Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
djconroy

Looking for field values present in one index missing from another index?

I have one index with a field "MessageId" that is common with another index. I need to got through all the values of...
by djconroy Path Finder in Splunk Search 04-21-2015
0 4
0
4
mhng

Why is my current regex not extracting date and time fields from my log data?

Hi All I have a log file which contain some information that I need. I would like to extract the date_time which I h...
by mhng New Member in Splunk Search 04-21-2015
0 6
0
6
iKate

stacked100 option and percentage displaying

stacked100 option is good one in chart visualization. But seems it misses obvious thing - percentage labels in toolti...
by iKate Builder in Splunk Search 04-21-2015
0 2
0
2
fourkidsco

How to create a normalized histogram?

The data: The simplest example is signal strength per station attached to wireless access point. Every 5 minutes, si...
by fourkidsco Explorer in Splunk Search 04-21-2015
0 3
0
3
j666gak

How to set up a blacklist lookup to run searches against and alert if there are any matching field values?

Hello, I needed a blacklist to populate with IPs and URLs, so I created a lookup file called blacklist.csv. the Look...
by j666gak Communicator in Splunk Search 04-21-2015
1 11
1
11
nk-1

Why does a real-time search with a small time range not return any results in Splunk 6.1.3?

Sample Splunk Web search in Splunk 6.1.3 (Windows Server 2012): host=MyHost level=INFO | stats count always return...
by nk-1 Path Finder in Splunk Search 04-21-2015
0 4
0
4
jgpshntap

proper way to filter data in a search

Hi, i'm new to splunk but more used to powershell.. I want to filter my results based on fields, lag=yes What's the...
by jgpshntap Explorer in Splunk Search 04-21-2015
1 6
1
6
NPR

How to make a dashboard which shows systems activity such as percentage usage of processor, memory, disk, etc?

Hi. I want to show my system activity inside a dashboard named NPR_my_dashboard_activity. I want a search which s...
by NPR Path Finder in Splunk Search 04-21-2015
0 3
0
3
eirik_talberg

All searches default to "All time", even if option is disabled

We're currently running Splunk Enterprise 6.2 in one of our environments and whenever any search is done, the time ra...
by eirik_talberg Explorer in Splunk Search 04-21-2015
0 8
0
8
moiezuddin

How to extract time manually ?

What is the query to extract time manually for a span of minute?
by moiezuddin Explorer in Splunk Search 04-20-2015
0 4
0
4
metersk

How to change field names, while still maintaining the same data.

[search earliest=2/1/2015:00:00:00 latest=2/1/2015:23:59:59 ns=interaction (msg=yes direction=sent) OR (msg=match) | ...
by metersk Path Finder in Splunk Search 04-20-2015
1 1
1
1
shariinPH

Can I use an extracted date field as my _time for my time chart?

Splunk indexed my data and gets the timestamp by its Date Modified (modtime) Now in my events, I also have an extract...
by shariinPH Contributor in Splunk Search 04-20-2015
0 2
0
2
0YAoNnmRmKDg

Sankey d3 chart missing "middle" nodes

Hi Guys, longtime lurker, first time poster.... so after many hours of work and rework I surrender - I cant get San...
by 0YAoNnmRmKDg Path Finder in Splunk Search 04-20-2015
0 2
0
2
ng87

How to write a search to find hosts that perform web requests to the same site/url at an exact interval?

i am trying to think of a way to craft a search that will look for any hosts doing web-requests to the same site/url ...
by ng87 Path Finder in Splunk Search 04-20-2015
0 4
0
4
cmahan

How to Search for hosts that have not had an event from a certain SourceName?

I want to be able to list all computers that have not received an event of the type below in a given time frame. I t...
by cmahan Path Finder in Splunk Search 04-20-2015
2 9
2
9
JovanMilosevic

How to create an average on the position for each value in events (ex: Dog = position 1 and 5, Average for Dog = 3)?

Hi Wonder if any of the community can help me. I'm trying to create an average of some data, and running into proble...
by JovanMilosevic Path Finder in Splunk Search 04-20-2015
1 3
1
3
eandresen

How to edit my current search to filter out results from my chart?

I have been looking around for an solution to my question for a day now and I cannot seem to find a similar Answers p...
by eandresen Path Finder in Splunk Search 04-20-2015
0 11
0
11
sabithanitg

I am trying to create a report for displaying number of times, replacement of printer supply unit in 1 year, by calculating when the supply level is zero, by IP. Is there any one to help on this?

create a report for displaying number of times, replacement of printer supply unit in 1 year, by calculating when th...
by sabithanitg New Member in Splunk Search 04-20-2015
0 1
0
1
sarumjanuch

tostring (X, "duration") working wierd.

Why when i am using this function for big seconds values, i get something like: "1+06:29:32"? If this field is durat...
by sarumjanuch Path Finder in Splunk Search 04-20-2015
1 4
1
4
edrivera3

Why does my search work in the Search App, but not as an inline search in a dashboard?

Hi I have the following search that works correctly in the search app, but when I tried to include it as an inline s...
by edrivera3 Builder in Splunk Search 04-20-2015
1 3
1
3
nekbote

Why am I not getting expected results using the chart command with the syntax "chart sum(fieldA) over FieldB by index"?

Hi All, I am having issue with the search below. Hope you can point out where i am going wrong. index=index1 OR ind...
by nekbote Path Finder in Splunk Search 04-20-2015
0 2
0
2
udayk1

SEP Antivirus DAT versions in Splunk

I have tried to get the list of endpoints and servers which are not updated with the latest AV DAT versions in the ne...
by udayk1 Path Finder in Splunk Search 04-20-2015
0 2
0
2
cedmarjls32

How to Remove brackets and its content?

Hi all, I have a field named count2 with the following values : count2 12 32(30) 14 76(23) 3 As mentioned in the tit...
by cedmarjls32 New Member in Splunk Search 04-20-2015
0 4
0
4
hofer

Summary-Index: Is it possible to summary index the averages of two calculated fields in the same search?

So i got this report running all 15min and saving into my summary index: index=mbs_li host="vimapmop*" sourcetype=Me...
by hofer Explorer in Splunk Search 04-20-2015
0 3
0
3
MemoreX42

How to extract information from two rows in a search result

Hi experts, I am trying to find a way of extracting information out of a search result and combining this informatio...
by MemoreX42 Explorer in Splunk Search 04-20-2015
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...