Splunk Search

Discussions

Thread Info

Why two searches work separately, but subsearch leads to no results?

Beginner here, I've been trying to practice subsearching, but I've come across a problem I couldn't figure out how...

by Path Finder in

How to list values for a multivalue field by both date and percentage?

Okay, so I'm trying to create a funnel in Splunk. I have a multivalue field, I need to recalculate the values into pe...

by Explorer in

How to group calculated unique values by another field without using a subsearch?

Hi folks, I have a problem. I've done a search displayed below and I'm filtering some types of products (produto)....

by Explorer in

How to limit the character length of the date field?

How do I limit the characters of a date field to be a certain length? I.e my date field looks as follows: 2012-01-...

by Path Finder in

Use variable from views.py on a Django search manager

Hi all, Using Splunk 6.2.2. I want to use a single Django template for several different sources that follow th...

by Path Finder in

Field categorization

Hi All, A quick question reagrding the symbols "#" and "a" (alpha I believe), on the left hand side of a filed nam...

by Contributor in

enumerating field names as a new field

Dear all, I have in splunk events of this simple structure fileldX=value, like field1=..., field2=..., ... fiel...

by Path Finder in

How to make the Search and Reporting app the default landing page for a user?

I have an App landing page which is not working fine. I want to make the Search and Reporting app as the default page...

by Explorer in

Averages skewed by empty time buckets

When creating a report of the max count/minute and average count/minute by host for a specific error there seems to b...

by Path Finder in

how do I clac time out using eval

in,out,name 05-06-2015 11:37:04,05-06-2015 11:37:04 ,uid2 05-06-2015 11:36:06,,uid2 how do I do this, If out time ...

by Engager in

Why does dedup not return any results?

Below is an example of a log file I'm trying to analyse (thousands of entries). I wish to remove duplicate entries ba...

by Explorer in

Spunkd normal process count?

Hi, What is the normal process count for splunkd? Am having two processes for splunkd both for my forwarder & s...

by Explorer in

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

I'm trying to filter out events from a search based on a list of strings retrieved from the results of another search...

by Path Finder in

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

This is related to http://answers.splunk.com/answers/136754/splunk-sdk-fields.html. I've tried searching via the ...

by Splunk Employee in

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Hi, I have a chart like this from a search: source="*.log" "Found TaskId" | | dedup source | eval FileFoundDa...

by Path Finder in

Where to enable the "dbx_capable" capability in Splunk DB Connect?

I have a Prod and Non-Prod instances of Splunk running. A former admin installed DBX in both. In trying to setup the ...

by Engager in

What is Parameters must be in the form '-parameter value'

I'm new to Splunk and I'm trying to add monitor to my logs as: ./splunk add monitor -auth admin:changeme /var/lib/mys...

by New Member in

How to write a search to get the total count of emails sent out and the count for each individual mail ID?

I have a search which gives the total count of emails sent out from 5 different mail ids. I use a scheduled report fo...

by Path Finder in

How to extract interesting fields from JSON data pulled from Google Places' API?

Hi! I'm trying to get Information from Google Places into our Splunk. We want to analyze how we get rated on socia...

by Communicator in

stats, earliest() and report acceleration

I have a search that basically looks like this: some source | stats earliest(_time) as _time latest(_time) as end ...

by SplunkTrust in

problem with field that contains character "\\"

Hi, I have a log with this type of content: domain\\user. I have extracted this info with field extraction called ...

by Path Finder in

How to extract information from my sample log file?

I am new to Splunk but am given a tight deadline to explore the possibility of using Splunk to extract information fr...

by New Member in

How to get results of two searches and compare them?

i have two searches: earliest=-10m index=perfmon server=web1 sourcetype="Perfmon:CPUTime" | stats avg(Value) as C...

by Engager in

How to rename table field names dynamically in a search?

Sample EventList for my scenario given below: ID=1 | Name=sankar | Age=20 | Dept=Computer science | Programming=60...

by Path Finder in

How to write a search to find which tablets have a latest status of Error or Corrupted?

Hi all, I have an event sent with the information if a tablet downloaded app successfully or not. If it faces prob...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why two searches work separately, but subsearch leads to no results?

How to list values for a multivalue field by both date and percentage?

How to group calculated unique values by another field without using a subsearch?

How to limit the character length of the date field?

Use variable from views.py on a Django search manager

Field categorization

enumerating field names as a new field

How to make the Search and Reporting app the default landing page for a user?

Averages skewed by empty time buckets

how do I clac time out using eval

Why does dedup not return any results?

Spunkd normal process count?

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Where to enable the "dbx_capable" capability in Splunk DB Connect?

What is Parameters must be in the form '-parameter value'

How to write a search to get the total count of emails sent out and the count for each individual mail ID?

How to extract interesting fields from JSON data pulled from Google Places' API?

stats, earliest() and report acceleration

problem with field that contains character "\\"

How to extract information from my sample log file?

How to get results of two searches and compare them?

How to rename table field names dynamically in a search?

How to write a search to find which tablets have a latest status of Error or Corrupted?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions