Splunk Search

Ask a Question

Discussions

Thread Info

Issues with Knowledge Bundle in Splunk Cluster (SHC + Index Cluster)

Hello all, We have this Splunk 6.2.1 Architecture, on Linux VM machines: 3 SH in SHC 1 Master + Deployer 3 Clus...

by Motivator in

Extract field from another field

Hi All, I am having a field which has content like below abc xyz sksk lsmlmlspmwmlmwpn wonmwm:29299 (abcxmmowmo...

by Path Finder in

Join truncating the result. how to avoid it?

I have the following query, index="index" tag=tag1 sourcetype=access_combined "def"|fields correlation_id|join cor...

by Path Finder in

table at first has results but in the end has 0 event

hi everybody, I met very strange stiuation when I do the search. This is the code: ... |transaction id mvlist=t start...

by Engager in

Search with result shows No results Found error after 100% completion of the search

My search shows results when it is executing.. But after 100% completion of the search all the listed records are dis...

by Builder in

How to find the sum of FieldA for each distinct FieldB and timechart the average of each unique sum?

Invc Sales Order Number = Invoice # that will exist across multiple events Inv = $$ I need to sum the Inv for Each...

by New Member in

How to create a pie chart for my search to show the percentage of each number displayed in the table?

I would like to create a pie chart for the following search. sourcetype="my_sort" earliest=-30d| dedup host | tabl...

by Path Finder in

Finding paired events that are out of sequence (missequenced) or missing partner events

We have a system that generates user-level start and stop event logs. Assume all events have a userID and sessionID a...

by Esteemed Legend in

set y axis limit on bar chart

I would like the max number of my Y axis to be 60. I so have some numbers that are higher than 60 in my data, but I d...

by Path Finder in

Host Extraction REGEX in Transforms failing for lengthy events.

After realizing the hostname of a Blue Coat appliance was at the end of the incoming events, we created a host name e...

by Splunk Employee in

How to extract multivalue fields from XML data at search-time?

Hi all, I indexed a XML file and I am trying to extract some fields at search-time. What I'm trying to do is e...

by Path Finder in

Why stdev returns zero

Hi there, I'm working on this query: index=checkin host="prod" earliest=-0d@d latest=now (description="Intento de ...

by Engager in

How to compare number of events during two specific time periods and display status according to result ?

I’d like to compare 1) the number of events received in the last 30 minutes with 2) the average number of events rece...

by New Member in

Can Tree Map possible using Splunk Enterprise ?

Hi Splunkers, Can it be possible to create a Tree Map using Splunk. If yes, Can any one please guide me in doing t...

by Contributor in

Extract only global IP with rex

Hi there, I want to extract only global IP addresses of destination from the internet access logs. Our server segment...

by New Member in

How to search the count of successful and failed logins, the ratio by IP, and the usernames successfully logged in from those IP addresses?

Hi all, 'fraid I'm still a newbie, so I am probably trying to do too much or the impossible but I'll try and expla...

by Path Finder in

How to edit my search to find the name of each server that has not reported in the last 4 hours?

Hi all, I am a new one to splunk. Now i am facing some problem to get the data as I want. I have more than 250 se...

by New Member in

How to get max hits for a field ?

So, I have a search with a regex that has pulled 2 different fields- lets say user and client. the url is somethin...

by Path Finder in

how to mask data in data model?

Sample: 1234/rani/abc1234/dfh Need to get output as */rani/*/dfh

by Path Finder in

How to include "Other" in pie chart.

I have total 100 host data. But i am displaying 20 hosts in my pie chart with sort 20 command. I want other option to...

by Path Finder in

Multiple Stats Amounts using a Lookup Table

HI, Can't seem to get this working. This is what I want, so I can do a multi stacked bar chart. Columns: Place, S...

by Contributor in

combine 2 searches

I have a search that finds computers that have not checked in for the last couple min. It seems to give the results I...

by Path Finder in

Eval On Field With Multiple Values

I'm trying to get the time difference of two dates on a table but when my user has multiple values for the end_date a...

by Explorer in

How to edit my props.conf and transforms.conf to set the Host value to a portion of each event?

I'm trying to set my "host" field to a portion of each event (it's traffic logs aggregated from a number of places) a...

by New Member in

Why is my stats list() search not matching values correctly in the resulting table?

I have a web service called CreateOrder.. This has a request and response which has a unique identifier called a GUID...

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Issues with Knowledge Bundle in Splunk Cluster (SHC + Index Cluster)

Extract field from another field

Join truncating the result. how to avoid it?

table at first has results but in the end has 0 event

Search with result shows No results Found error after 100% completion of the search

How to find the sum of FieldA for each distinct FieldB and timechart the average of each unique sum?

How to create a pie chart for my search to show the percentage of each number displayed in the table?

Finding paired events that are out of sequence (missequenced) or missing partner events

set y axis limit on bar chart

Host Extraction REGEX in Transforms failing for lengthy events.

How to extract multivalue fields from XML data at search-time?

Why stdev returns zero

How to compare number of events during two specific time periods and display status according to result ?

Can Tree Map possible using Splunk Enterprise ?

Extract only global IP with rex

How to search the count of successful and failed logins, the ratio by IP, and the usernames successfully logged in from those IP addresses?

How to edit my search to find the name of each server that has not reported in the last 4 hours?

How to get max hits for a field ?

how to mask data in data model?

How to include "Other" in pie chart.

Multiple Stats Amounts using a Lookup Table

combine 2 searches

Eval On Field With Multiple Values

How to edit my props.conf and transforms.conf to set the Host value to a portion of each event?

Why is my stats list() search not matching values correctly in the resulting table?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions