Splunk Search

Ask a Question

Discussions

Thread Info

getting vice-versa hostnames from events

Hi all, I'm getting in events looking like this from host srv01.dev.web.env env_web_dev_srv01.cpu-0.cpu-idle 97...

by Builder in

Extract help...

Hi, We log our filesystem utilization to Splunk, and I'd like to extract percentage used field, but the formats fo...

by Champion in

How to create a stat table that has columns that represent the same time range per week.

I have this basic query and would like to create a stat table that shows the result for the last 3 weeks for the same...

by New Member in

streamstats sum() by not functioning as expected

Hi, I have the following search, which is attempting to add up the number of dropped and processed syslog messages...

by Explorer in

Compare multi value field with an external file

I have a multi value field that looks similar to below [a,b] [a,b,c] [b,c] .... so on For each event , I want to ...

by Explorer in

Get Percentage of Network bandwidth

I'm looking to define a query that allows me to query the Network Interface for all my machines and create a percenta...

by Explorer in

get size/bytes of log events and the number events by direction (request/response)

I am trying to get the number of requests/response that we send/receive to/from one application and the combined size...

by Path Finder in

Why is the markup all jacked? It seems to be switching my valid lessthan/greater than symbols to html entities even when marked as code!

example: <myfield>

by Splunk Employee in

How can I create a third field based on unique combinations of two other fields

Hello all, I am really new to Splunk and cannot for the life of me figure this one out. Unfortunately, Googling arou...

by Explorer in

Date Parsing

Dear all, I am collecting some application logs as below. Splunk can parse my log very well if the timestamp sh...

by Explorer in

Customize sourcetype display

Im monitoring 2 harddrive usage from a server. This is my query : index="perfmon7days" earliest=-60m sourcetyp...

by New Member in

Why does _time bucket give different results depending on how the data is sorted?

The following search returns two values (yesterday (1430780400) and today(1430866800)): earliest=-d@d index=_internal...

by Communicator in

Search Top Field If exists

I'm very new to Splunk, and I'm trying to figure out a way to search by different top fields, depending on whether th...

by Engager in

Why fields from CSV are not being extracted?

I'm getting data from forwarders that are polling a CSV file. However the fields from the CSV are not being extracted...

by Path Finder in

Subquery Event count in not work i need to count sub query

i create query in which i search unique no of values of one field and that unique value join to other query they work...

by Communicator in

How to pass one field from a real-time search result as variable on a dashboard?

Hello Splunkers! I have a dashboard (with js) with some real-time search. This search always returns only one resu...

by Communicator in

DBConnect Events Truncate Despite props.conf

It seems that DBConnect inputs does no respect the props.conf configuration for event truncation. Example props: ...

by Explorer in

Best Practices to join two child objects of a data model

We have a situation where we need to join two child objects of a data model. Both child objects have separate index a...

by Contributor in

use subsearch

hi every one, I want to make a search that could give me the same result of SQL Querie select id_product from ...

by Communicator in

How to SUM each row that contain comma

Hii All, I'm new on Splunk and my english isn't too good, so I'm sorry if any mistake in here. I have a file va...

by New Member in

Pass search results to another search

I have the following search index=linux_syslog netgroup=my_servers* user@email.com | rex field=_raw "sendmail\[\d...

by Engager in

sort ip's within stats values function

I am trying to figure out a way to sort the source ip's that are in my stats values results. Just adding a simple sor...

by Path Finder in

Strange behaviour with count in stats when using macros

I have a macro which is in the format: match($field$,"regex1") OR match($field$,"regex2") OR ... When I use it...

by Explorer in

use of NOT operator

I have the following search to search file1 & file2 who have MY_ID as common field. (source="file11" keyword1 ) OR...

by Explorer in

How to query Splunk API to only search for data for a particular time range?

i am trying to query splunk api from a c# application for a particular DateTime Range using below query search ind...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

getting vice-versa hostnames from events

Extract help...

How to create a stat table that has columns that represent the same time range per week.

streamstats sum() by not functioning as expected

Compare multi value field with an external file

Get Percentage of Network bandwidth

get size/bytes of log events and the number events by direction (request/response)

Why is the markup all jacked? It seems to be switching my valid lessthan/greater than symbols to html entities even when marked as code!

How can I create a third field based on unique combinations of two other fields

Date Parsing

Customize sourcetype display

Why does _time bucket give different results depending on how the data is sorted?

Search Top Field If exists

Why fields from CSV are not being extracted?

Subquery Event count in not work i need to count sub query

How to pass one field from a real-time search result as variable on a dashboard?

DBConnect Events Truncate Despite props.conf

Best Practices to join two child objects of a data model

use subsearch

How to SUM each row that contain comma

Pass search results to another search

sort ip's within stats values function

Strange behaviour with count in stats when using macros

use of NOT operator

How to query Splunk API to only search for data for a particular time range?

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!