Splunk Search

Discussions

Thread Info

Why search Takes more time?

I searched for sourcetype=java "xyz" it just returns 202 events and scanned events are 12452, it takes 8 minutes for ...

by Explorer in

Dealing with multiple fields from different sourcetype that have the same name

Hi, here is my problem : I have a sourcetype A with a field X and Z and a sourcetype B with a field Y and Z. The t...

by Path Finder in

how to calculate growth total

Can you please tell us, how to calculate growth total, We have values like downloads_total for each week, but we w...

by Builder in

Count for each ID depending on EXEC time

Hello, I'm searching a way to sort a number of events depending on the value of a field : One event has a field EX...

by Path Finder in

Search/Macro using a variable as a condition

Hi all, I am trying to use a variable as a search condition based on input in a text box. In order to make it simp...

by Communicator in

Stats by date

Hi , I need the below splunk search to be shown in stats. Stats should be in date wise. please help. | eventcou...

by Explorer in

How to check status of specific indexed file using .../services/admin/inputstatus endpoint?

I have imported "xyz "folder into splunk and after indexing I want to check status of particular abc.txt file from th...

by Explorer in

Why splunk do not scan all events to search a specific keyword?

Suppose I have 1 Lac events with sourcetype = java and i am searching for keyword "xyz" with query: sourcetype=java x...

by Explorer in

How to build a query to find the request and response of the main service and sub services

Hi, I have a request and response logs for service.here is the question. service A(main service)(id:1111): ---Inte...

by Explorer in

Rename a field based on the the value of another field?

If I have a table like the following and want to combine the values into a single row for further evaluation, how wou...

by Champion in

Group results by common value

Alright. My current query looks something like this: sourcetype=email action=accept ip=127.0.0.1 | stats count(sub...

by Engager in

combine two pieces of code

Hi, I have two pieces of codes executed in orders. The first piece generates a lookup table by "|outputlookup test...

by Path Finder in

RegEx to Find First Match of OR

Hi, banging my head... 04/22/2016 09:23:50,865 - ERROR - exception occurred --- FOO BAR Severity: Error Mes...

by Contributor in

How to create a timechart on license usage to show the max usage and the individual usage for each of our Splunk environments?

I have been trying to create a timechart on license usage. I did try this search below.. index=_internal source=*...

by Builder in

How to compute Windows service uptime and use those totals to produce an uptime percentage?

I am trying to determine uptime duration on Windows 7036 events. Below is sample data: TIME SERVICE STATE 10:00 sp...

by Engager in

How can I integrate the time constraint from my time input token in JavaScript for a table with expandable rows?

Hi, I have created a table with expandable rows: Code for the table: <form script="expand_alerts.js"> <lab...

by New Member in

Weekly change percentage query

Can you please help us to find the weekly change percentage, we have a splunk query index="mobileapps" sourcetype...

by Builder in

Stability issues with db connect 2 'The read operation timed out'

Hi, I'm running Splunk 6.3.1, db connect 2.0.6. Splunk was updated 2 days ago. This problem already showed up with ea...

by Explorer in

Extracting each value from a multi-valued field

I have a column with some information as follows traffic_location ABC 23 EFG RKY ABC 12 HIJ 23 ABD 23 HIJ 12 ABD...

by Communicator in

lookup faup url restricted specific fields

Hi everyone, I want to run this sourcetype=x | lookup faup url but am ONLY interested in url, url_scheme, url_p...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why search Takes more time?

Dealing with multiple fields from different sourcetype that have the same name

how to calculate growth total

Count for each ID depending on EXEC time

Search/Macro using a variable as a condition

Stats by date

How to check status of specific indexed file using .../services/admin/inputstatus endpoint?

Why splunk do not scan all events to search a specific keyword?

How to build a query to find the request and response of the main service and sub services

Rename a field based on the the value of another field?

Group results by common value

combine two pieces of code

RegEx to Find First Match of OR

How to create a timechart on license usage to show the max usage and the individual usage for each of our Splunk environments?

How to compute Windows service uptime and use those totals to produce an uptime percentage?

How can I integrate the time constraint from my time input token in JavaScript for a table with expandable rows?

Weekly change percentage query

Stability issues with db connect 2 'The read operation timed out'

Extracting each value from a multi-valued field

lookup faup url restricted specific fields

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month