Splunk Search

Discussions

Thread Info

How do I create a table or other output of total process durations with multiple subprocess durations

I have log data like this: 2015-04-22 14:10:02,351 [ACTIVE] PerfLogger [CCID] - Message: subprocess.name.1; Duration:...

by Explorer in

Automatically group events into transactions, or: reassemble lines (before indexing) based on shared field

Hey folks, I have a web application that logs several log lines per request. Each line is tagged with the request ...

by New Member in

How to get 1 row per bucket in a timechart

Currently, a log file is being written to every 5 minutes that displays each user logged in at that specific point in...

by Communicator in

I extracted a new field and validated it from a csv file. How do I see and use it for searches?

Hi, I am new to Splunk, but I already like its features. I was trying to extract a field from my loaded .csv file...

by Contributor in

Why are fields showing as undefined with values of price, magic, and relevance from production apache access logs index?

What is going on here? All fields are technically working correctly, as I can filter by them, use them in stats or...

by Engager in

Dedup duplicates

Hi, what is the easiest way to filter out event duplicates without adding every field in the dedup command? Is | d...

by Motivator in

How do I join 2 or more search results together on fields with different names?

For example, on one result I have a field 'Transactionid' equal to '12345' and on another result I have a field 'tran...

by New Member in

Is there internal Splunk data I can search to find the latest timestamp when an app from Splunkbase was installed?

Is there a splunk search that I can use to find the latest timestamp when an app was installed? Is there an internal ...

by Communicator in

how to get incomplete transactions

Hi, I need small help from you, I am calculating duration of each transaction of on userid. My query: index=...

by Communicator in

How to compare data for a scheduled search for the past 1 hour with the previous 24 hours?

Hi, I have two scheduled searches that run every 1 hour with retroactive time interval (earliest = -1h). I need to...

by Communicator in

timechart bug? (placement of 'span' in the search bar)

One of my users is having an issue with timechart ... (host=aaa6* OR host=bbb24*) "[string to filter search]" (E=0...

by Contributor in

Extract firewall ip as host instead of CLM name

The app seems to extract the CLM hostname as the host field. I think it would be better to extract the firewall ip or...

by Path Finder in

How to use subsearch with eval to execute a search containing another subsearch?

Hello, I would like create a search based on variables. My current search: | stats count | eval search="i...

by Engager in

Is there a better way to filter on multiple values than my current search?

Hello, I have the following event entries: NAME=A;VAL=15; NAME=A;VAL=5; NAME=B;VAL=15; NAME=C;VAL=15; NAME=C;VA...

by Engager in

How to create a token from a field (email_id) and pass the token to the sendemail command in an inline search?

Hi experts I have one search where I am extracting username from a Windows event and using a static lookup table t...

by Explorer in

How to plot a chart for the closing stock price on each business day from my JSON data?

Basic search source="outdb.json" sym=TSCO.L returns the below records: Time Event 01/08/2014 00:00:00.000 ...

by New Member in

Postprocess Search based on Saved Search in Dashboard ignores all attempts to set time

So I need to get the latest sales stats by country over many different timescales (like right now, so far today, last...

by Path Finder in

Find splunkd Port From Custom Search Command

I have a custom search command that goes and hits the splunkd API. This works great in my dev environment where I can...

by Splunk Employee in

Splunk ignores and truncates thousand separator commas in automatically identified numeric field

We have splunk spit out log statements like latency=1,840 . Splunk identifies latency = 1 latency=524 . Splunk identi...

by New Member in

rex command to extract fields from field( Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some text on some text.............)?

rex command to extract fields from Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some ...

by New Member in

Why does increasing the value of maxopentxn reduce the number of returned transaction events?

I run transaction command in the following manner: ... | transaction tlsid maxpause=15m maxevents=-1 keepevicted=1 mv...

by Communicator in

How to search new values for a field (exception) in the last 7 days which were not present the 7 days prior?

index=dotcom source=*system* *exception* earliest = -7d NOT [search index=dotcom source=*system* *exception* earliest...

by Path Finder in

How do I create an evaluated expression based on an aggregate in the Pivot?

I'm currently building a report using Pivot tables. I'm trying to get my data model to look like this: GroupName ...

by Path Finder in

Display multiple event duration as columns with sequence number

I'm trying to calculate duration of stepAStart to stepAEnd and display them as columns with sequence number (eg StepA...

by Explorer in

eval mean(something) when data is split by another field

I'm looking to build some reports around error counts in our system. I've got a splunk search which returns an error ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I create a table or other output of total process durations with multiple subprocess durations

Automatically group events into transactions, or: reassemble lines (before indexing) based on shared field

How to get 1 row per bucket in a timechart

I extracted a new field and validated it from a csv file. How do I see and use it for searches?

Why are fields showing as undefined with values of price, magic, and relevance from production apache access logs index?

Dedup duplicates

How do I join 2 or more search results together on fields with different names?

Is there internal Splunk data I can search to find the latest timestamp when an app from Splunkbase was installed?

how to get incomplete transactions

How to compare data for a scheduled search for the past 1 hour with the previous 24 hours?

timechart bug? (placement of 'span' in the search bar)

Extract firewall ip as host instead of CLM name

How to use subsearch with eval to execute a search containing another subsearch?

Is there a better way to filter on multiple values than my current search?

How to create a token from a field (email_id) and pass the token to the sendemail command in an inline search?

How to plot a chart for the closing stock price on each business day from my JSON data?

Postprocess Search based on Saved Search in Dashboard ignores all attempts to set time

Find splunkd Port From Custom Search Command

Splunk ignores and truncates thousand separator commas in automatically identified numeric field

rex command to extract fields from field( Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some text on some text.............)?

Why does increasing the value of maxopentxn reduce the number of returned transaction events?

How to search new values for a field (exception) in the last 7 days which were not present the 7 days prior?

How do I create an evaluated expression based on an aggregate in the Pivot?

Display multiple event duration as columns with sequence number

eval mean(something) when data is split by another field

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions