Splunk Search

Discussions

Thread Info

Why does adding a field filter (by clicking on the field's value in the fields listing on the left) eliminate all search results?

When I run a search ( sourcetype="fieldtest"), I see that there are two events with a field called third and a value ...

by Communicator in

How can I produce a report which lists out all the devices reporting to Splunk?

Forgive my newbieness - I've tried doing this with: | metadata type=sourcetypes index="*" but the output is dif...

by New Member in

what is the syntax of the custom condition search

hi what is the syntax of the custom condition search I have a search like earliest=-5m heartbeat | stats co...

by Path Finder in

Extract value from multiple events that have different fields?

Below is my query which list about 80 events grouped by a certain ID (488e5185-42d7-4eec-bcb5-43590ae751a0). The eve...

by Path Finder in

How to format stats table results as rows of strings without column headers?

Search: index=ctap host=sc58* sourcetype=gateway "CTIPOP CALL RECEIVED" acct="*" | stats count by acct | eventstat...

by Path Finder in

Splunk upgrade from 5.0.9 to 6.1.2: Why can't I search?

Upgraded from Splunk 5.0.9 to 6.1.2. Can't search. Seeing the following message: "In handler 'jobs': Cannot perform a...

by Splunk Employee in

How to write a search to graph the duration scripts ran using "begin" and "finished" time fields?

Right now I have two different scripts: report scripts and procedure scripts. They have a begin and finished time. I ...

by Communicator in

Combining two line charts displaying values from the same field name

I have 2 searches :` index=os_windows Host="usatlb9*" object="Network Interface" counter="Bytes Total/sec" |timec...

by Communicator in

Real time search tuning

hello, Splunk 6.13/CentOS 6.4 I recently had a Splunk outage. My monitoring software showed, plenty of IO, CPU...

by Builder in

Is there any way to measure byte size per counter?

Hi Splunk Experts, I would like to ask, if there's a way to measure the data size (in bytes) for each counter? For...

by New Member in

Trouble with Field Extraction with multiple values on multiple lines

For the below data I want to create fields highlighted in data. The problem while extracting is that the data is in m...

by Explorer in

How to fill the null values in search results

How can I fill null value in the following result with desired value, e.g. 0: mysearch | stats count by host I ...

by Path Finder in

Why is dedup not working with this search?

When I run the following search, I get 100+ results of src_ip 1.2.3.4 and signature X: index=http status=200 src_i...

by Explorer in

Extrating fields with the single dates of the month?

Hi Splunkers, Im having this serious problem. Is there any way to transform or modify a log coming to a certain in...

by Communicator in

Do I have to turn count and if on like we have to do with delete?

Hi guys, I am having some trouble trying to do a search. I want to do a search that involves the tools count and i...

by Path Finder in

How to grep or awk in splunk?

Hi, I am using this query in splunk search - index="some_index" | dedup source | sort -source | dedup sourcetype |...

by Explorer in

How can we get the scatter chart mentioned in http://www.splunk.com/view/SP-CAAACGB to work?

How can we get the scatter chart mentioned in the link http://www.splunk.com/view/SP-CAAACGB to work?

by Explorer in

How to search for transactions associated with another field?

I have to send automated reports to a partner with logs and MSISDN that failed due to timeout. Logs are divided by st...

by Explorer in

Formatting a multi column report.

I managed to get the following report from Splunk (excuse the lines, trying to format it for viewing): mrSTATUS---...

by Communicator in

sum of all the fields and aggregate sum

Hi, I am having a tough time in creating overall sum and aggregate sum. Here is my issue: I have multiple value...

by Path Finder in

How can I search a list of users with all the roles and indexes assigned?

I found this search | rest /services/data/indexes | table title | rename title as index_name | eval joinfield=if(s...

by Splunk Employee in

Custom search command simple example?

I've read the docs and iterated many times to try to get a simple command to work which pipes events to it. Examp...

by Explorer in

Is there any way to add a new "Save As" option other than "Report" or "Dashboard Panel"?

Currently, the "Save As" option near search bar allows to store the result as Report or Dashboard Panel. I was wonder...

by Explorer in

Why am I unable to fetch data by using column names?

Case 1: index=xyz | rex "(?i)<ticketId>(?P<TICKETID>[^<;]+)" | stats values(TICKETID) as TICKETID by processname ...

by Explorer in

Adding a Field from a Subsearch Using Join - Inaccurate Results

I'm trying to add a field to my main search based on the values retrieved from a subsearch. More specifically, my mai...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does adding a field filter (by clicking on the field's value in the fields listing on the left) eliminate all search results?

How can I produce a report which lists out all the devices reporting to Splunk?

what is the syntax of the custom condition search

Extract value from multiple events that have different fields?

How to format stats table results as rows of strings without column headers?

Splunk upgrade from 5.0.9 to 6.1.2: Why can't I search?

How to write a search to graph the duration scripts ran using "begin" and "finished" time fields?

Combining two line charts displaying values from the same field name

Real time search tuning

Is there any way to measure byte size per counter?

Trouble with Field Extraction with multiple values on multiple lines

How to fill the null values in search results

Why is dedup not working with this search?

Extrating fields with the single dates of the month?

Do I have to turn count and if on like we have to do with delete?

How to grep or awk in splunk?

How can we get the scatter chart mentioned in http://www.splunk.com/view/SP-CAAACGB to work?

How to search for transactions associated with another field?

Formatting a multi column report.

sum of all the fields and aggregate sum

How can I search a list of users with all the roles and indexes assigned?

Custom search command simple example?

Is there any way to add a new "Save As" option other than "Report" or "Dashboard Panel"?

Why am I unable to fetch data by using column names?

Adding a Field from a Subsearch Using Join - Inaccurate Results

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions