Splunk Search

Discussions

Thread Info

How to search call data records to find parallel concurrent calls from the same originating telephone number?

I have an index of telephony call data records where each record has an event_start_timestamp, mapped to the event ti...

by Path Finder in

Why does "search host!=ComputerName" return all results?

I'm looking for Splunk Universal Forwarders that have a different name registered other than the actual host name. Th...

by Explorer in

How to add "point-in-time" annotations to a chart?

I'd like to "annotate" a graph which shows performance over time with what points the releases have been at. I see...

by Explorer in

How do I write a search that outputs a table where each Computer_Name has 3+ variables and their counts

So I am trying to output audit failures in a readable manner while displaying relevant data. I am trying to output th...

by Path Finder in

Nested "Where" Commands - Error: The expression is malformed

I'm trying to filter the results of a search based on the results of a (pretty complex) subsearch using the where com...

by Path Finder in

How do I edit my if else search for comparing two values?

I have a field Name and a field ID. So a person named Adam has an ID 1. The next time Adam is renamed Rob, but ID rem...

by Communicator in

How to display a chart with values and also a timechart below that?

I'm trying to show a chart and need to show the actual values. At the same time I would like to display a linear time...

by Path Finder in

How to write a conditional timechart search that will not count more than 1 event per day?

I'd like an efficient search that will return either "Yes" or "No" for a timechart per day. I would imagine a limitin...

by New Member in

How handle time-based join with streamstats

I have 2 sets of events, 1 for registration events, and 1 for host state events. There is a common field between the ...

by New Member in

How to apply a regex filter to my pivot?

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Pivot#Filter_element According to this, there is...

by Communicator in

Why are Interesting Fields not yielding complete values in the search result?

Hi, When a blank space is introduced in values, the search results are not yielding complete values. Please see de...

by Explorer in

How to combine two fields, but add quotations marks around one of the fields prior to combining?

Hello folks, I am trying to combine two fields by string; however, I need to put quotation marks around one of the...

by Explorer in

How do I edit the regex in my search to extract a part of a string?

by New Member in

How to split a string into multiple fields using whitespace as delimiter

Hi, I have a field called "details" with the following value: details GAP 16 GAP PLI 31 ...

by New Member in

Why is my rex search not extracting the field from my event?

Dear all, I want to extract a field from the event, and name it retail, and then use this new field to make a calc...

by Path Finder in

How to make the search dynamic - continuation of "How to use rex and sed to insert '-' and ':' in the result?"

I have different environments. In each environment logs are located in different path. e.g.: C:\Program Files\Splunk....

by Explorer in

How to parse and extract unstructured .log file data in Splunk?

04/07/15 23:55:01 Device: a b c d e f g h i j k 1ppd 0.00...

by Explorer in

When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?

When we create a statistical table using table command , is there a way to disable sorting of data on click of table ...

by Communicator in

How to search a lookup table to find any IP addresses that match the IPs in my firewall events?

I have a lookup table called - c2cisp.csv. the definition is called c2cisp. The table has a field name ip. It contain...

by Explorer in

How do I get results from Splunk searchmanager JavaScript into Google JavaScript API to draw charts?

How to get data results from a searchmanager javascript into google jsapi to draw charts? All My Searches and Post...

by Communicator in

Customize a CSS file to modify the color palette of charts

Our team is currently using Splunk within core dashboards within the Splunk software and through embedded reports on ...

by Splunk Employee in

How to search two Indexes, but only use the dedup command for fields in one index?

I would like to search two different SourceTypes where one SourceType pipes a dedup command on fields that only that ...

by Engager in

How do I write a search to get a table of metrics to show the count of different Markets by Site?

Hi, I have a requirement where I want to display a metrics table. Vertically, I want to show different sites like...

by Communicator in

Find hosts matching naming criteria in Splunk?

We use this search quite a bit, and love it. In this example it provides a list of all hosts (servers) reporting to s...

by Explorer in

Why does my search produce error "Search process did not exit cleanly, exit_code=254" in my search head clustering environment?

What could cause this error? I have a distributed search environment with a Search Head having multiple indexers, and...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search call data records to find parallel concurrent calls from the same originating telephone number?

Why does "search host!=ComputerName" return all results?

How to add "point-in-time" annotations to a chart?

How do I write a search that outputs a table where each Computer_Name has 3+ variables and their counts

Nested "Where" Commands - Error: The expression is malformed

How do I edit my if else search for comparing two values?

How to display a chart with values and also a timechart below that?

How to write a conditional timechart search that will not count more than 1 event per day?

How handle time-based join with streamstats

How to apply a regex filter to my pivot?

Why are Interesting Fields not yielding complete values in the search result?

How to combine two fields, but add quotations marks around one of the fields prior to combining?

How do I edit the regex in my search to extract a part of a string?

How to split a string into multiple fields using whitespace as delimiter

Why is my rex search not extracting the field from my event?

How to make the search dynamic - continuation of "How to use rex and sed to insert '-' and ':' in the result?"

How to parse and extract unstructured .log file data in Splunk?

When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?

How to search a lookup table to find any IP addresses that match the IPs in my firewall events?

How do I get results from Splunk searchmanager JavaScript into Google JavaScript API to draw charts?

Customize a CSS file to modify the color palette of charts

How to search two Indexes, but only use the dedup command for fields in one index?

How do I write a search to get a table of metrics to show the count of different Markets by Site?

Find hosts matching naming criteria in Splunk?

Why does my search produce error "Search process did not exit cleanly, exit_code=254" in my search head clustering environment?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions