Splunk Search

Discussions

Thread Info

How do I get a count from multiple sources after mvexpand on multiple fields?

Hi, I'm redoing a search to avoid using join as it was truncating results. I'm trying to get a count after searching ...

by Path Finder in

Why is strptime not returning results for a date field in my data?

I have a time in the following format: 2015-08-11 16:31:25.973 in a field called "Last Modified On". The data comes f...

by Communicator in

How to limit streamstats sum to a range of values?

We are running a CUSUM function where we do not want the value to run away either too high or too low (negative). Ide...

by Explorer in

How do I get rid of double quotes for dashboard table

I have a log message that contains white space so it is logged with double quotes: reason="enter reason here" The ...

by Engager in

How to search the percentage of occurrences of certain values in a field?

Hi, I have a table like this: userID is_successful version userA true ...

by Engager in

How do I convert the time in my table to a human readable date format?

Hi everyone, I want to make a table that gives me the quantity of purchases for each product for the last 3 days. ...

by Communicator in

How to define chart end time? Missing data is displayed as blank space.

I have events that are delayed by some time that I want to plot in a chart. Let's say there is a 1 hour delay. Ho...

by Champion in

X axis label Rotation in JSchart

Hi EveryOne, Newbie here, I just wanted to know how to change the orientation of x-axis labels in splunk 5? I trie...

by Explorer in

Search Logs

Hi, I wonder whether someone may be able to help me please. From the answer I found here I'm using the query below...

by Motivator in

Unable to search for regex extracted fields in fixed length file format

Hi, I'm seeing some very unusual behavior when extracting fields in Splunk 6.2. Basically I can see the fields are...

by Communicator in

How to align values in a column with values from another column?

I basically have 2 searches that I am combining using appendcols. 1 search is for each element. It looks something li...

by Motivator in

How to extract nested exception/message

Hi, I need to extract the Exception and Message independently that occurs after the Nested Exception line below. I...

by New Member in

How to use subsearch to produce arguments for eval?

Hello, I want to use a line predefined, to extract fields from _raw field. e.g. "Name||Phone||Address" ==> ....

by Engager in

Using eval with subsearch stats as an argument

Hullo, I have a set of messages as data which are various events being sent from an app. Every single message has ...

by Explorer in

How to break events from JSON data.

Hi I have JSON data which I have to break into events. The data looks somewhat like: { "data": [ { ...

by Explorer in

Is there any effective way to improve the speed of my search to fetch details of all eventtypes and their source?

Hi, I need to fetch the details of all the eventtypes and their source through a search. I use the search below, ...

by Path Finder in

Will the search "host=XX*" search all hosts in all indexes, or will it only search hosts in the default index?

When I run the search as: host=XX* will this search all the hosts in all the indexes, or will it only search hosts i...

by Path Finder in

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

Is there a way to round up the average, max and min values to 2 decimal places - without disrupting the sparkline dis...

by Path Finder in

Why splunk stop to extract new fields for some reason?

Hi Splunkers, I will cut the intro and talk straight to the problem: I have 5 fields that were declared on prop...

by Communicator in

What is the difference between earliest/latest and starttimeu/endtimeu?

In my case I was using the map command with starttimeu/endtimeu but I'm not sure WHY i'm using those in the subquery ...

by Path Finder in

Column comparison for authentication

Hi, I created a search which provides me with the usernames of all user which have logged on, i have another colu...

by Explorer in

Display result of two sources in the same map

Hi everyone, I have two dashboards that display results on a map. The first dashboard displays results for source1...

by Explorer in

Report on latest status per host

Hi, I have put together a database input that queries a sql table that logs events against hosts. The events I"m i...

by Communicator in

How to change line graph color?

I have this code for rendering the charts var rbCpuChart = new ChartView({ id: "element5", manager...

by Explorer in

Evaluating and converting dates in search query

I have a graph that displays an average value per day over a week as columns. When clicking a specific column a line ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I get a count from multiple sources after mvexpand on multiple fields?

Why is strptime not returning results for a date field in my data?

How to limit streamstats sum to a range of values?

How do I get rid of double quotes for dashboard table

How to search the percentage of occurrences of certain values in a field?

How do I convert the time in my table to a human readable date format?

How to define chart end time? Missing data is displayed as blank space.

X axis label Rotation in JSchart

Search Logs

Unable to search for regex extracted fields in fixed length file format

How to align values in a column with values from another column?

How to extract nested exception/message

How to use subsearch to produce arguments for eval?

Using eval with subsearch stats as an argument

How to break events from JSON data.

Is there any effective way to improve the speed of my search to fetch details of all eventtypes and their source?

Will the search "host=XX*" search all hosts in all indexes, or will it only search hosts in the default index?

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

Why splunk stop to extract new fields for some reason?

What is the difference between earliest/latest and starttimeu/endtimeu?

Column comparison for authentication

Display result of two sources in the same map

Report on latest status per host

How to change line graph color?

Evaluating and converting dates in search query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!