Splunk Search

Ask a Question

Discussions

Thread Info

append command- more efficient query

Hi, could you help me to write more efficient query? My is really time consuming. Example. --First part cac...

by Path Finder in

Extract Data From Event

Hi, I wonder whether someone can help me please. I have multiple events which include the following piece of infor...

by Motivator in

Searching on results of EVAL command

Hello We are building a search to take a MAC address, evaluate all the potential formats that MAC address may be and ...

by Explorer in

Sub-searches using savedsearch returns results, but columns are labeled "NULL"

Using savedsearch and timechart, I'm getting NULL where I'd expect the values of "myfield" Base search (@m to -1h@...

by Explorer in

Put multiple timecharts into one

I have three timecharts which I want to sum together. index="commercial_performance" Cat1="Entitlement *" | timech...

by Explorer in

Error Viewing Database Information

I am testing DB Connect for the first time and receiving an error when I try to use Database Info (/en-US/app/dbx/dbi...

by Engager in

How to use timechart with stats and eval command

Hi, My query is below - index=abc sourcetype=xyz Unable to connect to the remote server | Stats count(eval("Una...

by Communicator in

Acceleration or Summary Index for hourly/daily/weekly/monthly charts

The setup is like this... index=myindex myfield=*FOO* | timechart span=1h count by myfield Where myfield's val...

by Explorer in

How to append two fields extracted from different events having same ID field without using join?

Hi All, I have three fields error, Bandwidth & ID. error & Bandwidth are fields for two different events while bot...

by Path Finder in

Plotting error frequency to verify a break fix?

Hello, I am new to splunk and wanted to try visualizing whether a break fix that was implemented is actually working....

by New Member in

extract multiple events into multiple fields using rex

I have events in below format from an XML source. I want to extract below values in to separate events into fields st...

by Communicator in

How to search the status of processes in each server using a lookup table?

I am trying to build a search that will display the Process status in each server. i have a lookup table called ipser...

by New Member in

CSV data is not matching with my indexed data

Hi all, Thank you

by Path Finder in

After restoring a CSV based index, why are searches using fields or wildcards not returning results?

Hi I have a big big problem. I restored a csv based index. (MS Exchange mail track log) The restored data is big, ...

by Path Finder in

From a Hunk VIX, what is the max output on a table or stats command?

I'm creating a table/stats command with a large output and the statistics seems to be capping out at 10k. Is there a ...

by Contributor in

Need help writing a search command to determine if a value is in a json array more than once

I am indexing json objects into splunk. An example of the json is: { id: "24234563", systems: [ "hos...

by Contributor in

Fields from transaction not displaying in table after extra eval

Hi, I'm using the transaction command to combine two different events into one larger event with the user_id as th...

by Builder in

How do I remove rows from a table based on empty column values?

What I'm trying to do Using the export API /servicesNS/admin/search/search/jobs/export?output_mode=json&search=search...

by Engager in

How to search which hosts are missing patches using a lookup with a list of patches that should be installed for each hostname?

Hi I have a list of events about patches installed on my hosts (about 3k) which look like Hostname1, PatchId1 ...

by Path Finder in

Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?

I have a one shot search to which i am passing earliest time and latest time from time range picker. Trying to genera...

by Communicator in

Error during Search

Hi, In the home page of our application, a combo box is populated with results from a splunk search. At times, the...

by Influencer in

How does Splunk decide which rows to display in top if there's a tie?

for example here's the full data: widgets total item1 10 item2 8 item3 8 item4 8 item5 8 item6 4 and you have a qu...

by Engager in

Why is the xpath search command not extracting the expected result from my sample XML data?

Hi! I would like to use the xpath search command to extract my test results from daily XML files. I have created t...

by Explorer in

timechart count by what values are chosen

If a log is generated every time a user comments on a blog index=bloglog sourcetype=comments | timechart count by ...

by Path Finder in

See Gigabytes Added to Each Index in Last 24 hours

Issue: Various internal groups pay for space in Splunk based on their needs. For example, dev teams paid for 40GB'...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

append command- more efficient query

Extract Data From Event

Searching on results of EVAL command

Sub-searches using savedsearch returns results, but columns are labeled "NULL"

Put multiple timecharts into one

Error Viewing Database Information

How to use timechart with stats and eval command

Acceleration or Summary Index for hourly/daily/weekly/monthly charts

How to append two fields extracted from different events having same ID field without using join?

Plotting error frequency to verify a break fix?

extract multiple events into multiple fields using rex

How to search the status of processes in each server using a lookup table?

CSV data is not matching with my indexed data

After restoring a CSV based index, why are searches using fields or wildcards not returning results?

From a Hunk VIX, what is the max output on a table or stats command?

Need help writing a search command to determine if a value is in a json array more than once

Fields from transaction not displaying in table after extra eval

How do I remove rows from a table based on empty column values?

How to search which hosts are missing patches using a lookup with a list of patches that should be installed for each hostname?

Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?

Error during Search

How does Splunk decide which rows to display in top if there's a tie?

Why is the xpath search command not extracting the expected result from my sample XML data?

timechart count by what values are chosen

See Gigabytes Added to Each Index in Last 24 hours

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions