Splunk Search

Discussions

Thread Info

Date comparison

Hello, I would like to compare two dates: log_time 08/Dec/2014:15:36:34 +1100 _time 2014-12-08 15:36:34 It i...

by Path Finder in

is it possible to have multiple levels at x-axis for chart

I am able to create a timechart graph successfully of what I need. The timechart displays the data for each day. Now ...

by New Member in

How do I include fields from a lookup table to charted data?

I'm using this search to retrieve indexing data by month; index="_internal" source="*metrics.log" group="per_host_...

by Path Finder in

How to edit my search to get a tabular report?

When I try the following with last 30 days in the search I run into problems: SourceName="sname" Message="**" | bu...

by Explorer in

75th percentile caluclation

I need to calculate 75th percentile by minutes Time: 11:12 magnitude 3.4 Time: 11:12 magnitude 4.4 Time: 11:12 mag...

by New Member in

Add an incremental number field in search output

HI, I just want to ask if it's possible to have an incremental number in my output table in splunk search? Example...

by Communicator in

How to find average power consumption from two sourcetype?

Hai friends, I have logged two SIMILAR files in splunk, which contains details of different meters like voltage,cu...

by Explorer in

searchpeers folder filling up /opt/splunk..what could be the cause??

/opt/splunk/var/run/searchpeer is filling up the SPLUNK home

by Engager in

Splunk DB Connect: Is it possible to restrict users from running dbquery command, but still access the dashboard/report populated by dbquery?

I am looking for a way to restrict users to run "dbquery" command but still be able to access the dashboard/report th...

by Explorer in

Inline Variable Definitions and Expansions With Eval

Hiya, I swear I knew how to do this without macros, which seem like overkill, but I've lost it. Here's a simple ex...

by Path Finder in

Classify results into a defined group

I need to group results and give it another name as a result. For example, I have the following fruits and the num...

by Explorer in

Useing Transaction To Track VPN Open Sessions

I am tracking open session VPN activity VPN activity can be over long periods of time. I am traking the user activ...

by Motivator in

How to augment |top output with additional searches/results?

I'd like to combine/add/include the results of a search to each item of a top 10 search for data like: msg="error ...

by New Member in

Left Join not Returning all Results on Right Side

Ok, y'all, I'm completely flummoxed. Simplified: I have two sourcetypes ("a" and "b"). Each sourcetype has 500,000...

by Explorer in

How to shift a timechart's bucket span=1d to start at a point other than 12AM?

Hi, I want to use Timechart to track daily use, but sometimes the daily data won't arrive until 12 AM (time to compil...

by Path Finder in

Create multivalue field from single number

For a simple example of the concept, let's consider Linux file permissions encoding of read, write and execute into a...

by Motivator in

How to edit my search to get a tabular report for the last 30 days?

I am trying to create a report table like the following: Exception Name 1Jan 2Jan 3 Jan ....30Jan Exception 1 100 ...

by Explorer in

Count Occurrence of string from raw log

I am trying to count occurrences of events from raw logs. Basically, if the log contains the string "MediaFailed", th...

by Explorer in

How do I sum 2 field extractions if only one field extraction exists per log?

Hi So I've used Field Extractions to name 2 different fields in my logs: "dealtCurrency" and "dealtCurrencyDefault...

by Path Finder in

Need help with multiple field extractions

Wanted to know the best way to extract multiple fields along with their associated values. I have a log that I need t...

by New Member in

How to configure transforms.conf and regex to only index lines that do not start with "aa" and send these lines to an index called "AAA"?

Hi, I have a file which has a data in which many lines are starting with "aa", so I don't want to index all the li...

by Contributor in

Extract Multiple Fields with Regex

I would like to extract fields in the response field dynamically by using "<_KEY_1" "<_VAL_1>" in transforms.conf ...

by Explorer in

Why Hunk's field extractor behaves differently in Smart Mode vs Fast Mode?

My data files are in Avro, and I have a props.conf that looks like [source::/logs/...] sourcetype = api [api] KV_...

by Path Finder in

Is there anyway to modify a field name automatically at search time configuring props.conf and transforms.conf?

Is there anyway I can modify a field name at search time ? I have a field "client__phone" (with double underscores...

by Explorer in

How to chart when using multiple matches

I have a search which matches multiple values and produces two events as a list. I'd like to basically make it so tha...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Date comparison

is it possible to have multiple levels at x-axis for chart

How do I include fields from a lookup table to charted data?

How to edit my search to get a tabular report?

75th percentile caluclation

Add an incremental number field in search output

How to find average power consumption from two sourcetype?

searchpeers folder filling up /opt/splunk..what could be the cause??

Splunk DB Connect: Is it possible to restrict users from running dbquery command, but still access the dashboard/report populated by dbquery?

Inline Variable Definitions and Expansions With Eval

Classify results into a defined group

Useing Transaction To Track VPN Open Sessions

How to augment |top output with additional searches/results?

Left Join not Returning all Results on Right Side

How to shift a timechart's bucket span=1d to start at a point other than 12AM?

Create multivalue field from single number

How to edit my search to get a tabular report for the last 30 days?

Count Occurrence of string from raw log

How do I sum 2 field extractions if only one field extraction exists per log?

Need help with multiple field extractions

How to configure transforms.conf and regex to only index lines that do not start with "aa" and send these lines to an index called "AAA"?

Extract Multiple Fields with Regex

Why Hunk's field extractor behaves differently in Smart Mode vs Fast Mode?

Is there anyway to modify a field name automatically at search time configuring props.conf and transforms.conf?

How to chart when using multiple matches

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions