Splunk Search

Ask a Question

Discussions

Thread Info

Combining and summing the results of two searches

Hi - I have two searches that have the same fields exactly but from different sources. I would like to join and...

by New Member in

How can I extract the 3 or 5 digit number and 2 3-letter words after "Request" in my sample log?

The log is: 2015-06-15 15:50:29,381 ws prd 62 WARN JourneySearch # # # # Blocked Incoming Request 13360-PSA-LIS ...

by Explorer in

How to extract session ID list and perform another search over it?

Hi folks, I need a solution for counting one thing by extracting a list of ID's from the same index. My log archiv...

by Explorer in

Calculate a percentage on chart count over some span

Hi there, I have response time data in ms in a table field ElTime. I want to band this based on 1000ms second brac...

by Explorer in

Count matches between values from two different events with different time ranges

Okay, this is a bit difficult to explain, which is also why I'm not sure it hasn't already been answered, but here go...

by Explorer in

What endpoint for schedule searches?

Using REST API to call curl command, what is the exact endpoint to hit in order to create a scheduled search with all...

by Builder in

How to use rex and sed to insert '-' and ':' in the result?

Hi, I'm new to Splunk. I have a query that extracts the date and time from the name of a log file. Logfile names are ...

by Explorer in

How to extract "seconds" and "documents" fields from each event, chart the average of seconds/document, and alert if the average is greater than 1?

Trying to get an alert from Splunk when an average for a specified time and number of documents > 1. Example taken fo...

by Communicator in

how to use where parameter?

Hi, I am using where clause but it is not giving any result. It showing the result as (0) in counts section. My qu...

by Communicator in

How do i filter out all but the most recent results for a particular field

I'd like to create a search that allows me to filter out all the old results and only give me back the latest result ...

by Engager in

How to do a lookup in SPLUNK without using lookup files?

Hi Experts, Currently I have my index data as below order_id, order_status 12345, Submitted and currently I ...

by Communicator in

Stats command returning no results if field does not exist.

My specific example is regarding an Active Directory index. This is my basic query; index="ad_test" objectClass="*...

by Communicator in

How to convert an IP address via props.conf and transforms.conf from HEX to decimal format?

I have set up a forwarder on my machine to send netflow data from a directory into splunk. The setup is as follows: ...

by Path Finder in

How to write a search and alert if one IP visits one Visit Order over N number of times within a certain time range (T)?

Hi, Now, we have the following use case, but I don't know how to write the search. Please help~ In application ...

by Explorer in

Dynamic assignment of Right Y-axis parameter

Like the example here (http://docs.splunk.com/Documentation/Splunk/6.2.3/Viz/Chartcontrols), I need to assign a param...

by Path Finder in

Hole in my "Bucket" - field value mixes Net_ID and computer names. Is it possible to split into computer bucket, Network ID bucket?

The sourceType I was told to mess with has a "Name" field. The field sometimes holds the value of a users Network ID ...

by Path Finder in

Splunk DB Connect 1: Why am I getting error "command="dbquery", A database error occurred: Invalid Fetch Size"?

Hi, I keep getting the following error in DB connect 1. I have setup the External Database and can use it for look...

by Contributor in

How to search the distinct counts of failed and successful usernames used in login transactions, group by IP, and total for each IP?

I am trying to pull distinct counts of failed and successful usernames used in login transactions grouped by IP addre...

by New Member in

XML Tree has null values, using "table" command. How to fillnull values with a value (like "not_defined")

My XML tree has null values for certain fields. I am using "table" command to display fields in a tabular format. I a...

by Explorer in

Can I compare a field from two or more subsearches?

We have three environments test, stage and prod where we run a script that creates a log file that pr. event lists na...

by Contributor in

How to match two lines by a common ID within the same file and extract a field from the second line?

How can I match 2 lines of the same file that have a random number of other lines between them? 1111 Start Sub Tra...

by New Member in

How to edit my props.conf to extract a field with leading zeros as a number instead of a string by default?

HI, I have a field which has a lot of leading zeros. Currently, this field is getting extracted as a string field....

by Builder in

How to extract 2 multivalue fields and search the list of each fieldA that has more than one fieldB?

From following search result - I want to extract User-Name and Calling-Station-Id, and both fields have multiple valu...

by New Member in

How to display a bar chart instead of pie chart in a Splunk 6.2.1 map?

Hi, The default behavior of Splunk is to show a pie chart in a map, but my requirement is to show a bar chart inst...

by New Member in

How to sort events in ascending order by date with the correct date format?

Hello, I'm trying to order specific events from our application log for visualization. search string : in...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Combining and summing the results of two searches

How can I extract the 3 or 5 digit number and 2 3-letter words after "Request" in my sample log?

How to extract session ID list and perform another search over it?

Calculate a percentage on chart count over some span

Count matches between values from two different events with different time ranges

What endpoint for schedule searches?

How to use rex and sed to insert '-' and ':' in the result?

How to extract "seconds" and "documents" fields from each event, chart the average of seconds/document, and alert if the average is greater than 1?

how to use where parameter?

How do i filter out all but the most recent results for a particular field

How to do a lookup in SPLUNK without using lookup files?

Stats command returning no results if field does not exist.

How to convert an IP address via props.conf and transforms.conf from HEX to decimal format?

How to write a search and alert if one IP visits one Visit Order over N number of times within a certain time range (T)?

Dynamic assignment of Right Y-axis parameter

Hole in my "Bucket" - field value mixes Net_ID and computer names. Is it possible to split into computer bucket, Network ID bucket?

Splunk DB Connect 1: Why am I getting error "command="dbquery", A database error occurred: Invalid Fetch Size"?

How to search the distinct counts of failed and successful usernames used in login transactions, group by IP, and total for each IP?

XML Tree has null values, using "table" command. How to fillnull values with a value (like "not_defined")

Can I compare a field from two or more subsearches?

How to match two lines by a common ID within the same file and extract a field from the second line?

How to edit my props.conf to extract a field with leading zeros as a number instead of a string by default?

How to extract 2 multivalue fields and search the list of each fieldA that has more than one fieldB?

How to display a bar chart instead of pie chart in a Splunk 6.2.1 map?

How to sort events in ascending order by date with the correct date format?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions