Splunk Search

Discussions

Thread Info

Changing position of addtotals label Field

I'm using the addtotals command to sum values I have in a given column of a report. The total shows up just like I wa...

by Path Finder in

Why is the timerange in my CLI search not working properly in Splunk 5.0.6?

There are lots of questions in here, but none work correctly: Search: splunk search "@aol" earliest=02/01/2011:00:...

by New Member in

How do I construct a table with values being evaluated per number of field values?

I'm not sure I've used the correct terminolgy to ask a question, so I'll jump into example: input: Name,beers B...

by Path Finder in

setting event occurrences in relation with each other

Hi, I need to set the occurences of certain log events in relation with each other. Consider the following log ent...

by Path Finder in

When does splunk add double quotation in outputcsv?

Hi! I found that when you execute outputcsv in splunk (ver 5.0.3), some fields has double quotation but some does ...

by Communicator in

Exclude events which occur during a specific hour each day

Hi there, I have a query whereby I wish to return results over the previous week, but NOT within a specific couple of...

by Explorer in

How to write a search to filter and only return results for a field with a count greater than 2?

It seems that this should be a simple filter, but we cannot seem to find out how to do this in Splunk. We do a sea...

by Explorer in

How to make a table containing columns with non-empty values (or other criteria) from non-indexed data?

I'm doing this REST call to query the system for modular inputs: | rest /services/data/modular-inputs | table titl...

by Motivator in

Why can't the new field extractor utility for Splunk 6.2 find the regex for simple extractions?

I was initially excited about the new field extraction wizard, however the first time I used it, it failed to do one ...

by Builder in

How to break an incoming event into searchable fields?

I am struggling to figure out how to break an incoming event into [searchable] fields and am hoping someone could poi...

by Communicator in

how can I do field substitution

I have a multi value field as ns=n1,n2,n3 and n1,n2,n3 are also fields by themselves like n1=abc, n2=pqr, n3=xyz ...

by New Member in

What is 'source' supposed to show after a 'join' command?

Hello Splunkers, Just checking in to get a proof read and also see what the expected result in 'source' is suppose...

by Contributor in

What is the underlying representation of booleans in Splunk?

some_search | eval this_is_a_bool="TRUE" | eval is_it_a_bool=if(isbool(this_is_a_bool),"yes","no") Ultimately I a...

by Communicator in

How to add two fields using regex in transforms.conf to filter out certain events from checkpoint data?

Hi everyone, I need help to create a better regex in my transforms.conf. I am filtering checkpoint data in my Spl...

by Communicator in

field extraction for latency message

Hi All, Below is my search result to get datapower latency logs. I need to prepare a chart to display the response...

by New Member in

how i can convert my field value

I am getting this in output of the search index=* host="216.167.15.70" and getting dest_port field value as "ssh" , ...

by Builder in

How to make rows in red color of a search output If some condition met

I want to make rows in red color of a search output If some condition met like my search is index="siebel_mon" Source...

by Builder in

How to enable "Verbose mode" as default in advanced XML or change search query to return proper values?

First off I am running Splunk version 6.1 My input data is I have a total device count that is updated daily. I am...

by Explorer in

Need to show a report by extracting multivalued lines

I have multivalued lines in my log file like below abc\xFD123\xFDABC aus\xFDIND\xFDUK 12\xFD34\xFD56 I have to...

by Contributor in

What is the correct search syntax for my join NOT IN subsearch?

Hi I am trying something like this : select t1.field1 from table1 t1 where t1.id not in (select t2.id from tab...

by New Member in

Percentage between two searches (timecharts)

Hi I have a problem I hope someone can help me with.. I have two searches: one timechart for totalvolume per da...

by Explorer in

Determine numerical value belong to intervals which stored in static lookup

Hi! We've "broken" our heads on this. Let we have events with field NUM=100 NUM=150 And static lookup with ...

by Path Finder in

Calculations on Timechart Counts

Hello, everyone. I have a field known as EVENTTYPE and I’m doing a timechart based on the EVENTTYPEs found. So the...

by Communicator in

How can I calculate 2 different search result.

I have 2 search results and I like to calculate them. first is: host=Marketing-test1 source="/home/splunker/cli...

by Explorer in

How can I format my search to convert month/day column values into column headers?

I don't know how to word this request very effectivly so I will just show some examples... If anyone knows a better w...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Changing position of addtotals label Field

Why is the timerange in my CLI search not working properly in Splunk 5.0.6?

How do I construct a table with values being evaluated per number of field values?

setting event occurrences in relation with each other

When does splunk add double quotation in outputcsv?

Exclude events which occur during a specific hour each day

How to write a search to filter and only return results for a field with a count greater than 2?

How to make a table containing columns with non-empty values (or other criteria) from non-indexed data?

Why can't the new field extractor utility for Splunk 6.2 find the regex for simple extractions?

How to break an incoming event into searchable fields?

how can I do field substitution

What is 'source' supposed to show after a 'join' command?

What is the underlying representation of booleans in Splunk?

How to add two fields using regex in transforms.conf to filter out certain events from checkpoint data?

field extraction for latency message

how i can convert my field value

How to make rows in red color of a search output If some condition met

How to enable "Verbose mode" as default in advanced XML or change search query to return proper values?

Need to show a report by extracting multivalued lines

What is the correct search syntax for my join NOT IN subsearch?

Percentage between two searches (timecharts)

Determine numerical value belong to intervals which stored in static lookup

Calculations on Timechart Counts

How can I calculate 2 different search result.

How can I format my search to convert month/day column values into column headers?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions