Splunk Search

Discussions

Thread Info

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

I want to be able to create a column on the statistic tab that has 1 if it is the start of the transaction or a 0 if ...

by Communicator in

How to remove the row if the column is same?

Such as when I using the following search: sourcetype="xyz" status=* |stats dc(ID) by ID status |sort by ID I will ge...

by New Member in

Unable to view the field created using rex

string used in the search rex "(?i) Message= (?P[^.]+)" Event log form where im trying to extract "Message=The Win...

by New Member in

Splunk Health Report

How we can monitor and genrate daily or weekly Splunk Health Reports? Can Splunk daemon status be monitored?

by Path Finder in

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

index="xyz_order_line"|join ORDER_NUMBER_KEY[|inputlookup sample_lookup1.csv|where serial_no>0 AND serial_no<50001]| ...

by Explorer in

How to use time-base-lookup?

Hi,Splunk community. I have a question about time-base-lookup. I set following attribute to transforms.conf ...

by Communicator in

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

Hi, I have around 50-60 searches/reports that are required to run each month after a lookup is manually updated an...

by Contributor in

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

I know that Splunk can show me results for the last 24 hours. I also know that Splunk can show me results in real tim...

by Contributor in

How do I exclude multiple specific fields from search results?

I have a saved search that I alert on and there is certain events I don't want the alert to trigger for when it's com...

by Explorer in

Is it possible to change the date format when running search?

Hi, when I run any search the date format is MM/DD/YEAR. how can I change the format to appear as DD/MM/YEAR ?

by Explorer in

Value to the right of the y-axis

Dear experts! Happy new year to you all.  Got a strange thing when I am creating a timechart in Splunk in the pan...

by Path Finder in

Event break regex - match 19 digit number

Happy New Year everyone! Regex n00b here - I am struggling to break events for a particular source. Any help would...

by Contributor in

Dynamic field extraction based on other field data

My apologies if this is easy - I couldn't find a good example. I've got some log data that is mostly nicely format...

by Path Finder in

TcpOutputProc - Cooked connection to ip=x.x.x.x:9997 timed out

I have seen several threads opened with this issue, but nothing that fits the situation we are facing. This is ta...

by Path Finder in

Convert java millisecond to date

Hi, I am printing current time in java milisecond in logs which i want to show in splunk by converting that into ...

by Communicator in

Help with calculating IIS access logs time spent on site by ip

Hi guys, I'm working on calculating the average time spent by a user on a internal iis site in our environment. I...

by Path Finder in

Splunk lookup and scripts

I am in need of the following requirement. Could anyone help me with this? I need to extract the users for 200+ appli...

by Communicator in

How to edit my search for a sorted and separated top error list with a top customer list per each error?

I have a search which gives a top 5 list of faults (S3_call_error2) for a customer base. Instead of just showing the ...

by Communicator in

how to associate schema with data in hunk

The schema file and data file both reside on hdfs. Hunk is able to read the data file and show the raw data but it...

by New Member in

sendresults, more receipiens

Hello, how could I add more email recipients to one Report? Like cc: 123atmyhohme.com, 456atmyhome.com regards ...

by Path Finder in

How to Match Akamai WAF Info with Lookup Table?

One of my business partners wants to create a search on his Akamai data taking the Rule IDs from the WAS Info field a...

by Explorer in

Error in 'eval' command: The 'first' function is unsupported or undefined.

I have written the below search string: index=os source=interfaces | multikv fields RXbytes, TXbytes | eval firstR...

by Path Finder in

How to search for hosts with an issue where a type of event was not followed by another type within an hour?

Need to find hosts where an event of a type was not followed by event of another type within an hour I need to fi...

by Explorer in

How to format my data set to sort as a list of individual events by date field?

Hi all, Working in splunk 6.2.1 enterprise. I have the following dataset (simplified) SomeDateField Event1...

by Path Finder in

how to increment a value in eval function

I need to display the current hour and the current hour + 1 values in the chart and I am using the below eval functio...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

How to remove the row if the column is same?

Unable to view the field created using rex

Splunk Health Report

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

How to use time-base-lookup?

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

How do I exclude multiple specific fields from search results?

Is it possible to change the date format when running search?

Value to the right of the y-axis

Event break regex - match 19 digit number

Dynamic field extraction based on other field data

TcpOutputProc - Cooked connection to ip=x.x.x.x:9997 timed out

Convert java millisecond to date

Help with calculating IIS access logs time spent on site by ip

Splunk lookup and scripts

How to edit my search for a sorted and separated top error list with a top customer list per each error?

how to associate schema with data in hunk

sendresults, more receipiens

How to Match Akamai WAF Info with Lookup Table?

Error in 'eval' command: The 'first' function is unsupported or undefined.

How to search for hosts with an issue where a type of event was not followed by another type within an hour?

How to format my data set to sort as a list of individual events by date field?

how to increment a value in eval function

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!