Splunk Search

Ask a Question

Discussions

Thread Info

How to create a table and align rows for related fields using stats?

Sorry for the lengthy question...... Here is what I am trying to achieve: For a event, containing the following da...

by Engager in

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

Hi All, source="/export/home/logs/access_log" | rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by statu...

by New Member in

How to pass Time span in Drill Down Graph

I have a parent graph showing maximum swap memory for all hosts. I have a drill down graph showing maximum swap me...

by Path Finder in

Why I am unable to accelerate this report?

Hi, I wonder whether someone may be able to help me please. I'm trying to get to grips with 'Report Acceleration' ...

by Motivator in

Use named backreference in the subsequent rex command

Hi All, Can you let me know how we can use a named backreference in the subsequent rex command? That is pass the v...

by Communicator in

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

More and more I'm getting reports of bad queries, or queries that don't match results from a separate run. In most ca...

by Influencer in

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Hello, I am trying to create a chart where each row has a different search. I am trying to obtain the completion t...

by Communicator in

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

Hi guys, I am fairly new to splunk, and I am trying to get it to monitor a couple of log files on some app servers...

by Communicator in

How to chart values over time

Hello What I am trying to do is to literally chart the values over time. Now the value can be anything. It can be ...

by Motivator in

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

This is designed to be a self answering question based on our experience. We've configured indexer clustering with...

by Motivator in

How to extract fields of variable length?

I am new to Splunk and am working with DTS Compliant formatted logs generated from Microsoft Network Policy Server an...

by New Member in

How to create a line graph where for each day, it displays the latest time?

Hello, I extracted the time with the variable TIME. I am trying to create a line graph where it shows the latest t...

by Communicator in

How to search for field values in a subsearch?

Little strange issue I got... I ingest files into an index. I want to add a yes/no field to my events, based on if th...

by Communicator in

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

I segregate my data using indexes for each group. I have a csv with a list of hosts that cross several indexes. I ...

by Motivator in

Different results same search

So we have both Snort and Sourcefire in our environment. I'm using a simple search to create a table of the top hits ...

by Builder in

Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table?

Hi, I have this search: host="myhost.com" NOT source=*access_log* AND "SearchA" | timechart span=1d dc(App) as...

by New Member in

How to return more than 10 columns in a table search result?

I have a search that searches for Windows Security Event IDs and displays the results in a table format. The maximum ...

by Communicator in

How can I assign the day of the week to my events?

I'd like to be able to assign the day of the week to my events so I can show my users whatever happens on a Monday. I...

by Splunk Employee in

How to return a timestamp to an eval?

I'm trying to search by a specific date, so I wanted to return the date to an eval, but when I run it, I get the mess...

by Path Finder in

Normalizing (feature scaling) a datapoint

I have a search and I would like to normalize a data point so that I can use it effectively in conjunction with other...

by New Member in

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summatio...

by Explorer in

How to edit my search to group by multiple values?

I have a search in which I want to return the distinct number of users doing an number of actions b1 - b5 split by pl...

by Path Finder in

How I can use the rename command in my search on JSON data?

Hi.. I have json data such as {"result": [ {"EventData.mlsnumber": "1039455", "result": 1}, {"EventD...

by Path Finder in

Search problem - not finding results that should be returned from search criteria

We have been running a search that returns results for user and computer account creation. For the past week or so, t...

by New Member in

Help with writing Regex?

Can someone please help me to write a regex to get the value "78" value from the below sample data? Destination to...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a table and align rows for related fields using stats?

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

How to pass Time span in Drill Down Graph

Why I am unable to accelerate this report?

Use named backreference in the subsequent rex command

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

How to chart values over time

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

How to extract fields of variable length?

How to create a line graph where for each day, it displays the latest time?

How to search for field values in a subsearch?

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

Different results same search

Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table?

How to return more than 10 columns in a table search result?

How can I assign the day of the week to my events?

How to return a timestamp to an eval?

Normalizing (feature scaling) a datapoint

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

How to edit my search to group by multiple values?

How I can use the rename command in my search on JSON data?

Search problem - not finding results that should be returned from search criteria

Help with writing Regex?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!