Splunk Search

Discussions

Thread Info

Regex in search to filter not working

I am currently trying to work on a search where are admins in my results. I want the search to show only regular user...

by Communicator in

Log file not picked up by splunk

I'm trying to get our splunk server to index the local /var/log/audit/audit.log, but no matter what I do I don't see ...

by New Member in

What values should I use for replication and search factor in a Splunk multisite indexer cluster with one peer in site1 and two peers in site2?

Hi! I'm trying to configure a multisite indexer cluster with two sites; site1 and site2. There are one peer in sit...

by Builder in

Performing a MAP search in a given time window

Hi, I'm trying to create a MAP search to see if Event B triggers within a certain time window of Event A being tri...

by Communicator in

How to copy figures across empty time buckets?

I'm generating a timechart that is supposed to display a daily figure which is an accumulation of total logged in hou...

by Explorer in

Adding a totals row to a table

Hi all, So I have a search that i have saved as a report that looks like this when it completes Group ...

by Path Finder in

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Splunk Free Enterprose download. Trying to start Splunk - non-root user. To "Start and Show Plunk" I get the error...

by Communicator in

Grouping by String and Sorting by Average

Hi there! I have run the following search... index="prop_data" uri=*/property/*/* | stats avg(execution_time) b...

by New Member in

Join and chart events from 2 log files with common field value but not lables.

I see a ton of these type questions, but none seem to pertain to what I am doing or I just dont understand them. I...

by Builder in

How do I use regex to extract value in parenthesis preceded by parenthesis?

I have the following log(s) from which I want to extract the value inside the parenthesis. The parenthesis field is p...

by New Member in

Rename columns

I have the following search string index="commercial_performance" "Efficiency Variance *" OR "Intervention Varianc...

by Explorer in

Map with custom image & _lat _lon

Can I replace the maps app images with a static single image? I want to assign static _lat and _lon to a specific pla...

by Explorer in

Geostats Truncating Data?

It would appear that using ...| geostats isn't working as it used to anymore. I originally had a search like the foll...

by Explorer in

Why does 'x.y'-1 return no value?

I have an extremely simple search that inexplicably does not work. It returns blank values for latest(ewma): index...

by Path Finder in

Getting Count of specific value in json formatted log

I have a json splunk log, and I need to get the count of the number of times the "message" field is equal to "Total r...

by Explorer in

Is there something similar to addtotals to sum by a field

I'm trying to run a calculation that will average all values over a day, then add all values by a field (Building in ...

by Explorer in

How to filter events by date fields in lookup table

I have a lookup table that consists of the follow fields: Account_Name, Name, Start Date, Return Date. I want to sear...

by New Member in

Put results in one row table

Hello, I have got a question about a Query. This is the query: index=security-mijnssp "View rendered = /error.j...

by Explorer in

Combine table rows

Hi everyone, I've got a question about a query i have made: index=security-mijnssp "View rendered = /error.jspx...

by Explorer in

Issue with conitnously monitoring a folder

Hi Team I have a folder that consists of logs added every day i have given this folder as input to splunk to continuo...

by Path Finder in

How to chart months on the X-axis in chronological order, not alphabetical?

Hi, My database query returns the following columns monthNum,month,year,value 01, Jan, 2014, 20 01, Jan, 2015, 30 ...

by Explorer in

I have an stats result that has a latest(_time) in the config and want to only include items where the latest is N minutes old

index=product_iround_prod Level=INFO Message="Form Synchronizer complete" | stats latest(_time) AS timestamp, latest(...

by New Member in

Why is my real-time post process dashboard showing different results from running the same search directly?

Hi folks, I'm experiencing a strange behavior on one of my splunk real-time postprocess dashboards. The numbers sh...

by Path Finder in

Extract not giving the exact result

Hi, I have an extract with the name "remotesystemid" but when i am executing the below query it is giving values w...

by Communicator in

Grouping multiple times

Basically I would like to run one stats command where i do some arithmetic and correlation based on one grouping, but...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex in search to filter not working

Log file not picked up by splunk

What values should I use for replication and search factor in a Splunk multisite indexer cluster with one peer in site1 and two peers in site2?

Performing a MAP search in a given time window

How to copy figures across empty time buckets?

Adding a totals row to a table

Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied

Grouping by String and Sorting by Average

Join and chart events from 2 log files with common field value but not lables.

How do I use regex to extract value in parenthesis preceded by parenthesis?

Rename columns

Map with custom image & _lat _lon

Geostats Truncating Data?

Why does 'x.y'-1 return no value?

Getting Count of specific value in json formatted log

Is there something similar to addtotals to sum by a field

How to filter events by date fields in lookup table

Put results in one row table

Combine table rows

Issue with conitnously monitoring a folder

How to chart months on the X-axis in chronological order, not alphabetical?

I have an stats result that has a latest(_time) in the config and want to only include items where the latest is N minutes old

Why is my real-time post process dashboard showing different results from running the same search directly?

Extract not giving the exact result

Grouping multiple times

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions