of data?

I have a form that uses a searchTemplate: index=java earliest=$timerange.earliest$ latest=$timerange.latest$ app_...

by Builder in

When to use Hunk - when to use Splunk

Hello all, I am currently struggling a bit with understanding the difference between Splunk and Hunk, and hope th...

by Path Finder in

How to use OR in regex to capture error messages from two different patterns of log files?

So I have the following log structure: Oct 7 13:51:05, 10.96.3.29, 10.96.3.29, domain:,default [xyz][0x80e003aa][...

by Engager in

Communication Ports to be opened from Amazon EC2 Instance to Splunk Cloud

What are the ports to be opened inboud/outbound from Amazon EC2 instances to Splunk cloud.

by New Member in

Splunk sizing: where is the search concurrency information?

I've been reviewing the information around sizing Splunk installations and it seems to distill--at its simplest--to t...

by Contributor in

Unable to start splunk, failed with crash report

[build aa7d4b1ccb80] 2015-09-26 11:27:52 Received fatal signal 6 (Aborted). Cause: Signal sent by PID 1039871 running...

by Path Finder in

Mapping two searches to the same chart element at different times?

Hi, I am on runtime trying to change the search in the same chart element. As in the chart element refers to one s...

by Communicator in

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

If you perform a query that returns events that do not hit the left or right "edge" of your specified time range, and...

by Explorer in

How to edit my search to get an average of the total count for the last X days?

I am getting a total count by using index=aap_prod sourcetype="ECS:PROD:CATALINA" (ECSSearchType=autocomplete OR E...

by Communicator in

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

Hello everyone. I need to substitute text "id" in text fields where I have ids now: like 123123123, 312asda-adas2 ...

by Communicator in

default interval for data sending

I am using Universal forwarder to send data to main Splunk instance to monitor files/directories. What is default ...

by Builder in

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

Hi All, The default behavior when building a dashboard with checkboxes is that the checkboxes equal an AND search....

by Path Finder in

Sort based on Specific Value Within Field

Hi all My question has to do with sorting , and basically my field looks like this where I want it sorted by the last...

by Path Finder in

count list host count by sourcetype, sourcetype by index

Hi, This seems like it would be simple, but I can't figure it out for the life of me. I really like the stats list la...

by Communicator in

How to create a stacked column chart with count(_time) split by index (_internal, main) for each host?

I don't understand why this should be so difficult....okay, here is my search: host=* index=_internal OR index=mai...

by Engager in

How to recognize flat patterns in separate time periods?

This is a continuation of How to recognize a flat pattern in a given time period which @lguinn solved with a combinat...

by SplunkTrust in

Removing events with duplicate fields from transaction command

Hi all, I am writing a query to detect brute force attempts, where the username is different in each request. index...

by Explorer in

Why are the search and query tags in my dashboard XML failing?

Hi, I wonder whether someone may be able to help me please. I've put together the following in the Dashboard X...

by Motivator in

Query to get daily amount of data in GB per index

I am trying to figure out a search to get the amount of data in GB coming into Splunk per index. When we have huge sp...

by New Member in

How to call an external lookup from the master search head, but execute it in a specific search peer?

I have an external lookup that is working fine, but due to firewall restrictions, I need to force the external lookup...

by Motivator in

Bucketing by day for a table of result with eventstats

We've got summary index working great, but we need to back fill in some data from before we started the automated rep...

by Path Finder in

How to combine or join 2 sources (.csv format) with exactly the same extracted fields?

How is it possible to combine or join 2 sources (.csv format) with excactly the same extracted fields? source1: co...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filtered search from 2 searches

How to change my stats sum(x) search to an hourly timechart sum(y)?

How to write a Regex to extract and list out the country names from my html formatted results ?

How do I improve the performance my dashboard load times for a large amount of data?

When to use Hunk - when to use Splunk

How to use OR in regex to capture error messages from two different patterns of log files?

Communication Ports to be opened from Amazon EC2 Instance to Splunk Cloud

Splunk sizing: where is the search concurrency information?

Unable to start splunk, failed with crash report

Mapping two searches to the same chart element at different times?

Min/Max of Time Axis on Timechart Does Not Always Reflect Query Time Range

How to edit my search to get an average of the total count for the last X days?

How to search for part of a string matching a certain regex for an ID in a text field and replace it with "id"?

default interval for data sending

How to change the default behavior for checkboxes so it searches with OR for multiple selections, not AND?

Sort based on Specific Value Within Field

count list host count by sourcetype, sourcetype by index

How to create a stacked column chart with count(_time) split by index (_internal, main) for each host?

How to recognize flat patterns in separate time periods?

Removing events with duplicate fields from transaction command

Why are the search and query tags in my dashboard XML failing?

Query to get daily amount of data in GB per index

How to call an external lookup from the master search head, but execute it in a specific search peer?

Bucketing by day for a table of result with eventstats

How to combine or join 2 sources (.csv format) with exactly the same extracted fields?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions