Splunk Search

Discussions

Thread Info

Is there a way to extract a field that contains the delimiter within it?

I have a file that is delimited by " so that is what I am using to extract the fields, however, some events have a fi...

by Path Finder in

Is it possible to add a field automatically to events with using lookups in a search?

I am indexing web logs in Splunk and one thing I am trying to do is attempt to match the URI against a list of regexe...

by New Member in

What is the best way categorize environments for different sets of IIS logs to improve organization and efficient searching?

Hi, My question is regarding indexing IIS logs. We have about 50 websites on a single server. 4 websites make up 1...

by New Member in

Why is my search producing "Error in 'geostats' command: The argument 'lon1' is invalid."?

Hi, I'm trying to use the geostats command and got confusion. I'm running my search without geostats: some_stu...

by Explorer in

Google maps Errors

Hey , i ran a search string on Google Map application and i get the following errors: search string: source=myapp...

by Communicator in

How to create a dashboard and search using the interesting fields from my data?

i have below events in my logs and i want to create a dashboard using various options. id": "Warehouse40.541-79.82...

by Explorer in

Why am I getting different results in verbose mode versus fast mode joining two sourcetypes with one source limited to today's data?

I am trying to join two sourcetypes with a common field (ID). The problem occurs when I tried to limit one source to ...

by Communicator in

Time capturing regex for virtual index that points to AWS ELB logs in s3 bucket does not work

I am using a virtual index that points to AWS ELB logs in S3 bucket to run Splunk query. I have set this up using Hun...

by New Member in

How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search?

I have a csv file that I have not indexed and am using it directly through the inputcsv command. The problem is that ...

by Communicator in

Why doesn't my summary index dashboard appear to be updating to show the latest search performed?

Hi, I wonder whether someone may be able to help me please. I have successfully created a 'Summary Index' repo...

by Motivator in

How to search the average per item per day?

I want to get the average per day per item... e.g. Getting the total count per item is easy: stats count(Order)...

by Path Finder in

Get the difference of 2 columns after Grouping

After grouping to display a chart, where there are only 2 values produced, how do I calculate the difference between ...

by Path Finder in

Does TZ value specified in props.conf apply only to the Index timestamp?

Hi, The data that we fetch from a database has multiple time based columns (one in UTC, and the rest in BST). Our ...

by Path Finder in

How i set date by log path address ?

Hi have a log which is inside folder which folder name is date i give folder name or path is= C:\Users\T_NiteshS1\Doc...

by Communicator in

How do I convert the time picker date into readable date formats?

Hey guys, I have a dashboard table that populates from a SQL search query. The dates in the database are in a norm...

by Path Finder in

Splunk Architecture: How do you manage searching on multiple indexes that are OS specific, app specific, etc based on a set of hosts?

Hello all, We are trying to take a new approach on handling indexes and such. We want to switch indexes to be lik...

by Path Finder in

How to change the format of column timechart labels?

Need your help, We are aggregating data for 6 months and showing it in column charts to compare each year's data u...

by Builder in

Why does appendcols with search post-process fail?

I've got a search defined in a simple dashboard: <search id="jenkins_search"> <query>index=scm sourcetype=jenkin...

by Influencer in

If statement

Hi I am running search to get rating status in my report, not getting any result and getting error " Error in 'eval'...

by Path Finder in

How to convert current timestamp to time using splunk?

In my current timestamp filed . I Have a value like 2015-06-11-083912216431 I need the value like 08:39:12 The abo...

by Builder in

How to get a stats count against the sourcetype from lookup table while listing all other fields?

I have a lookup table that consists of 5 fields (index, sourcetype, description, owner, os). I would like to perform ...

by Engager in

if then to differentiate fields / variables?

I have data over time on the aging of ssd's that gives me a date, identifying information and a 'health' number. I wa...

by Explorer in

how to sort column chart based on month-year order

Need your help, We have column charts with the below query and its working fine, index="myindex" source="/opt/a...

by Builder in

How to reordering the chart columns fields?

My chart columns is in time format and its showing each column represent per hours and starts from 00:00:00 to 24:00:...

by Observer in

Duplicate events causing conflict - how to eliminate

I'm trying to create a series of inputs that require a change on selection. The first one drops down a list of us...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to extract a field that contains the delimiter within it?

Is it possible to add a field automatically to events with using lookups in a search?

What is the best way categorize environments for different sets of IIS logs to improve organization and efficient searching?

Why is my search producing "Error in 'geostats' command: The argument 'lon1' is invalid."?

Google maps Errors

How to create a dashboard and search using the interesting fields from my data?

Why am I getting different results in verbose mode versus fast mode joining two sourcetypes with one source limited to today's data?

Time capturing regex for virtual index that points to AWS ELB logs in s3 bucket does not work

How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search?

Why doesn't my summary index dashboard appear to be updating to show the latest search performed?

How to search the average per item per day?

Get the difference of 2 columns after Grouping

Does TZ value specified in props.conf apply only to the Index timestamp?

How i set date by log path address ?

How do I convert the time picker date into readable date formats?

Splunk Architecture: How do you manage searching on multiple indexes that are OS specific, app specific, etc based on a set of hosts?

How to change the format of column timechart labels?

Why does appendcols with search post-process fail?

If statement

How to convert current timestamp to time using splunk?

How to get a stats count against the sourcetype from lookup table while listing all other fields?

if then to differentiate fields / variables?

how to sort column chart based on month-year order

How to reordering the chart columns fields?

Duplicate events causing conflict - how to eliminate

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions