Splunk Search

Discussions

Thread Info

Tstats sort and get top values

Here is my search | tstats sum(Accounting.Input) as Inp, sum(Accounting.Output) as out from datamodel="Accounting" b...

by Communicator in

Search using NOT

I have a query like this to llist thread from datasummary1 which does'nt exist in datasummary2. (something like this ...

by Communicator in

Passing search result fields into a drilldown search through a drilldown link?

Hi, I have a parent dashboard search which display a chart(status) by hostname, module eg: hostname Module1 Mod...

by Explorer in

Chart Overlay in 6.0 - Horizontal Information Lines

Hi, I would like to create an information line on a chart, as a chart overlay in 6.0.5, I require a red and a yellow,...

by Builder in

Field in field

I have following message format. 2013-06-17 15:33:01+0200 appid="myapplication" responsetimems="155" message="Call...

by Explorer in

iplocation draws blank

This doesn't returns anything: | stats c | eval ip="107.181.233.178" | iplocation ip allfields=1 | table ip, Country,...

by Communicator in

Subsearch on results

Hi Answers, hopefully someone can help me figure this out. I need to see a list of all results and a distinct coun...

by Path Finder in

Why are users automatically getting logged out of Splunk the past few days and any running searches have to be re-run?

Since last few days the users that are logged in Splunk get logged out automatically. If any search is kept running i...

by Communicator in

Will splitting our data into separate indexes provide better performance of real-time searches?

We are currently running into issues where our indexers become overloaded and cannot process all of the search and in...

by Explorer in

Search for a string containing X

Hi there - I know how to search for parameters/variables that equal X value...but how to I construct a query to l...

by Explorer in

How to get my python script to trigger through a Splunk search?

Hi , I want to trigger my python script through a splunk search. Below is my code, but i don't know which files i ...

by Communicator in

Find events that occur after the time returned from a subsearch for a specific field

I have two sets of data. Both have account number and date along with a list of other fields. I want to search for ac...

by Explorer in

Regex If Statement Help

This field is called 'Name' and contains around 10000 sever names, I am trying to use an eval formula to create a col...

by Engager in

Strange behavior in regex extraction

Hi I want to extract the multi-value field "step" and this is how my event looks like: STEP: 1005 RESULT: PASS ACT...

by Builder in

How to configure timestamp recognition for JSON data inputs?

Hi Until now, I had comma separated text inputs from many of my sources. Using props.conf, I could define the time...

by Path Finder in

Use value in log file to draw chart

Dear Splunkies, I am very happy with Splunk so far, but ran into one issue, I stuck. I got a log file, containi...

by Explorer in

How to retrieve the latest related event from one sourcetype based on a common identifying field from another sourcetype?

I have 2 sets of events, sourcetype=user_profiles and sourcetype=app_opened which both share common identifiers ( id ...

by Explorer in

How do I insert several aggregated values (say sum of a field/column) in several places in a table listing?

I have simple search that lists selected fields. however, I need to insert aggregates (like sum, count) of one filed/...

by New Member in

How to search for three different actions: Browse, View, and Download?

Hi guys, First off I'd like to apologize for the lopsided question as I am kinda unsure of what I was asked to do!...

by Communicator in

Splunk 6 geostats

was trying to run in geostats command and see the return result. however keep getting the below error WARN: Forc...

by Explorer in

How to update a lookup table using a scheduled search by appending results, not replace the old data?

Hi, I have one scheduled search which saves the output in a file "filename.csv" at specific interval of time. inde...

by Builder in

Search failing to show last formula

Hi, I am trying to add each of the scores being pulled through and / to get the average here is my search (I am...

by Path Finder in

Monitor File Count and Age within a folder without indexing

Im a Splunk newb and i am trying to find the best way to use Splunk to monitor an FTP Home Folder. I do not care abou...

by New Member in

calculate average value based on multiple search and static value

Hi, I am still working on my SANS dashboard and am looking to create a value based upon multiple searches and stat...

by Path Finder in

transaction or join where the search field changes but another field is common

Hi I have a log with entries similar to below 11:32:12,988 INFO [LOG TYPE: REQUEST] [REQUEST ID:46783e96-e146-4d35...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Tstats sort and get top values

Search using NOT

Passing search result fields into a drilldown search through a drilldown link?

Chart Overlay in 6.0 - Horizontal Information Lines

Field in field

iplocation draws blank

Subsearch on results

Why are users automatically getting logged out of Splunk the past few days and any running searches have to be re-run?

Will splitting our data into separate indexes provide better performance of real-time searches?

Search for a string containing X

How to get my python script to trigger through a Splunk search?

Find events that occur after the time returned from a subsearch for a specific field

Regex If Statement Help

Strange behavior in regex extraction

How to configure timestamp recognition for JSON data inputs?

Use value in log file to draw chart

How to retrieve the latest related event from one sourcetype based on a common identifying field from another sourcetype?

How do I insert several aggregated values (say sum of a field/column) in several places in a table listing?

How to search for three different actions: Browse, View, and Download?

Splunk 6 geostats

How to update a lookup table using a scheduled search by appending results, not replace the old data?

Search failing to show last formula

Monitor File Count and Age within a folder without indexing

calculate average value based on multiple search and static value

transaction or join where the search field changes but another field is common

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions