Splunk Search

Discussions

Thread Info

How to pull end time instead of start time from my transaction search?

Hi, The search below is retrieving start time (due to transaction), but I need to pull end time and I don't know t...

by New Member in

Single Source of Data, Multiple Splunk Instances?

We have a single data simulator sending records to a socket, and a Splunk instance on a different server using that d...

by Explorer in

How to ingest a non-standard XML file based on file-mod timestamp and extract all XML attributes?

Hi, I'm trying to ingest multiple files with the below format: <?xml version="1.0" encoding="UTF-8"?> <Broadca...

by Explorer in

How to pass start time to gentimes with a subquery to append in the search results?

Hi all, I'm trying to create a query that gets the number of occurrences of certain Event per month. For that i ge...

by Path Finder in

How do joins work in a Splunk search?

Could you please explain how joins work? Please give me some examples

by New Member in

What is the best and most economical method for keeping a continuously maintained reference of historical values?

Hi all, We want to compare "today" values in real-time with some aggregatedvalues of yesterday ("day -1"), "day -2...

by Explorer in

Lookup Question

My use case is to find out how many transactions went out to a customer for a particular day. The results will includ...

by Builder in

how to calculate percentage

Hi, Can anyone help how to calculate percentage for the report below for '%Act_fail_G_Total' host Act-Sucess Ac...

by Communicator in

Using transaction on a field alias I created for 2 fields with different names in different sourcetypes, why am I unable to group all matching events?

Hi, I have 2 sourcetypes: wineventlog:security and WinEventLog:Microsoft-Windows-Sysmon/Operational. I have extrac...

by Communicator in

Enriching Proxy Log data containing userid and IP address with DNS & Active Directory attributes, how do we handle subsearch result limits?

So, fun problem: We're wanting to do some data enrichment so that we can build good reports. What we want to do is...

by Contributor in

Map on splunk 6

Is there a way to use the google map app or something similar in splunk 6? I have syslogs containing latitude and lon...

by Engager in

timechart X axis

How can I get more then 4 marks on x axis using timechart? In a search like this: earliest=-1d@d latest=-0d@d sour...

by Communicator in

How to link two sources with equals fields in each?

Hey everyone, Here is my problem: I have two sources (Source1 and Source2): * In source1 I have the field "device num...

by Explorer in

Displaying chart in real-time with fixed earliest/latest

I have a query that overlays the value of one date with the value of another date, it is put together as this: ......

by Communicator in

How To Get = sum(set A events) / sum (set B events).

Hello, I'm new to splunk. I need to evaluate result = sum(set A events) / sum (set B events). I've tried: sourcety...

by Path Finder in

Does dbquery results count toward daily index license?

So, the title says it all. I was looking in the db connect documentation and didn't see anything that answered this q...

by Builder in

Postprocessing search with tokens in base search not returning results

I'm trying to build a form with a base search and post processing search as below. The panel gets loaded from a drill...

by Contributor in

Dashboard not showing correct results

Hello, I have created a dashboard with some very simple searches, for example: index=something | stats count ...

by Explorer in

How to chart URLS by error code percentage

We are grabbing logs from nginx. I would like to know how I can chart URLS that are returning a 408 error code as wel...

by New Member in

framework and splunk both run?

Hi, I'm a little confused with how the app framework works. Does it run seperately outside of splunk? One of our d...

by Champion in

How do you create a threshold on a bar chart to show when certain cpu/computer (e.g server) resource(s) exceed its normal threshold?

Need Help : I'm trying to create a bar chart to display the data below for each server: 1. Free Space 2. Free Megabyt...

by Path Finder in

How can I edit my search with multiple appendcols to improve performance?

Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reaso...

by Communicator in

Help with creating search to chart current data against calcuated averages.

I am indexing some data in json format. The json has some fields that are arrays like: { system: "peanuts", location:...

by Contributor in

How to use a lookup table in a search to match any IPs or domains found in a column, but ignore any values older than 90 days?

I currently have a lookup table that contains 2 columns: date and ioc. The goal is to have Splunk go through the look...

by Engager in

Timechart distribution of stats count result

I am trying to do the following search: Log file looks like 2012-12-01 11:00:00 id=B starttime=2012-12-02T08:00...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to pull end time instead of start time from my transaction search?

Single Source of Data, Multiple Splunk Instances?

How to ingest a non-standard XML file based on file-mod timestamp and extract all XML attributes?

How to pass start time to gentimes with a subquery to append in the search results?

How do joins work in a Splunk search?

What is the best and most economical method for keeping a continuously maintained reference of historical values?

Lookup Question

how to calculate percentage

Using transaction on a field alias I created for 2 fields with different names in different sourcetypes, why am I unable to group all matching events?

Enriching Proxy Log data containing userid and IP address with DNS & Active Directory attributes, how do we handle subsearch result limits?

Map on splunk 6

timechart X axis

How to link two sources with equals fields in each?

Displaying chart in real-time with fixed earliest/latest

How To Get = sum(set A events) / sum (set B events).

Does dbquery results count toward daily index license?

Postprocessing search with tokens in base search not returning results

Dashboard not showing correct results

How to chart URLS by error code percentage

framework and splunk both run?

How do you create a threshold on a bar chart to show when certain cpu/computer (e.g server) resource(s) exceed its normal threshold?

How can I edit my search with multiple appendcols to improve performance?

Help with creating search to chart current data against calcuated averages.

How to use a lookup table in a search to match any IPs or domains found in a column, but ignore any values older than 90 days?

Timechart distribution of stats count result

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions