Splunk Search

Ask a Question

Discussions

Thread Info

How to calculate interval sum for repeated event pairs

Hi, I'm a Splunk newbie. Can anyone help me with this. Thanks. For the following events, I need to calculate the s...

by Explorer in

How to count a sequence of events to track the number of consecutive SUCCESSes and FAILUREs?

Hi: I'm trying to count a sequence of events. Our events have a field status that can be either 'SUCCESS' or 'FAIL...

by Explorer in

Why can't I capture the correct timestamp for events with my current regex?

Hi guys, I'm having trouble in getting the right timestamp from my log file. Please refer to this image .. http:/...

by Contributor in

IPv6 support in iplocation

Hi, Does Splunk provide support for IPv6 addresses while looking up using iplocation? Is there any option that we ...

by Communicator in

Search unique values - from index that has 25+ million lines

Here is my usecase: log lines are comma separated and have teamname, location, and other fields I would like to ge...

by Path Finder in

How to do sum or count of all my fields one time?

hi. i have more 15 fields in my events with different field name. ex: field1 field2 field3 ... fieldn i want do su...

by Path Finder in

Why are we seeing different search results in a multisite indexer cluster when running the same search from Site1 versus Site2?

In a 2 site Indexer Cluster, the issue is that they are getting different search results when using the same search i...

by Communicator in

Is there any disadvantage to keeping certain events in separate indexes?

Everything goes into the default "main" index now. I'm thinking of moving IIS log events into a new index called "iis...

by Path Finder in

How to extract all unique values from a multivalue field in one event?

Hi I want to extract field values that are distinct in one event. I managed to extract all the field values in the...

by Builder in

How to write a search with the regex to extract strings of URL IDs and create a pie chart with this field?

Hello, I have data in Splunk Cloud which has a path=/api/versions/:version_id where version_id can be anything acc...

by Explorer in

CMD search not working

Tryin to run a quick test of a search from the command line(Putty) NOT CLI results in command not found. I know I'm p...

by Builder in

How to search the average number of transactions by hour by day?

Am doing the following trying to get the average number of transactions by hour by day: | bucket _time span=1h | ...

by Contributor in

How to pass search results to an R function?

Hi, I unsuccessfully tried the following approach: sourcesystem=ABCD earliest=1313131313 latest=1313161616 | r " s...

by New Member in

How do I create a search that dynamically finds a targeted variable in the results, then uses it to find more results?

I've been struggling with this one for about a week now. I would like to create a search on a dashboard that show...

by Explorer in

Why am I unable to apply index-time field extractions through props.conf and transforms.conf to incoming data?

I am trying to add an index-time extraction to a current data input by going to Setting > Data Inputs > TCP > [TCP PO...

by Explorer in

When is Cheryl's Bday?... According to Splunk

Well this is interesting, as you know there is a logic problem posted in many sites about the age of a girl named Che...

by Path Finder in

Fields have disappeared

I had a log file that I generated fields for and it worked fine. The log file was not updated for two weeks. When it ...

by Builder in

Examples using kvform?

Does anyone know of any examples of using the kvform search command. The kvform docs seem a bit sparse to me, and I h...

by Super Champion in

Is it possible to create an alert that depends on another alert to be triggered?

Hi Guys, I am asking this question out of curiosity (don't even know if this is possible!). The question is: Is...

by Path Finder in

IPv6 subnets and splunk searchs

Splunk today is IPv4 subnet aware so that if you do a search with something like ip_address = 10.0.0.0/24 .. splunk k...

by Path Finder in

What does the 10 do in the XML for my dashboard chart?

Just looking through some of my old dashboards and came across the below chart in XML. I was wondering what does 10 ...

by Motivator in

How do I report on all changes in the value of a field over time?

I'm looking to report on all changes in a field value, and I know of a way to report just the first and last field ch...

by New Member in

Why are my props and transforms not extracting fields when I search my index with events of custom apache logs with client certificates?

I've got an instance of Apache that is processing client certificates for the remote user identity. I want to log the...

by Explorer in

How to graph a field with a string of multiple comma separated values?

My database consists of many different source files, each associated with a different test, and each has different fi...

by New Member in

How do I convert the format the of the timechart y-axis values to percent?

I have a search that is a timechart and the y-axis is showing a min of 0 and a max of 1, with 0.25, 0.5, 0.75 in betw...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate interval sum for repeated event pairs

How to count a sequence of events to track the number of consecutive SUCCESSes and FAILUREs?

Why can't I capture the correct timestamp for events with my current regex?

IPv6 support in iplocation

Search unique values - from index that has 25+ million lines

How to do sum or count of all my fields one time?

Why are we seeing different search results in a multisite indexer cluster when running the same search from Site1 versus Site2?

Is there any disadvantage to keeping certain events in separate indexes?

How to extract all unique values from a multivalue field in one event?

How to write a search with the regex to extract strings of URL IDs and create a pie chart with this field?

CMD search not working

How to search the average number of transactions by hour by day?

How to pass search results to an R function?

How do I create a search that dynamically finds a targeted variable in the results, then uses it to find more results?

Why am I unable to apply index-time field extractions through props.conf and transforms.conf to incoming data?

When is Cheryl's Bday?... According to Splunk

Fields have disappeared

Examples using kvform?

Is it possible to create an alert that depends on another alert to be triggered?

IPv6 subnets and splunk searchs

What does the 10 do in the XML for my dashboard chart?

How do I report on all changes in the value of a field over time?

Why are my props and transforms not extracting fields when I search my index with events of custom apache logs with client certificates?

How to graph a field with a string of multiple comma separated values?

How do I convert the format the of the timechart y-axis values to percent?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions