Splunk Search

Discussions

Thread Info

Check status in progress with closed/resolved

Hi, I am trying to create an alert that I need check if status "work in progress" was opened for more than 1 hour,...

by New Member in

How to edit my search to create a moving average based on 3 parameters?

I have the following data. The count field is calculated based on the method, status and date (I would also have the ...

by New Member in

How do I export a chart as a high-quality image?

Struggling a bit to find an answer to this. Can anyone suggest a way to create a sharp, high-quality image export ...

by Explorer in

How to extract curly brackets in regular expression

Hi, I am having a problem extracting fields that have curly brackets {} I have the log file line; 2015.06.24 11:55...

by Communicator in

Multiline table column header

I have a table that has long column headers. Can i make these headers multi-line formatted? old table headers: Ser...

by Engager in

carriage return in transaction results

I am using transaction and sending the result to an external workflow. The combined results from transaction appear o...

by Engager in

When using an API to enrich my data, how can I control how many requests Splunk sends to my external lookup script?

When using an API to enrich my data, for example running MD5 hashes in my logs against VirusTotal's API, how can I co...

by Path Finder in

Run search according to user inputs(If/Else conditions)

Hi, I want to run search queries depend on user input,ie what user selecting from dropdown. eg:if user choose ...

by Communicator in

search with NOT (a time-based auto-looked-up-field value here)

In props.conf, I have a time-based auto-lookup: "LOOKUP-jobstart = jobstart host OUTPUT jobid, user", against a perio...

by Path Finder in

Extraction of multiple events from a single variable length event

Hi Splunkers  I have some variable length NAT translation events in the following format: Apr 12 11:42:23 1.2....

by Builder in

How to get a max point in a given range

Hello Splunkians (?). I have a table of data with 2 fields : host / data_used_mb / _timestamp host data_used_mb...

by Explorer in

eval assigns value based on subsearch, but says expression is malformed

Hi all, I have a saved search containing an eval and a subsearch that seems to work successfully: source="S2 C...

by New Member in

Need help with subtotals in search

Using the search below i get the results in the first table. I would like to show subtotals (in some fashion) like th...

by New Member in

Why am I not seeing any values for fields created with the eval command in my search?

I have this search, but I am not seeing any values for Requests: (status=200 OR status>399) | eval Type=if(status=...

by Contributor in

Macro with a macro-name-argument

Can a macro be defined, that takes another string as the name of the macro, which gets ‘eval’ed first based on the ev...

by Explorer in

How to join extracted, multi-value SourceTypeA:field_a with extracted SourceType:field_b?

I want to compute a join of an extracted, multi-value SourceTypeA:field_a string variable with an extracted SourceTyp...

by New Member in

extract _time from one search and apply to another

vmstat , net stat is captured every minute. While access_combined has entires whenever traffic comes in (every second...

by Path Finder in

substr field comparison and negative matching

Hi, I've tried a few of the hints here to solve this one elegantly but can't quite get there. I have two source...

by Contributor in

Rename aggregated group by fields with colon separator

I have a search query that uses a regular expression to place values in a field/variable and then it aggregates value...

by New Member in

What are the correct stats functions to use to get the first and last event for a host in a specified time range?

What is the correct stats function to use to get the last event for a host in a specified time range? first(_raw) or ...

by Motivator in

Need to calculate average and sum of values

I have a data in the below format: Date time column1 column2 03-07-2015 00:00 10 17 03-07-2015 00:30 16 62 03-07-2...

by Path Finder in

Convert IP address into hostname

Hi, Is there a way on search query to resolve any IP result into hostname? Thanks

by Communicator in

date strftime convert and show last 4 days

Hey guys, i have | eval Date=strftime(strptime(data,"%Y/%m/%d"),"%m/%d") returning 07/02 07/01 06/30 06/29 06/28 ...

by Contributor in

Splunk Search limits results to 1000 events only

The following Search command: error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) result...

by Path Finder in

Need help with totals in subsearch

I have a search and subsearch. The search looks for an IP addresses occurring more than 50 times and returns the coun...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Check status in progress with closed/resolved

How to edit my search to create a moving average based on 3 parameters?

How do I export a chart as a high-quality image?

How to extract curly brackets in regular expression

Multiline table column header

carriage return in transaction results

When using an API to enrich my data, how can I control how many requests Splunk sends to my external lookup script?

Run search according to user inputs(If/Else conditions)

search with NOT (a time-based auto-looked-up-field value here)

Extraction of multiple events from a single variable length event

How to get a max point in a given range

eval assigns value based on subsearch, but says expression is malformed

Need help with subtotals in search

Why am I not seeing any values for fields created with the eval command in my search?

Macro with a macro-name-argument

How to join extracted, multi-value SourceTypeA:field_a with extracted SourceType:field_b?

extract _time from one search and apply to another

substr field comparison and negative matching

Rename aggregated group by fields with colon separator

What are the correct stats functions to use to get the first and last event for a host in a specified time range?

Need to calculate average and sum of values

Convert IP address into hostname

date strftime convert and show last 4 days

Splunk Search limits results to 1000 events only

Need help with totals in subsearch

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions