Splunk Search

Ask a Question

Discussions

Thread Info

Adding a totals row to a table

Hi all, So I have a search that i have saved as a report that looks like this when it completes Group ...

by Path Finder in

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Splunk Free Enterprose download. Trying to start Splunk - non-root user. To "Start and Show Plunk" I get the error...

by Communicator in

Grouping by String and Sorting by Average

Hi there! I have run the following search... index="prop_data" uri=*/property/*/* | stats avg(execution_time) b...

by New Member in

Join and chart events from 2 log files with common field value but not lables.

I see a ton of these type questions, but none seem to pertain to what I am doing or I just dont understand them. I...

by Builder in

How do I use regex to extract value in parenthesis preceded by parenthesis?

I have the following log(s) from which I want to extract the value inside the parenthesis. The parenthesis field is p...

by New Member in

Rename columns

I have the following search string index="commercial_performance" "Efficiency Variance *" OR "Intervention Varianc...

by Explorer in

Map with custom image & _lat _lon

Can I replace the maps app images with a static single image? I want to assign static _lat and _lon to a specific pla...

by Explorer in

Geostats Truncating Data?

It would appear that using ...| geostats isn't working as it used to anymore. I originally had a search like the foll...

by Explorer in

Why does 'x.y'-1 return no value?

I have an extremely simple search that inexplicably does not work. It returns blank values for latest(ewma): index...

by Path Finder in

Getting Count of specific value in json formatted log

I have a json splunk log, and I need to get the count of the number of times the "message" field is equal to "Total r...

by Explorer in

Is there something similar to addtotals to sum by a field

I'm trying to run a calculation that will average all values over a day, then add all values by a field (Building in ...

by Explorer in

How to filter events by date fields in lookup table

I have a lookup table that consists of the follow fields: Account_Name, Name, Start Date, Return Date. I want to sear...

by New Member in

Put results in one row table

Hello, I have got a question about a Query. This is the query: index=security-mijnssp "View rendered = /error.j...

by Explorer in

Combine table rows

Hi everyone, I've got a question about a query i have made: index=security-mijnssp "View rendered = /error.jspx...

by Explorer in

Issue with conitnously monitoring a folder

Hi Team I have a folder that consists of logs added every day i have given this folder as input to splunk to continuo...

by Path Finder in

How to chart months on the X-axis in chronological order, not alphabetical?

Hi, My database query returns the following columns monthNum,month,year,value 01, Jan, 2014, 20 01, Jan, 2015, 30 ...

by Explorer in

I have an stats result that has a latest(_time) in the config and want to only include items where the latest is N minutes old

index=product_iround_prod Level=INFO Message="Form Synchronizer complete" | stats latest(_time) AS timestamp, latest(...

by New Member in

Why is my real-time post process dashboard showing different results from running the same search directly?

Hi folks, I'm experiencing a strange behavior on one of my splunk real-time postprocess dashboards. The numbers sh...

by Path Finder in

Extract not giving the exact result

Hi, I have an extract with the name "remotesystemid" but when i am executing the below query it is giving values w...

by Communicator in

Grouping multiple times

Basically I would like to run one stats command where i do some arithmetic and correlation based on one grouping, but...

by Path Finder in

What does it mean? user=tommyjones is not allowed to run historical scheduled search, skipping savedsearch_id="tommyjones;…"

I'm seeing this in the scheduler log and would like to know what it means and what causes it. This user can certainly...

by Champion in

how to search a number which is 13 digits or more using regex in splunk?

Hi how can i find out a number which is 13 digits or more in a splunk search on index="xyz". Please let me know

by Builder in

How to graph and chart Oracle Error Code (ORA-nnnnn) from mutiple sources

I have multiple logs from different sources (app server, database server,etc) where they can contain a error response...

by Explorer in

Limit SA-Eventgen event amount generated

Hi Everyone, I am using SA-Eventgen (eventgen-master) to simulate events, and its working great  The issue is tha...

by Explorer in

field extraction based onmore than one static strings and find out count

Hi, I am new to Splunk. I am trying to create a splunk query to find out the count of occurrence for a specific se...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Adding a totals row to a table

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Grouping by String and Sorting by Average

Join and chart events from 2 log files with common field value but not lables.

How do I use regex to extract value in parenthesis preceded by parenthesis?

Rename columns

Map with custom image & _lat _lon

Geostats Truncating Data?

Why does 'x.y'-1 return no value?

Getting Count of specific value in json formatted log

Is there something similar to addtotals to sum by a field

How to filter events by date fields in lookup table

Put results in one row table

Combine table rows

Issue with conitnously monitoring a folder

How to chart months on the X-axis in chronological order, not alphabetical?

I have an stats result that has a latest(_time) in the config and want to only include items where the latest is N minutes old

Why is my real-time post process dashboard showing different results from running the same search directly?

Extract not giving the exact result

Grouping multiple times

What does it mean? user=tommyjones is not allowed to run historical scheduled search, skipping savedsearch_id="tommyjones;…"

how to search a number which is 13 digits or more using regex in splunk?

How to graph and chart Oracle Error Code (ORA-nnnnn) from mutiple sources

Limit SA-Eventgen event amount generated

field extraction based onmore than one static strings and find out count

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions