Splunk Search

Ask a Question

Discussions

Thread Info

How to use subsearch with eval to execute a search containing another subsearch?

Hello, I would like create a search based on variables. My current search: | stats count | eval search="i...

by Engager in

Is there a better way to filter on multiple values than my current search?

Hello, I have the following event entries: NAME=A;VAL=15; NAME=A;VAL=5; NAME=B;VAL=15; NAME=C;VAL=15; NAME=C;VA...

by Engager in

How to create a token from a field (email_id) and pass the token to the sendemail command in an inline search?

Hi experts I have one search where I am extracting username from a Windows event and using a static lookup table t...

by Explorer in

How to plot a chart for the closing stock price on each business day from my JSON data?

Basic search source="outdb.json" sym=TSCO.L returns the below records: Time Event 01/08/2014 00:00:00.000 ...

by New Member in

Postprocess Search based on Saved Search in Dashboard ignores all attempts to set time

So I need to get the latest sales stats by country over many different timescales (like right now, so far today, last...

by Path Finder in

Find splunkd Port From Custom Search Command

I have a custom search command that goes and hits the splunkd API. This works great in my dev environment where I can...

by Splunk Employee in

Splunk ignores and truncates thousand separator commas in automatically identified numeric field

We have splunk spit out log statements like latency=1,840 . Splunk identifies latency = 1 latency=524 . Splunk identi...

by New Member in

rex command to extract fields from field( Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some text on some text.............)?

rex command to extract fields from Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some ...

by New Member in

Why does increasing the value of maxopentxn reduce the number of returned transaction events?

I run transaction command in the following manner: ... | transaction tlsid maxpause=15m maxevents=-1 keepevicted=1 mv...

by Communicator in

How to search new values for a field (exception) in the last 7 days which were not present the 7 days prior?

index=dotcom source=*system* *exception* earliest = -7d NOT [search index=dotcom source=*system* *exception* earliest...

by Path Finder in

How do I create an evaluated expression based on an aggregate in the Pivot?

I'm currently building a report using Pivot tables. I'm trying to get my data model to look like this: GroupName ...

by Path Finder in

Display multiple event duration as columns with sequence number

I'm trying to calculate duration of stepAStart to stepAEnd and display them as columns with sequence number (eg StepA...

by Explorer in

eval mean(something) when data is split by another field

I'm looking to build some reports around error counts in our system. I've got a splunk search which returns an error ...

by Path Finder in

How to extract fields and assign values from my data with the field extractor utility?

I have a custom file which we don't have problems searching certain "strings" within, but what I cannot figure out is...

by Engager in

Join two searches by different field names

I have a search I'm running which now works fine index="ecom" eventName=pageLoad | regex referrer="^http://www.exa...

by Path Finder in

Field extraction regex expression to pull information after a pattern

I am trying to get regex working for a field extraction on some SSRS logs I have indexed in our deployment. My goal i...

by Path Finder in

How do I customize the output of emailed search results?

Below is the Message I get from Search Results: 2015-04-23T15:39:28.3177658-04:00 0049 (Handler #32, Sync/TEST1.xm...

by New Member in

Search for value in field after stripping characters

Not sure how best to word the question but below is what I am trying to do - feel free to edit the question header. ...

by Path Finder in

strptime is not returning proper results

Hi All, I have a lookup file which contains 2 columns such as "hour (HH:MM)" and "job" hour job ------...

by Explorer in

Why is nullQueue not working with regex?

I am trying to pull in Windows DNS logs, but drop all internal requests. I have been able to get the logs in, and hav...

by Explorer in

How to automate a search to compare the past 24hrs in test with the last 30 days in production?

earliest=-30d@d latest=@m sourcetype=Apps (sub_source!="'A'" AND sub_source!="'B'") AND (((Hosted="TEST") A...

by Explorer in

how to get number of concurrent sessions per minute

Hi , How to get number of concurrent sessions per minute. My transaction started with beginning session and ends w...

by Communicator in

Why am I unable to extract 2 fields from source at index-time with my current configuration and regex?

All my log files are in foldes named: c:\blah\something\myapp_test\logs\somelogfile.log => app=myapp => env=t...

by Communicator in

How can I check for a URL query parameter NOT being passed

This is a follow-on question to http://answers.splunk.com/answers/228254/how-to-search-the-total-number-of-hits-to-ur...

by New Member in

Ignore results that do not appear in a separate search

A quick run down of what I want first: I have a bunch of data flowing in for production, test, and training environme...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use subsearch with eval to execute a search containing another subsearch?

Is there a better way to filter on multiple values than my current search?

How to create a token from a field (email_id) and pass the token to the sendemail command in an inline search?

How to plot a chart for the closing stock price on each business day from my JSON data?

Postprocess Search based on Saved Search in Dashboard ignores all attempts to set time

Find splunkd Port From Custom Search Command

Splunk ignores and truncates thousand separator commas in automatically identified numeric field

rex command to extract fields from field( Message=Document 345, Microsoft Word Text owned by first.last on abc1234 was some text on some text.............)?

Why does increasing the value of maxopentxn reduce the number of returned transaction events?

How to search new values for a field (exception) in the last 7 days which were not present the 7 days prior?

How do I create an evaluated expression based on an aggregate in the Pivot?

Display multiple event duration as columns with sequence number

eval mean(something) when data is split by another field

How to extract fields and assign values from my data with the field extractor utility?

Join two searches by different field names

Field extraction regex expression to pull information after a pattern

How do I customize the output of emailed search results?

Search for value in field after stripping characters

strptime is not returning proper results

Why is nullQueue not working with regex?

How to automate a search to compare the past 24hrs in test with the last 30 days in production?

how to get number of concurrent sessions per minute

Why am I unable to extract 2 fields from source at index-time with my current configuration and regex?

How can I check for a URL query parameter NOT being passed

Ignore results that do not appear in a separate search

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions