Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to calculate the time range between two events?

I have data like below. How do I calculate the time difference between A.1-B. 1, A.2-B.2......A.n-B.n Time Offset ...

by New Member in

After upgrading Splunk from 6.2 to 6.3.1, why am I getting no results searching any indexes?

Hi Team, I have upgraded Splunk from 6.2 to 6.3.1 version. I restored backup, but still I am not getting any outpu...

by New Member in

Anonymize only some Email Addresses

Hi, I need help writing a regex which must anonymize email address which doesn't below to the company domain. I al...

by Communicator in

How can I compare the ratio of errors to 10 minutes ago for all our app_pools?

I would like to get a ratio of errors by app_pool, and then compare it to 5, 10, 1hr ago? tag=java | stats count...

by Builder in

How to get event counts for multiple fields grouped by another field?

Hello all, New to Splunk and been trying to figure out this for a while now. Not making much progress, so thought ...

by Path Finder in

How to search the average number of events per day by severity?

I have a macro that breaks out events by severity. I am trying to look at the average number of events by severity av...

by New Member in

How do I downgrade from Splunk Light to Splunk Light Free?

In my test setup, I can see that I have a VALID status of the Splunk Light Free, and an EXPIRED status on the Splunk ...

by New Member in

How to chart with multiple hour fields from 0h to 24h?

I have some performance data that is for the most part, fairly standard, such as SystemName, Metric (cpu, memory, wha...

by Path Finder in

How to customize our search results using subsearches?

Hi SPlunkers, We are looking customize our searches by using subsearches. Search 1: index=db source="Queue.D...

by Path Finder in

Why does max value turn into average in my results for date range greater than 3 Days?

So I have a query that is | timechart count | timechart per_second(count) as TPS | timechart span=1d max (TPS) ...

by New Member in

How to edit my search to group incidents based on resource and average their response time?

I have a search which gets me the data below: Assigned to Short description Opened Resol...

by New Member in

How to search for all events that happened one hour before any event from a specific set of events?

Let's say there's a specific set of events I'm looking at (Events A). Now I want to write a search to return all even...

by Splunk Employee in

How to display my source data format in Splunk?

I have data that is feeding to Splunk from x source. That x source data is formatted like discussion points whereas i...

by New Member in

How to map data locally on a map

If I have data which has lat and long data that is localized within a few miles, is there a way that I can map this o...

by Contributor in

Subsearch Help

Hi, I'm trying to create a search query that displays all the events with Incorrect result: but excludes the case...

by Path Finder in

What's the different between a real-time 1 hour window and relative last 60 minutes?

Hello Splunkers, Well the question is as the title describes. What's the difference if I run a search with the two...

by Path Finder in

How to write a search to get an accurate count of fields with the same name in a single event?

Hello Splunkers, Here is my sample event: ID=000, GROUP="A", GROUP="B", TYPE="NA" ID=001, GROUP="A", TYPE="NB" ...

by Path Finder in

Why am I getting "Error in 'inputlookup' command: Invalid argument: 'NOT'."?

Hello Splunkers, Just checking to see if this is possible or If I'm running into a limitation I didn't know about....

by Contributor in

How can I make a new column and add values while streaming input and iterating through the results?

I am making a python program where I am streaming in data and iterating through the results. I would like to make a n...

by Explorer in

How to change Splunk> Logo after login in 6.3

Hi All, I got requirement to change the splunk> logo on left corner after login, I checked replacing the logo-mrsp...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate the time range between two events?

After upgrading Splunk from 6.2 to 6.3.1, why am I getting no results searching any indexes?

Anonymize only some Email Addresses

How can I compare the ratio of errors to 10 minutes ago for all our app_pools?

How to get event counts for multiple fields grouped by another field?

How to search the average number of events per day by severity?

How do I downgrade from Splunk Light to Splunk Light Free?

How to chart with multiple hour fields from 0h to 24h?

How to customize our search results using subsearches?

Why does max value turn into average in my results for date range greater than 3 Days?

How to edit my search to group incidents based on resource and average their response time?

How to search for all events that happened one hour before any event from a specific set of events?

How to display my source data format in Splunk?

How to map data locally on a map

Subsearch Help

What's the different between a real-time 1 hour window and relative last 60 minutes?

How to write a search to get an accurate count of fields with the same name in a single event?

Why am I getting "Error in 'inputlookup' command: Invalid argument: 'NOT'."?

How can I make a new column and add values while streaming input and iterating through the results?

How to change Splunk> Logo after login in 6.3

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...