Splunk Search

Discussions

Thread Info

Where can I find information on searching in Splunk such as syntax and available commands?

How can I give Search commands in Splunk search bar ? Is there a specific syntax for that ? Is there a list of ava...

by New Member in

Why are fields not being extracted for some events with no apparent pattern?

We are not getting extracted fields for some events and there's no apparent pattern as to why. These are all simple e...

by New Member in

query to find the values 3 to 5 secs, 7 to 9 secs and above 9 secs in percentage.

hi, please help me in query to find the values of transactions between 3 to 5secs, 7 to 9 secs and above 9 secs in pe...

by Explorer in

How to write regex to extract fields at search-time?

Hi- I have the sample logs below and I want the output to be in this format. 1st Columns = BatchJobsName 2nd C...

by Path Finder in

How to sort the output with deliminator as ","

Hi I want to search the output with sorted result which has output as below 2014.09.08 02:52:07.559,2014.09.08 ...

by New Member in

How to setup alert to send an email when daily indexing volume limit is exceeded?

Hey there, I'm trying to set up a custom alert that would send out an email whenever the daily indexing volume is ...

by Path Finder in

How to map values from log files with no key-value structure to custom fields?

Hi Splunkers, I have a number of log files which do not have key:value structure to them. How do I map those values t...

by Path Finder in

How to chart each data point by another field without any stats function transformation?

I think I'm having a brain fart. I want to chart each data point by an address. I don't want (avg, sum, max, min, etc...

by Communicator in

How do you use multi value tags in eval?

I getting an eval error when I'm trying to use eval on a host tag. "Error in 'eval' command: The expression is malfor...

by Communicator in

Add a Date field to a ref table that doesn't have a date field that gets updated once a month so that it will can be used as a subquery

Howdy from Dallas Texas, I have an employee info table that gets indexed in splunk once a month and has no date field...

by Explorer in

How to display percentages with time duration data in timechart to visualize performance changes?

We have an image processing service, and from the service logs I can calculate the duration in seconds of processing ...

by Path Finder in

How to search and calculate the average for the top 70 percent of a field?

How to calculate the average for top 70%. A field in log contains a value. I need to ignore the least 30% and then ca...

by Engager in

Only show every 7th day in timechart

Currently I have the following - index="mysql_uc_orders" earliest=-7d@d latest=now | bucket span=1m _time | timech...

by New Member in

How to compare same fieldname in two sources, but only return results if other fields are different?

Hi, I'm trying to compare one field "primaryKey" in two sources; "sourceA" and "sourceB". There are other fields f...

by Communicator in

How to ensure upgrade of saved search, which was modified by customer and is now in local folder while customer upgrades app?

A customer installs version 1 of my app. Uses the Splunk Web UI to make changes to one of the saved searches. This se...

by Path Finder in

Define sourctype based on the host - via a lookup?

We have many different data sources which can only send on 514 UDP. I need to define the sourcetype based on the h...

by Path Finder in

difference betwen output and outputnew in splunk lookup

Could anyone please let me clear with the following basic questions? 1. What is the difference between output and out...

by Communicator in

How to extract field values in a search and format in a table?

Hi I am new to splunk I wanted to extract data from logs that have a particular string with a value and only return d...

by New Member in

Replication and Search factor

Hi Splunkers, Question about replication factors and search factor in cluster environment. If I have 8 indexers...

by Path Finder in

How to get result for device grouped by two different fields

I have the following scenario: x number of devices connected to 8 different nodes. The 8 nodes are connected to 3 ...

by Path Finder in

The lookup table 'account_default_list' does not exist

Hello all, Does anyone has ever encontered the error below [splunk-lar-01.grupo-buscape.com.br] Streamed search...

by Splunk Employee in

So many lookups, so many errors : The lookup table `XXX` does not exist.

I have once a while errors with lookups that shows in the UI when searching. example : The lookup table 'e...

by Splunk Employee in

How to change format for _time field values to display in timechart report?

Hi, I am trying to create a timechart report and I want to manipulate the output of the _time field so instead of rea...

by Explorer in

How to search transaction events to accurately calculate session/conference duration?

Trying to find a way to "transaction" the data like below. However because of the way the data flows we are essential...

by Explorer in

How to combine two separate date and time fields into one timestamp field?

Hi, I have two separate fields that I'd like to combine into 1 timestamp field. The fields are formatted "YYMMDD" ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Where can I find information on searching in Splunk such as syntax and available commands?

Why are fields not being extracted for some events with no apparent pattern?

query to find the values 3 to 5 secs, 7 to 9 secs and above 9 secs in percentage.

How to write regex to extract fields at search-time?

How to sort the output with deliminator as ","

How to setup alert to send an email when daily indexing volume limit is exceeded?

How to map values from log files with no key-value structure to custom fields?

How to chart each data point by another field without any stats function transformation?

How do you use multi value tags in eval?

Add a Date field to a ref table that doesn't have a date field that gets updated once a month so that it will can be used as a subquery

How to display percentages with time duration data in timechart to visualize performance changes?

How to search and calculate the average for the top 70 percent of a field?

Only show every 7th day in timechart

How to compare same fieldname in two sources, but only return results if other fields are different?

How to ensure upgrade of saved search, which was modified by customer and is now in local folder while customer upgrades app?

Define sourctype based on the host - via a lookup?

difference betwen output and outputnew in splunk lookup

How to extract field values in a search and format in a table?

Replication and Search factor

How to get result for device grouped by two different fields

The lookup table 'account_default_list' does not exist

So many lookups, so many errors : The lookup table `XXX` does not exist.

How to change format for _time field values to display in timechart report?

How to search transaction events to accurately calculate session/conference duration?

How to combine two separate date and time fields into one timestamp field?

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...